ss6 - Computer Science and Engineering, UCSD Spring 11 CSE...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Computer Science and Engineering, UCSD Spring 11 CSE 207: Modern Cryptography Instructor: Mihir Bellare Problem Set 6 Solutions May 18, 2011 Problem Set 6 Solutions Problem 1. [35 points] Let p 3 be a prime and g Z * p a generator of Z * p . (These are public quantities, known to all parties including the adversary.) Consider the key-generation and encryption algorithms below: Algorithm K x $ Z * p- 1 X g x mod p return ( X,x ) Algorithm E ( X,M ) if M 6 Z * p then return y $ Z p- 1 ; Y g y mod p Z X y mod p ; W Y M mod p return ( Z,W ) The message space associated to public key X is Messages ( X ) = Z * p . We let k be the bit-length of p . 1. [15 points] Specify a decryption algorithm D such that AE = ( K , E , D ) is an asymmetric encryption scheme satisfying the correct decryption property. State the running time of your algorithm as a function of k (the lower this is, the more credit you get) and prove that the correct decryption property holds. The decryption algorithm takes input the secret key x and a ciphertext C = ( Z,W ) and must return the underlying message M . It works as follows: algorithm D ( x,C ) Parse C as ( Z,W ) s x- 1 mod ( p- 1) Y Z s mod p M W Y- 1 mod p return M Note that in the key-generation algorithm x is chosen from Z * p- 1 (and not Z p- 1 ). This implies that x has an inverse modulo p- 1. The decryption algorithm begins by computing this inverse and denoting it by s . The fact that s is the inverse of x modulo p- 1 means that xs mod ( p- 1) = 1. Now, to show that the decryption algorithm is correct we have to show that D ( x, E ( X,M )) = M for any M Z * p . Let C = ( Z,W ) be an output of E ( X,M ). We want to show that D ( x,C ) = M . Let y be the value chosen by the encryption algorithm such that Y = g y mod p . Then 1 Z = X y = g xy mod p . Now, we first claim that Y is correctly re-computed by the decryption algorithm. This is true because modulo p we have: Z s ( g xy ) s g xys mod ( p- 1) g 1 y mod ( p- 1) g y...
View Full Document

This note was uploaded on 08/31/2011 for the course CSE 207 taught by Professor Daniele during the Winter '08 term at UCSD.

Page1 / 5

ss6 - Computer Science and Engineering, UCSD Spring 11 CSE...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online