Assignment III - B.E.

VI Semester

Four students can submit one assignment

1. What is one-way function? what is trapdoor one-way function?

2. State and prove the correctness of RSA Cryptosystem.

3. Find the computational cost (in terms of bit operation) of key generation in RSA algo-
rithm.

4. For RSA with parameters: e = 7 and n = 17 ∗ 31.

(a) Encrypt the message block M = 2.

(b) Compute a private key corresponding to the given above public key.
(c) Perform the decryption of the obtained ciphertext using the method which is four
times faster than usual method(Using CRT).

5. Let N is product of two primes. Prove formally that hardness of factorization of N

implies hardness of finding ϕ(N ) given N .

6. Let N is product of two primes. Prove formally that hardness of factorization of N

∗.
implies hardness of finding order of an element in ZN

7. Let (N, e) be an RSA public key. Given the private key d, show that one can efficiently
factor the modulus N .

8. Alice and Bob have the same modulus n for RSA, and encryption exponents eA and eB
with gcd(eA , eB ) = 1. Charles sends them the same message m encrypted with these
keys, resulting in the ciphertexts cA and cB . Adversary intercepts both cA and cB . How
can she find m?

9. Solve the equation x2 + 4x + 1 = 0 in Z23 .

10. What is the 11th root of 2 in Z19 ? (i.e. what is 21/11 inZ19 ). Can you find the 6th root
of 2 in Z19 ? If yes find it else why not?

11. Solve the following system of congruences:

x ≡ 12(mod 25)
x ≡ 9(mod 26)
x ≡ 23(mod 27)

12. Let p be an odd prime. Then show that there are exactly (p − 1)/2 quadratic residues
modulo p and exactly (p − 1)/2 quadratic non residues modulo p.
13. Let g is the generator of the cyclic group Zp . Show that g is quadratic non residue mod
p.
14. Solve following quadratic congruent equation.
(i)b2 ≡ 44(mod 83)-
(ii)b2 ≡ 11(mod 29)
(iii)b2 ≡ 15(mod 59)
15. Using only CRT show that if x ∼
= y mod p and x ∼
= y mod q then x ∼
= y mod N . (5)
16. Show that computing the square root of a QR in ZN is as hard as factoring N. (Hint:
When the factorization of N = pq is known one computes the square root of x ∈ ZN ∗ by

first computing the square root in Zp of x mod p and the square root in Zq of x mod q
and then using the CRT to obtain the square root of x in ZN ).
17. Let sender A sends the same message M to three different receivers using their respective
public keys that have same e = 3 but different value of n. Let’s assume you can intercept
all three transmission. Can you find plaintext M in feasible time.
18. Show that text-RSA is vulnerable under following security notions.
(i) IND-CPA(semantic security) (ii) IND-CCA
19. If m is chosen from a small list of possible values (m < 2l , m has l − bits). Show that
attacker can compute message m in time O(l2α ), l/2 < α < l which is better than brute
force method. (Meet in middle attack)
20. Let (Gen,E,D) be a chosen ciphertext secure public-key encryption system with message
space {0, 1}128 . Which of the following is also chosen ciphertext secure?

(i)(Gen, E ′ , D′ ) where E ′ (pk, m) = E(pk, m ⊕ 1128 ) and D′ (sk, c) = D(sk, c) ⊕ 1128

(ii)(Gen, E ′ , D′ ) where E ′ (pk, m) = (E(pk, m), E(pk, 0128 )) and D′ (sk, (c1, c2)) = D(sk, c1).
(iii)(Gen, E ′ , D′ ) where E ′ (pk, m) = (E(pk, m), E(pk, m)) and D′ (sk, (c1, c2)) = D(sk, c1).
21. Alice and Bob wish to resolve a dispute over telephone. We can encode the possibilities
of the dispute by a binary value. For this they engage a protocol:
(i). Alice → Bob : Alice picks up randomly an x, which is a 200 bit number and
computes the function f(x). Alice sends f(x) to Bob.
(ii). Bob → Alice : Bob tells Alice whether x was even parity or odd parity.
(iii). Alice → Bob : Alice then sends x to Bob, so that Bob can verify whether his
guess was correct. If Bob’s guess was right, Bob wins. Otherwise Alice has the dispute
solved in her own way. They decide upon the following function, f : X → Y , where X
is a random variable denoting a 200 bit sequence and Y is a random variable denoting
a 100 bit sequence. The function f is defined as follows: f (x) = ( the most significant
100 bits of x) ∨ (the least significant 100 bits of x), ∀x ∈ X Here ∨ denotes bitwise OR.
Answer the following questions in this regard:
(i). Suppose Bob’s strategy to guess the even or odd of x is that if least significant bit
of f (x) is zero then x is even else x is odd. If Alice is honest, what is the probability of
Bob to be successful in guessing whether x is even or odd correctly?
(ii). What is Alice’s probability of cheating Bob?
(iii). What happens when the above function (∨) is replaced by bit-wise XOR? Rework
the above sub-parts for this change,