Mật mã ứng dụng
Mật mã ứng dụng
Mật mã ứng dụng
Question 1
Consider the toy key exchange protocol using an online trusted 3rd party (TTP) discussed in
Lecture 9.1. Suppose Alice, Bob, and Carol are three users of this system (among many others)
and each have a secret key with the TTP denoted ka , kb , kc respectively. They wish to generate
a group session key kABC that will be known to Alice, Bob, and Carol but unknown to an
eavesdropper. How would you modify the protocol in the lecture to accomodate a group key
exchange of this type? (note that all these protocols are insecure against active attacks)
1. Alice contacts the TTP. TTP generates a random kABC and sends to Alice
Question 2
Let G be a finite cyclic group (e.g. G = Z∗p ) with generator g. Suppose the Diffie-Hellman
function DHg (gx , gy ) = gxy is difficult to compute in G. Which of the following functions is
also difficult to compute: As usual, identify the f below for which the contra-positive holds: if
f (·, ·) is easy to compute then so is DHg (·, ·). If you can show that then it will follow that if
DHg is hard to compute in G then so must be f .
1. f (gx , gy ) = gxy+1
2. f (gx , gy ) = gx(y+1)
3. f (gx , gy ) = (g2 )x+y
√
4. f (gx , gy ) = ( g)x+y
1 https://class.coursera.org/crypto-012/
1
Question 3
Suppose we modify the Diffie-Hellman protocol so that Alice operates as usual, namely chooses
a random a in {1, . . . , p − 1} and sends to Bob A ← ga . Bob, however, chooses a random b in
{1, . . . , p − 1} and sends to Alice B ← g1/b . What shared secret can they generate and how
would they do it?
1. secret = gab . Alice computes the secret as Ba and Bob computes Ab .
2. secret = ga/b . Alice computes the secret as Ba and Bob computes A1/b .
3. secret = ga/b . Alice computes the secret as B1/b and Bob computes Aa .
4. secret = gab . Alice computes the secret as B1/a and Bob computes Ab .
Question 4
Consider the toy key exchange protocol using public key encryption described in Lecture 9.4.
Suppose that when sending his reply c ← E(pk, x) to Alice, Bob appends a MAC t := S(x, c) to
the ciphertext so that what is sent to Alice is the pair (c,t). Alice verifies the tag t and rejects
the message from Bob if the tag does not verify. Will this additional step prevent the man in the
middle attack described in the lecture?
1. it depends on what MAC system is used.
2. it depends on what public key encryption system is used.
3. yes
4. no
Question 5
The numbers 7 and 23 are relatively prime and therefore there must exist integers a and b such
that 7a + 23b = 1. Find such a pair of integers (a, b) with the smallest possible a > 0. Given
this pair, can you determine the inverse of 7 in Z23 ?
Question 6
Question 7
2
Question 8
How much is 210001 mod 11? (please do not use a calculator for this)
Question 9
Question 10
Question 11
Question 12
Solve the equation x2 + 4x + 1 = 0 in Z23 . Use the method described in lecture 9.3 using the
quadratic formula.
Question 13
Question 14
What is the discete log of 5 base 2 in Z13 ? (i.e. what is Dlog2 (5))
Recall that the powers of 2 in Z13 are
3
Question 15