CS 161
Computer Security
Fall 2005
Joseph/Tygar/Vazirani/Wagner
HW 3
Solution
1. (5 pts.)
Any questions
Any constructive response is given full credit.
2. (20 pts.)
Zero knowledge
(a) Simulator:
i. Pick a random
R
(
mod
N
)
.
ii. Let
S
=
R
e
(
mod
N
)
.
iii. Output the following transcript:
step 1: Bob sends S to Alice
step 2: Alice sends R to Bob
step 3: Bob accepts
The distribution on the output of Simulator is exactly the same as the distribution on the tran
script obtained by running honestAlice + honestBob together.
(b) You need to give an example of a dishonestBob that cannot be simulated. Here is one example.
Suppose Bob always sends the same value 2 to Alice. Alice will respond with 2
d
(
mod
N
)
. Note
that this is a value the simulator cannot emulate: the simulator does not know
d
, and the security
of RSA signatures means that the simulator cannot forge a signature on arbitrary messages (i.e.,
cannot compute 2
d
(
mod
N
)
without knowledge of
d
). Consequently, in this example Bob has
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Fall '05
 Joseph
 Computer Security, Alice, Alice and Bob

Click to edit the document details