udaya shankar
Page 1 of 4
10/12/2006
CMSC 414: HW 2 Solution and Grading
___________________________________________________________
1.
(text 5.1) Would it be reasonable to compute an RSA signature on a long message m
by signing m modn (i.e., using
(m modn)
d
modn
as the signature).
No. Recall that RSA restricts the message to be signed to be smaller than n.
If m is larger than n, then message m and message (m modn) would have the same
signature. So it would be easy to generate different messages that have the same
signature.
___________________________________________________________
2.
(text 5.6) Why do MD4, MD5, and SHA1 require padding of messages that are
already a multiple of 512bits?
Otherwise it would be easiy to find two messages with the same hash. Let M' be any
message that is not a multiple of 512 bits. Let M be M' padded as in MD4, so M is a
multiple of 512 bits. If no padding is used for M (because it is a multiple of 512 bits) then
MD4(M) would be the same as MD4(M').
___________________________________________________________
3.
(text 6.3) In RSA, is it possible for more than one
d
to work with a given
e, p,
and
q
?
Because d is the multiplicative inverse of e mod(p

1)
⋅
(q

1), it is unique modulo
(p

1)
⋅
(q

1). [Recall e has a multiplicative inverse mod (p

1)
⋅
(q

1) iff e is relatively
prime to (p

1)
⋅
(q

1). So multiplying the elements of Z
(p

1)
⋅
(q

1)
by e results in a
permutation of Z
(p

1)
⋅
(q

1)
, so there is only one element in Z
(p

1)
⋅
(q

1)
which yields 1 when
multiplied by e.]
___________________________________________________________
4.
(text 6.8) Given your RSA signature on m
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Spring '04
 NING
 Prime number, Euclidean algorithm, udaya shankar, mod15

Click to edit the document details