Math 236: Discrete Mathematics with Applications Tutorial 7: 29 March 2012 1. Alice and Bob have the following RSA key-pairs: pub(Alice) = (8509, 7417) pri(Alice) = 37 pub(Bob) = (9301, 47) pri(Bob) = 5553 Alice wants to send Bob the signed and encrypted message win using an alphabet with spaces and blocks of length 4. Determine the message she sends him. Alice encodes win as 230914 and pad with 00 to ensure the message length is divisible by 4. So she get two blocks 2309 1400 She signs each block using her private key with the following rule: M 37 mod 187. So the resulting signature is 230937 mod 8509 140037 mod 8509 8047 2334 Alice then concatenates her signature to the message, giving the signed message 2309140080472334 She breaks this up into blocks of four and encrypts the message using Bob's public key, and the rule B 47 mod 9301. This results in the ciphertext 5925 8774 8887 2733 2. Alice and Bob are using the RSA cryptosytem with the following key-pairs pub(Alice) = (3127, 3), pri(Alice) = 2011 pub(Bob) = (3149, 2429), pri(Bob) = 5 Both Alice and Bob are using an alphabet with spaces and blocks of length 4. Bob receives the signed and encrypted message 0829 2670 0687 1982 from someone claiming to be Alice. Was the message sent by Alice or by an enemy? Bob decrypts the message using his private key and the rule C 5 mod 3149. This results in the signed message 0107 0500 3075 0056 He must now check that the signature matches the message. Looking up Alice's public key, Bob decrypts the signature 3075 0056 using the rule A3 mod 3127 and gets 0107 0504 This does not match the message received, so Bob can surmise that Alice did not send the message, or that the message was tampered with. 3. Alice is using an El Gamal cryptosystem. She chooses p = 2039, α = 7 and a = 4 (a) Find her public key (b) State her private key Alice's public key pub(Alice) = (p, α, αa ). Calculating αa mod p = 74 mod 2039 = 2401 mod 2039 = 362 mod 2039 Hence, pub(Alice) = (2039, 7, 362). Her private key pri(Alice) = a = 4 4. Determine, with justication, whether the following key-pair is a valid El Gamal key-pair. (a) pub(Alice)= (109, 2, 105), pri(Alice)= 20 (b) pub(Alice)= (113, 3, 76) and pri(Alice)= 11 (a) First note that p = 109 is a prime number. We now check that α = 2 is a generator of Z∗109 . To do so, note that p − 1 = 108 = 22 · 33 has two prime factors q = 2, 3. Now, 2 p−1 q ( = 254 ≡ 108 (mod 1)09 236 ≡ 1 (mod 1)09 if q = 2 if q = 3 Since 236 ≡ 1 (mod 1)09, 2 is not a generator of Z∗109 . So, pub(Alice) = (109, 2, 105), pri(Alice) = 20 is not a valid key pair. (b) First note that p = 113 is a prime number. We now check that α = 3 is a generator of Z∗113 . To do so, note that p − 1 = 112 = 24 · 7 has two prime factors q = 2, 7. Now, 3 Since 3 p−1 q p−1 q ( = 356 ≡ 112 (mod 1)13 316 ≡ 49 (mod 1)13 if q = 2 if q = 7 6≡ 1 (mod 1)13 for all q , 3 is a generator of Z∗113 . Notice also that 311 mod 113 = 76. So, pub(Alice) = (113, 3, 76), pri(Alice) = 11 is a valid El Gamal key pair. 5. Alice is using an El Gamal cryptosystem. Assume that her key-pair is pub(Alice)= and pri(Alice)= a. Briey describe how Bob will send a message M to Alice using the El Gamal cryptosystem. (p, α, αa ) See notes. 6. Alice has the following El Gamal key-pair: pub(Alice) pri(Alice) = (2957, 2, 1808) = 53 Messages sent to her use blocks of length 4 and an alphabet with spaces. Alice receives the message 18230168 Decrypt it Since Alices is receiving messages with block length 4, she splits the cipher text into γ = 1823 and δ = 0168 She then calculates γ p−1−a = 18232957−1−53 = 18232903 Thus, γ p−1−a mod p = 18232903 mod 2957 = 2631 Now, δ · γ p−1−a mod p = 168 · 2631 mod 2957 = 1415 Thus, the message is 1415 which decodes as no 7. Consider the following 3-round Feistel cipher: • • • The blocklength is t = 4 The cipher has a 12-bit key, K For each integer i ∈ {1, 2, 3}, we obtain the round key Ki from K by concatenating the bits of K whose position is congruent to i (mod 3), i.e., if K = k1 k2 k3 · · · k12 , then K1 = k1 k4 k7 k10 K2 = k2 k5 k8 k11 K3 = k3 k6 k9 k12 • Let Ki = x1 x2 x3 x4 . The round function is fKi (b1 , b2 , b3 , b4 ) = (x2 ⊕ b1 , x1 ⊕ b1 ⊕ b2 , x3 ⊕ b3 , x4 ⊕ b1 ⊕ b4 ) (a) Encrypt the rst block of the message Diamond ahead! using this Feistel cipher with key K = 000111101011 (b) Conrm your answer in (a) by decryption (a) The message Diamond ahead! has rst block P = 01000100. Note that K1 = 0110 K2 = 0101 K3 = 0111 Write P = L0 ||R0 where L0 = 0100 and R0 = 0100. It follows that L1 = R0 = 0100,R1 = L0 ⊕ fK1 (R0 ) = 0100 ⊕ fK1 (0100) = 0100 ⊕ 1110 = 1010 L2 = R1 = 1010,R2 = L1 ⊕ fK2 (R1 ) = 0100 ⊕ fK2 (1010) = 0100 ⊕ 0110 = 0010 L3 = R2 = 0010,R3 = L2 ⊕ fK3 (R2 ) = 1010 ⊕ fK3 (0010) = 1010 ⊕ 1001 = 0011 Therefore, EK (P ) = R3 ||L3 = 00110010. (b) We decrypt 00110010. Now, L0 = 0011 and R0 = 0010. Thus, L1 = R0 = 0010,R1 = L0 ⊕ fK3 (R0 ) = 0011 ⊕ fK3 (0010) = 0011 ⊕ 1001 = 1010 L2 = R1 = 1010,R2 = L1 ⊕ fK2 (R1 ) = 0010 ⊕ fK2 (1010) = 0010 ⊕ 0110 = 0100 L3 = R2 = 0100,R3 = L2 ⊕ fK1 (R2 ) = 1010 ⊕ fK1 (0100) = 1010 ⊕ 1110 = 0100 So, DK (1001001) = R3 ||L3 = 01000100 = P as required.
© Copyright 2024 Paperzz