Dhirubhai Ambani Institute of Information and Communication Technology

IT325 Introduction to Cryptography (Winter 2014-15)

Assignment

Understanding of possible solutions for following problems is Required,

Submission of solutions is Optional.
Q1. What do you mean by saying that a cryptographic hash function is secure? How does
Birthday paradox play role in measuring hash function security?
Q2. Suppose that p be a prime and let be an integer with p | . Let h(x)
why h(x) is not a good cryptographic hash function.

(d )

Q3. For integer n > 0, prove that

x (mod p). Explain

n .

d |n

Q4. Illustrate CBC-MAC security with respect to fixed and variable length of messages.
Q5. A cryptosystem is considered to be semantically secure (indistinguishability) if no
adversary, given an encryption of a message randomly chosen from two messages {m1,m2}
determined by the adversary, can identify the message choice with probability significantly
better than that of random guessing (1/2). Why the textbook version of RSA encryption (c = me
mod n) is not semantically secure?
Q6. Consider this RSA-variant. Let r Zn be a random integer. The encryption of message m is
computed as c = (m r, re mod n) = (u, v). To get m, one can decrypt v using private key and
XOR the result with u. Is this scheme semantically secure? Prove or disprove.
Q7. Using the RSA algorithm with p = 5, q = 7, find the ciphertext corresponding to the plaintext
hello using the numbers corresponding to the letters, e.g., the number 8 stands for h, 5 stands
for e, and so on. Convert the ciphertext back to plain text and check if you get hello back.
Q8. Suppose there are three users who agree to use the RSA encryption algorithm for data
confidentiality. They use a common public key e=3 for faster encryption. But, they pick a
different modulus, say n1 for first user, n2 for second user, and n3 for the third user. All three
moduli are relatively prime.
Now, a server sends a message m to each of the user in an encrypted form using the RSA
encryption algorithm. That is, c1 m3 (mod n1) is sent to the first user, c2 m3 (mod n2) is sent to
the second user, and c3 m3 (mod n3) is sent to the third user. Show how an attacker can
construct the actual message m without having the information of corresponding private keys.
What would be the safeguard mechanism to avoid the RSA low public exponent threat?
Q9. Explain how a birthday attack can weaken the discrete logarithm problem.
Q10. The Diffie-Hellman key exchange is used to establish a symmetric key between Alice and
Bob. Alice sends (public parameter, modulus) to Bob. Suppose that Alice sends (191, 719). Bob
responds with 543. Alices secret number is 16. What is the computed symmetric key ?
Q11. In a public key cryptosystem, anyone can encrypt a message and send it to Bob, so he will
have no idea where it comes from. How does Bob verify that it has come from Alice?

Q12. Recall that in RSA, the private key is denoted d, and the public key is the pair (e, n).
Suppose that Alice has a secret RSA private key d she uses to sign messages. However, Alice
agrees to sign only messages of the set {m1, m2, .., mk}. Can Bob trick Alice into signing a
message m that is not one of these? If yes, show how? If no, why not ?
Q13. To speed up RSA decryption, one can use the Chinese Remainder Theorem (CRT). Why
and How?
Q14. Suppose that Alice is using the ElGamal Signature scheme. In order to save time in
generating the random numbers k that are used to sign messages, Alice chooses an initial
random value k0, and then signs the ith message using the value ki = k0 + 2i (mod p) (therefore ki
= ki-1 + 2 (mod p)) for all i 1).
Suppose that Bob observes two consecutive signed messages, say (xi, sign(xi)) and (xi+1,
sign(xi+1)). Describe how Bob can compute Alices secret key, a, given this information, without
solving an instance of the discrete logarithm problem. (Note that the value of i does not have to
be known for the attack to succeed.)