CSC 574 Section 001

Fall 2015
Homework #2

Keywords: Message Digest, Hash Function, Public Key Cryptography, RSA.

Name 1: __________________________Student ID 1: _______________________

Name 2: __________________________Student ID 2: _______________________

Instructions
You can do this homework in groups of two (at most).
The total number of points is 50.
You must answer all questions for full credit.
The due date is as posted on the web page (please return the answers by wolfware).
In general, you can make any reasonable assumptions in your answers. Do NOT make
unnecessary assumptions.

Question 1: [Message digests and hash functions] [20 pts]

1. Message digests are reasonably fast, but heres a much faster function to
compute. Take your message and divide it into 128-bit chunks, then all the
chunks together to get a 128-bit result. Do the standard message digest on the
result. Is this a good message digest function?
2. Assume a good 128-bit message digest function. Assume there is a
particular value, d, for the message digest and you would like to find a
message that has a message digest of d. Given that there are many
more 2000-bit messages that map to a particular 128-bit message
digest than 1000-bit messages, would you theoretically have to test
fewer 2000-bit messages to find one that has a message digest of d
than if you were to test 1000-bit messages?
3. Message digest algorithms can be used to generate one-time pad
streams of MD-sized blocks similar to OFBs one-time pad (Refer to
lecture slides). This stream must eventually repeat since only 2 MD-size
blocks can be generated. Will the first blocks necessarily be the first
block to be repeated?
4. Message digests can also be used for encryption/decryption by
generating pads similar to CFBs pads (Refer to lecture slides). That is,
for a pad block bi, plaintext block pi, and ciphertext block ci,
b1=MD(KAB|IV), ci=pi+bi and bi=MD(KAB|ci-1). Can you modify this
encryption approach so that instead of b i=MD(KAB|ci-1) we use
bi=MD(KAB|pi-1)? How do you decrypt? Why wouldnt the modified
scheme be as secure? (Hint: What would happen if the plaintext
consisted of all zeroes?)

Question 2: [Ravest, Shamir, and Addleman - RSA] [20 pts]

1. Construct a table showing an example of the RSA cryptosystem with parameters
p = 17, q = 19, and e = 5. The table should have two rows, one for the plaintext
M and the other for the ciphertext C. The columns should correspond to integer
values in the range [10; 15] for M. Hint: Write a small program or use a
spreadsheet.
2. In a public-key system using RSA, you intercept the ciphertex C = 10, sent to a
user whose public key is e = 5, n = 35. What is the plaintext M?
3. In a public-key system using RSA, the public key of a certain user is e = 31, n =
3599. What is the plaintext M? Hint: you may use the Unix program factor.
4. In a public-key system using RSA, the public key of a certain user with public
key e; n leaks his private key d. Being lazy, he re-computes a new e and d using
the same n. Is this safe? Why or why not?
5. Compute 7266 mod 100 using either the recursive or non-recursive successive
squaring algorithm. Show your work.

Question 3: [10 pts]

Tatebayashi, Matsuzaki, and Newman (TMN) proposed the following protocol, which
enables Alice and Bob to establish a shared symmetric key K with the help of a trusted
server S. Both Alice and Bob know the servers public key Ks. Alice randomly generates
a temporary secret KA, while Bob randomly generates the new key K to be shared with
Alice. The protocol then proceeds as follows:
Alice Server Ks{KA}
Bob Server Ks{K}
Server Alice KKA
Alice recovers key K as KA(KKA)
To summarize, Alice sends her secret to the server encrypted with the servers public
key, while Bob sends the newly generated key, also encrypted with the servers public
key. The server XORs the two values together and sends the result to Alice. As a result,
both Alice and Bob know K.
Suppose that evil Charlie eavesdropped on Bobs message to the server. How can he
with the help of his equally evil buddy Don, extract the key K that Alice and Bob are
using to protect their communications? Assume that Charlie and Don can engage in the
TMN protocol with the server, but they do not know the servers private key.