# homework 3 - ICS 180 Introduction to Cryptography Homework...

• Homework Help
• davidvictor
• 3

This preview shows pages 1–2. Sign up to view the full content.

ICS 180: Introduction to Cryptography 4/23/2004 Homework 3 Due Tuesday , 5/04/2004 [[ you get more than a week! ]] 1 Authentication Scheme from One-Way Permutations Let PPT algorithms ( Gen, Sample, Eval ) define a OWF (or OWP) { f i } i ∈I . Suppose that players U and B use the following authentication scheme. For example, say that B is a bank’s web portal and C is a web applet run by the bank’s client. The scheme is designed to last for one year, and needs to be reinitialized after that: Initialization Protocol: Let n = 365. B runs Gen (1 τ ) to pick a one-way function f i with security parameter τ and runs Sample ( i ) to pick a random element x ( n ) in the domain D i of f i . Then B computes, for k going from n down to 1, values x ( k 1) = f i ( x ( k ) ) = Eval ( i, x ( k ) ). (You’ll see in a second why we are computing them backward rather than forward.) B keeps for himself x (0) as the “verification value” for C , and gives to C (over some secure channel) the “root authentication secret” x (365) . C then re-generates all the x ( k ) values for k = 0 , ..., 364 by consecutive applications of f i . Let’s denote k -times repeated application of f i as a function ( f i ) ( k ) : D i → { 0 , 1 } . With this notation we have x ( n k ) = ( f i ) ( k ) ( x ( n ) ) for every k . Authentication Protocol: To authenticate himself to B on day t , C sends to B value x = x ( t ) and announces that he is “ C ”. B then picks the yesterday’s verification value x ( t 1) for that client, and authenticates this client as indeed “ C ” if f i ( x ) = x ( t 1) . If the equation holds B stores x as x ( t ) . (It’s easy to generalize this to the case when C contacted B last on any day t < t : Just compute ( f i ) ( t t ) on x ( t ) and compare with x ( t ) .) Assume that the adversary E , who tries to authenticate himself as “ C ” to B too, can eavesdrop on all instances of the ( C, B ) authentication protocol but cannot interrupt any such instance. On the other hand

This preview has intentionally blurred sections. Sign up to view the full version.

This is the end of the preview. Sign up to access the rest of the document.
• Spring '04
• Jarecki
• Cryptography, One-Way Functions, authentication protocol, OWF, authentication scheme, one-way function fi

{[ snackBarMessage ]}

### What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern