SFL Prof. Dr. C. Rossow / S. Hausotte TU Dortmund WS 2021/2022 Exercise 2 (Hashes & Crypto)
Important announcement: Due to the student council meeting, the on-campus tutorial on November 10th is postponed to November 17th!
2.1 Modular Exponentiation
(a) Which of the following expressions are generally true, assuming all numbers are positive integers? You may use Euler’s theorem: aφ(n) mod n = 1 if a⊥n (a and n are coprime)
Copyright By PowCoder代写 加微信 powcoder
(1) ab modn=(amodn)b modn
(2) abmodn modn=ab modn
(3) ab modn=abmodφ(n) modn forn=pq,φ(n)=(p−1)(q−1)anda⊥n
(a) Given p = 7, q = 11 and e = 13, compute d. Feel free to use trial-and-error search to determine d or use the extended Euclidean algorithm.
(b) Assume you obtain Alice’s public key, and then you learn Alice’s φ(n). Can you compute p and q? If not, why not, and if so, how?
(c) PKCS is a standard that defines how to add random padding to plaintexts prior to RSA encryption. Why is such random padding actually required? Hint: Assume an attacker that knows to whom a message m was sent and has an intuition what the message might look like.
2.3 Hash Functions
(a) Which of the following functions are technically hash functions? Rate their quality using the criteria given in the lecture. Assume a message M of equally sized blocks m1, m2, . . . , mn.
(1) H1(m1m2m3···mn)=mn
(2) H2(m1m2m3···mn)=m1+m2+…+mn (+referstointegeraddition) (3) H3(M) = G(G(M)) where G fulfills all criteria of a hash function
(b) Download the files fileA.bin and fileB.bin which are provided with this exercise. Compare the size of these files as well as their contents. Compute the hashes of these files using the MD5 and SHA256 algorithms.
Hint: You can use the virtual machine that you already used for the practical exercises.
(c) What can you learn about these two algorithms by comparing the hashes of both files? What conclusions can you draw about their usage in cryptographic systems?
(d) Let H be a hash function, and let H−1 be a deterministic inverse hash function that guarantees H(H−1(hash)) = hash. From the existence of this inverse function it follows that H is not preimage resistant. Assume that the corresponding H has a 512-bit input space mapped to a 160-bit output space and let both H and H−1 create outputs in a uniform distribution.
Can H still be collision resistant? If so, why? If not, how hard would it be to find a collision?
SFL Prof. Dr. C. Rossow / S. Hausotte TU Dortmund WS 2021/2022 Exercise 2 (Hashes & Crypto)
2.4 Key Exchange
(a) Compare the basic concept of a Diffie- Exchange to the idea of Merkle’s Puzzle. Examine what their security is based on.
(b) Explain the vulnerabilities and weaknesses of both concepts. Are there vulnerabilities that are shared by both DHKE and MP?
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com