homework 3

homework 3 - ICS 180: Introduction to Cryptography...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
ICS 180: Introduction to Cryptography 4/23/2004 Homework 3 Due Tuesday , 5/04/2004 [[ you get more than a week! ]] 1 Authentication Scheme from One-Way Permutations Let PPT algorithms ( Gen,Sample,Eval ) defne a OWF (or OWP) { f i } i ∈I . Suppose that players U and B use the ±ollowing authentication scheme. For example, say that B is a bank’s web portal and C is a web applet run by the bank’s client. The scheme is designed to last ±or one year, and needs to be reinitialized a±ter that: Initialization Protocol: Let n = 365. B runs Gen (1 τ ) to pick a one-way ±unction f i with security parameter τ and runs Sample ( i ) to pick a random element x ( n ) in the domain D i f i . Then B computes, ±or k going ±rom n down to 1, values x ( k 1) = f i ( x ( k ) ) = Eval ( i,x ( k ) ). (You’ll see in a second why we are computing them backward rather than ±orward.) B keeps ±or himsel± x (0) as the “verifcation value” ±or C , and gives to C (over some secure channel) the “root authentication secret” x (365) . C then re-generates all the x ( k ) values ±or k = 0 ,..., 364 by consecutive applications o± f i . Let’s denote k -times repeated application o± f i as a ±unction ( f i ) ( k ) : D i → { 0 , 1 } . With this notation we have x ( n k ) = ( f i ) ( k ) ( x ( n ) ) ±or every k . Authentication Protocol: To authenticate himsel± to B on day t , C sends to B value x = x ( t ) and announces that he is “ C ”. B then picks the yesterday’s verifcation value x ( t 1) ±or that client, and authenticates this client as indeed “ C ” i± f i ( x ) = x ( t 1) . I± the equation holds B stores x as x ( t ) . (It’s easy to generalize this to the case when C contacted B last on any day t < t : Just compute ( f i ) ( t t ) on x ( t ) and compare with x ( t ) .) Assume that the adversary E , who tries to authenticate himsel± as “ C ” to B too, can eavesdrop on all instances o± the ( C,B
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 3

homework 3 - ICS 180: Introduction to Cryptography...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online