{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

# ps7 - Computer Science and Engineering UCSD CSE 207 Modern...

This preview shows pages 1–2. Sign up to view the full content.

Computer Science and Engineering, UCSD Spring 11 CSE 207: Modern Cryptography Instructor: Mihir Bellare Problem Set 7 May 18, 2011 Problem Set 7 Due: Wednesday May 25, 2011, in class. Problem 1. [45 points] Generation of random numbers on systems is difficult and error-prone. This problem explores ways of making ElGamal signature generation deterministic. Let p, q 3 be primes such that p = 2 q + 1. Let g be a generator of the cyclic group Z * p . Let H : { 0 , 1 } * Z p - 1 be a random oracle. 1. [20 points] We consider re-using randomness accross different signatures, which corresponds to the signature scheme DS = ( K , S , V ) whose algorithms are: algorithm K x \$ Z p - 1 X g x mod p k \$ Z * p - 1 return ( X, ( x, k )) algorithm S H (( x, k ) , M ) m H ( M ) r g k mod p s ( m - rx ) k - 1 mod ( p - 1) return ( r, s ) algorithm V H ( X, M, ( r, s )) m H ( M ) if ( r 6∈ Z * p OR s / Z p - 1 ) then return 0 if ( X r · r s g m (mod p )) then return 1 else return 0 Show that DS is not UF-CMA secure by presenting an adversary A for which Adv uf - cma DS ( A ) 1 / 3.

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 2

ps7 - Computer Science and Engineering UCSD CSE 207 Modern...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online