Security in Computing (3rd Edition)

Info icon This preview shows pages 1–3. Sign up to view the full content.

CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner HW 2 Solution 1. (4 pts.) Any questions Any constructive responses is given full credit. 2. (20 pts.) PGP If you emailed your TA with a correctly signed encrypted message you will receive full credit. 3. (10 pts.) One-time pad (a) No, this scheme does not have the security guarantees of a one-time pad. Table 1 lists the resulting encrypted messages using this scheme. We can see that some outcomes exclude certain inputs. For example, given ( M , K ) = 11 an attacker knows that the sent message M is not 0. (b) We wish to design a new encryption algorithm E * ( · , · ) that has the security guarantees of the one-time pad. We require that given E * ( M , K ) , an attacker should get no information about M . This property is satisfied for any E * ( M , K ) that is uniform on { 0 , 1 , 2 } . One such algorithm is as follows: E * ( M , K ) = M + K mod 3 . Table 2 confirms that each outcome is equally likely. 4. (10 pts.) An RSA reduction We wish to factor N = pq . Since e = 3 and d are inverses modulo ϕ ( N ) = ( p - 1 )( q - 1 ) , have that 3 d = ed = 1 + k ( p - 1 )( q - 1 ) = 1 + k ϕ ( N ) for some k ∈ { 1 , 2 ,... } . Also we have that d < ϕ ( N ) , so k ∈ { 1 , 2 } . (In fact k = 2 always.) Table 1: Encrypted messages using E M K E(M,K) 00 00 00 00 01 01 00 10 10 01 00 01 01 01 00 01 10 11 10 00 10 10 01 11 10 10 00 CS 161, Fall 2005, HW 2 1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Table 2: Encrypted messages using E * M K E * ( M , K ) 00 00 00 00 01 01 00 10 10 01 00 01 01 01 10 01 10 00 10 00 10 10 01 00 10 10 01 We have a finite number of possible values of k , so we can check which k is correct as follows: Fix a k . Given this guess at k , we can infer a presumed values for ϕ ( N ) via ϕ ( N ) k = 3 d - 1 k . Also the true value for ϕ ( N ) satisfies ϕ ( N ) = ( p - 1 )( q - 1 ) = pq - p - q + 1 = N - N q - q + 1; rewriting this, we can solve for q via the quadratic equation, given the value of ϕ ( N ) . This gives a way to test whether our guess ϕ ( N ) k was correct, since we can use our guess to solve for q and test whether the resulting q is indeed a factor of N . The running time is polynomial in the number of bits of N : we use O ( 1 ) operations on integers no larger than N , which corresponds to O (( lg N ) 2 ) bit operations. An algorithm for general e is given in G. Miller, “Riemann’s hypothesis and tests for primality,” Journal of Computer and System Sciences , 13(3):300-317, 1976. This algorithm is in time polynomial to the number of bits in N . 5. (21 pts.) The definition of a secure block cipher (a) Insecure A distinguishing attack on the block cipher E is as follows: Ask for the encryption of two messages M , M 0 ; receive the ciphertexts C , C 0 . If M C = M 0 C 0 , then guess that you are interacting with E ; otherwise, you are definitely interacting with P . This works because M
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern