CSci 5471: Modern Cryptography, Spring 2010 Homework #6
Yongdae Kim
–
Due: Apr 20th (Tuesday) 9:00 AM
–
Show all steps. Please ask any questions, if the problems are not clear.
1.
ElGamal vs. DiffieHellman Algorithm (30 pt total)
Suppose you have an algorithm
A
that breaks ElGamal en
cryption. In other words, given legitimate ciphertext
(
r, c
)
of a plaintext
m
with parameters
g, p, q
,
A
can computes
m
without knowing the private key. More formally, for a given
(
r, c, y, g, p, q
)
,
A
outputs
m
. Mathematically, you
can write
A
(
r, c, y, g, p, q
)
→
m
for any
(
r, c, y, g, p, q
)
where
–
Public information:
q
is a 160bit prime number and
p
is a 1024bit prime number satisfying
q

p

1
.
g
is a
generator of a subgroup
G
of
Z
*
p
.
–
Public key of a user is
y
where
y
=
g
x
(mod
p
)
.
–
ElGamal ciphertext:
(
r, c
)
where
r
=
g
k
(mod
p
)
with a random integer
k
and
c
=
my
k
(mod
p
)
where
m
is a message.
Show that you can break a DiffieHellman key agreement protocol using this algorithm. More formally, show that
using this algorithm you can compute
g
xy
(mod
p
)
for any
(
g
x
(mod
p
)
, g
y
(mod
p
)
, g, p, q
)
.
(Hint) You need to manipulate input of the algorithm
A
so that it will output DiffieHellman key you want to
compute.
2.
Strong Passwordbased Authentication (30 pts)
Let
S
be Alice’s password,
p
be a large prime,
g
be an element
of
Z
*
p
whose order is a prime
q
(
p
=
kq
+ 1
),
h
be a cryptographically secure hash function with 160 bit output.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Spring '08
 Staff
 Cryptography, hash function, Cryptographic hash function, Fsp

Click to edit the document details