HW4-Solution

HW4-Solution - HW#4 Hash Functions Message Authentication...

This preview shows pages 1–3. Sign up to view the full content.

HW #4: Hash Functions, Message Authentication Code and Key Distribution CS 392/681: Computer Security Fall 2006 [100pts] DUE 10/09/2006 (midnight) Problem 1 [30pts] Assume that the US social security number (SSN) assignment is performed using the function which on input of a resident r, outputs its SSN as a 9-digit long number uniformly distributed at random. How many US residents would we have to collect such that at least two have of them will have the same SSN, with a probability greater than 0.8? Show all steps involved. Does this represent a good way for SSN assignment? Why or why not? If a hash function output space is N and if each output is equally likely (i.e. the output is uniformly distributed), then using the birthday paradox, we have probability of finding at least one collision in k trials is: p = (1 – e –k(k-1)/(2*N) ) Here, we have to find k such that p > 0.8, and N = 10^9 i.e., we have to find k such that, 1 – e –k(k-1)/(2*N) > 0.8 or e –k(k-1)/(2*N) < 0.2 Taking log base e both sides, –k(k-1)/(2*N) = -1.609 –k 2 + k = -1.609 * 2 * 10^9 k 2 - k - 1.609 * 2 * 10^9 Solving the above quadratic equation for the positive value of k, we get, k = 56728 (double check that it satisfies the inequality above) Therefore, with this method of SSN assignment, at least two citizens, out of a total of 56728 citizens, will have the same SSN, with a probability 0.8 (which is very high). Clearly, this is unworkable since the US population is much much more than 56728. Problem 2 [5+5+5+5pts]

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
(1) We studied ElGamal encryption in the class. Alice wants to encrypt two messages m1 and m2 (both in Zq) with her own public key in such a manner that she can later on compute the encryption of m1*m2 (in Zq) from the encryptions of m1 and m2 itself, i.e, without really having to perform the encryption operation again. Show how Alice can achieve this securely. Alice can use the same random number r while encrypting both m1 and m2. That is, encryption of m1 is A = (g^r, m1*y^r) and encryption of m2 B = (g^r,
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 4

HW4-Solution - HW#4 Hash Functions Message Authentication...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online