Systems and Network Security (NETW-1002)

Dr. Mohamed Abdelwahab Saleh

IET-Networks, GUC
Spring 2017
Exercise 6

Question 1
In RSA, assume an agent A chooses p = 5 and q = 11 and the public key e = 13, compute
the encryption of m = 40, and the signature of A over m.
Solution
n = 55, φ(n) = 40, e−1 mod-40 = d = 7. Encryption = 4013 mod-55, signature = 407 mod-55.


Question 2
In RSA, can we have situation where ek (ek (x)) = x? When does this happen? Demonstrate
by a simple example.
Solution
Yes, when e ≡ d mod-φ(n). Consider the case where p = 5, q = 7 and e = 5. We have:
n = 35, φ(n) = 24, d = e−1 mod-24 = 5 = e 

Question 3
Suppose Bob has an RSA cryptosystem with modulus n and encryption key b1 , and Charlie
has an RSA cryptosystem with (the same) modulus n and encryption key b2 . Suppose also
that gcd(b1 , b2 ) = 1. Now, consider the situation that arises if Alice encrypts the same
plaintext x to send to both Bob and Charlie. Thus, she computes y1 = xb1 mod n and
y2 = xb2 mod n, and then she sends y1 to Bob and y2 to Charlie. Suppose Oscar intercepts
y1 and y2 , and performs the computations below:
c1 = b−1
1 mod b2 , c2 = (c1 b1 − 1)/b2 , x1 = y1c1 (y2c2 )−1 mod n.
Prove that x1 is x.

1
Solution
We know that (x−1 )n × (x)n = 1 mod-n, so, (x−1 )n = (xn )−1 . Also (xm )(x−1 )n = x(m−n) .
x1 = y1c1 (y2c2 )−1 = x(b1 c1 −b2 c2 ) . However, c1 b1 = kb2 + 1, and c2 = (c1 b1 − 1)/b2 = k
x(b1 c1 −b2 c2 ) = x(kb2 +1−kb2 ) = x mod-n. 

Question 4
Suppose we have a set of blocks encoded with the RSA algorithm and we don’t have the
private key. Assume n = pq, and e is the public key. Suppose also someone tells us they
know one of the plaintext blocks has a common factor with n. Does this help us in any way?
Solution
Yes. If m has a common factor with n, then this factor is p or q and the cipher text c = me
mod-n, will have the same common factor with n. If m is a prime then, m is p or q, otherwise
we can find gcd(n, m), which will be p or q. 

Question 5
Suppose Bob uses the RSA cryptosystem with a very large modulus n for which the fac-
torization cannot be found in a reasonable amount of time. Suppose Alice sends a mes-
sage to Bob by representing each alphabetic character as an integer between 0 and 25, i.e.,
A = 0, . . . , Z = 25, and then encrypting each number separately using RSA with large e
and large n. Is this method secure? If not, describe the most efficient attack against this
encryption method.
Solution
It is not secure, the simplest attack is that the intruder can compute me mod-n, for all
possible values of m (26 values). Then the intruder can form a decryption table where the
decyption of me mod-n is m. 

Question 6
In a public-key system using RSA, you intercept the ciphertext c = 10 sent to a user whose
public key is e = 5, n = 35. What is the plaintext m?
Solution
p = 7 q = 5, φ(35) = 24, e = 5 and d = 5, 105 mod-35 = 5.