solution homework 02

Security in Computing (3rd Edition)

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner HW 2 Solution 1. (4 pts.) Any questions Any constructive responses is given full credit. 2. (20 pts.) PGP If you emailed your TA with a correctly signed encrypted message you will receive full credit. 3. (10 pts.) One-time pad (a) No, this scheme does not have the security guarantees of a one-time pad. Table 1 lists the resulting encrypted messages using this scheme. We can see that some outcomes exclude certain inputs. For example, given ( M , K ) = 11 an attacker knows that the sent message M is not 0. (b) We wish to design a new encryption algorithm E * ( · , · ) that has the security guarantees of the one-time pad. We require that given E * ( M , K ) , an attacker should get no information about M . This property is satisfied for any E * ( M , K ) that is uniform on { 0 , 1 , 2 } . One such algorithm is as follows: E * ( M , K ) = M + K mod 3 . Table 2 confirms that each outcome is equally likely. 4. (10 pts.) An RSA reduction We wish to factor N = pq . Since e = 3 and d are inverses modulo ϕ ( N ) = ( p - 1 )( q - 1 ) , have that 3 d = ed = 1 + k ( p - 1 )( q - 1 ) = 1 + k ϕ ( N ) for some k ∈ { 1 , 2 ,... } . Also we have that d < ϕ ( N ) , so k ∈ { 1 , 2 } . (In fact k = 2 always.) Table 1: Encrypted messages using E M K E(M,K) 00 00 00 00 01 01 00 10 10 01 00 01 01 01 00 01 10 11 10 00 10 10 01 11 10 10 00 CS 161, Fall 2005, HW 2 1
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Table 2: Encrypted messages using E * M K E * ( M , K ) 00 00 00 00 01 01 00 10 10 01 00 01 01 01 10 01 10 00 10 00 10 10 01 00 10 10 01 We have a finite number of possible values of k , so we can check which k is correct as follows: Fix a k . Given this guess at k , we can infer a presumed values for ϕ ( N ) via ϕ ( N ) k = 3 d - 1 k . Also the true value for ϕ ( N ) satisfies ϕ ( N ) = ( p - 1 )( q - 1 ) = pq - p - q + 1 = N - N q - q + 1; rewriting this, we can solve for q via the quadratic equation, given the value of ϕ ( N ) . This gives a way to test whether our guess ϕ ( N ) k was correct, since we can use our guess to solve for q and test whether the resulting q is indeed a factor of N . The running time is polynomial in the number of bits of N : we use O ( 1 ) operations on integers no larger than N , which corresponds to O (( lg N ) 2 ) bit operations. An algorithm for general e is given in G. Miller, “Riemann’s hypothesis and tests for primality,” Journal of Computer and System Sciences , 13(3):300-317, 1976. This algorithm is in time polynomial to the number of bits in N . 5. (21 pts.) The definition of a secure block cipher (a) Insecure A distinguishing attack on the block cipher E is as follows: Ask for the encryption of two messages M , M 0 ; receive the ciphertexts C , C 0 . If M C = M 0 C 0 , then guess that you are interacting with E ; otherwise, you are definitely interacting with P . This works because M
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern