Math 236: Discrete Mathematics with Applications
Tutorial 7: 29 March 2012
1. Alice and Bob have the following RSA key-pairs:
pub(Alice) = (8509, 7417)
pri(Alice) = 37
pub(Bob) = (9301, 47)
pri(Bob) = 5553
Alice wants to send Bob the signed and encrypted message
win
using an alphabet with spaces and blocks of length 4. Determine the message she
sends him.
Alice encodes win as 230914 and pad with 00 to ensure the message length is divisible by 4. So
she get two blocks
2309 1400
She signs each block using her private key with the following rule: M 37 mod 187. So the resulting
signature is
230937 mod 8509
140037 mod 8509
8047
2334
Alice then concatenates her signature to the message, giving the signed message
2309140080472334
She breaks this up into blocks of four and encrypts the message using Bob's public key, and the
rule B 47 mod 9301. This results in the ciphertext
5925 8774 8887 2733
2. Alice and Bob are using the RSA cryptosytem with the following key-pairs
pub(Alice) = (3127, 3),
pri(Alice) = 2011
pub(Bob) = (3149, 2429),
pri(Bob) = 5
Both Alice and Bob are using an alphabet with spaces and blocks of length 4. Bob
receives the signed and encrypted message
0829 2670 0687 1982
from someone claiming to be Alice. Was the message sent by Alice or by an enemy?
Bob decrypts the message using his private key and the rule C 5 mod 3149. This results in the
signed message
0107 0500 3075 0056
He must now check that the signature matches the message. Looking up Alice's public key, Bob
decrypts the signature 3075 0056 using the rule A3 mod 3127 and gets
0107 0504
This does not match the message received, so Bob can surmise that Alice did not send the
message, or that the message was tampered with.
3. Alice is using an El Gamal cryptosystem. She chooses p = 2039, α = 7 and a = 4
(a) Find her public key
(b) State her private key
Alice's public key pub(Alice) = (p, α, αa ). Calculating
αa mod p = 74 mod 2039
= 2401 mod 2039
= 362 mod 2039
Hence, pub(Alice) = (2039, 7, 362). Her private key pri(Alice) = a = 4
4. Determine, with justication, whether the following key-pair is a valid El Gamal
key-pair.
(a) pub(Alice)= (109, 2, 105), pri(Alice)= 20
(b) pub(Alice)= (113, 3, 76) and pri(Alice)= 11
(a) First note that p = 109 is a prime number. We now check that α = 2 is a generator of Z∗109 .
To do so, note that p − 1 = 108 = 22 · 33 has two prime factors q = 2, 3. Now,
2
p−1
q
(
=
254 ≡ 108 (mod 1)09
236 ≡ 1 (mod 1)09
if q = 2
if q = 3
Since 236 ≡ 1 (mod 1)09, 2 is not a generator of Z∗109 . So,
pub(Alice) = (109, 2, 105), pri(Alice) = 20
is not a valid key pair.
(b) First note that p = 113 is a prime number. We now check that α = 3 is a generator of Z∗113 .
To do so, note that p − 1 = 112 = 24 · 7 has two prime factors q = 2, 7. Now,
3
Since 3
p−1
q
p−1
q
(
=
356 ≡ 112 (mod 1)13
316 ≡ 49 (mod 1)13
if q = 2
if q = 7
6≡ 1 (mod 1)13 for all q , 3 is a generator of Z∗113 . Notice also that
311 mod 113 = 76.
So,
pub(Alice) = (113, 3, 76), pri(Alice) = 11
is a valid El Gamal key pair.
5. Alice is using an El Gamal cryptosystem. Assume that her key-pair is pub(Alice)=
and pri(Alice)= a. Briey describe how Bob will send a message M to Alice
using the El Gamal cryptosystem.
(p, α, αa )
See notes.
6. Alice has the following El Gamal key-pair:
pub(Alice)
pri(Alice)
= (2957, 2, 1808)
=
53
Messages sent to her use blocks of length 4 and an alphabet with spaces. Alice
receives the message
18230168
Decrypt it
Since Alices is receiving messages with block length 4, she splits the cipher text into
γ = 1823 and δ = 0168
She then calculates
γ p−1−a = 18232957−1−53 = 18232903
Thus,
γ p−1−a mod p = 18232903 mod 2957
= 2631
Now,
δ · γ p−1−a mod p = 168 · 2631 mod 2957
= 1415
Thus, the message is 1415 which decodes as
no
7. Consider the following 3-round Feistel cipher:
•
•
•
The blocklength is t = 4
The cipher has a 12-bit key, K
For each integer i ∈ {1, 2, 3}, we obtain the round key Ki from K by concatenating
the bits of K whose position is congruent to i (mod 3), i.e., if K = k1 k2 k3 · · · k12 ,
then
K1 = k1 k4 k7 k10
K2 = k2 k5 k8 k11
K3 = k3 k6 k9 k12
•
Let Ki = x1 x2 x3 x4 . The round function is
fKi (b1 , b2 , b3 , b4 ) = (x2 ⊕ b1 , x1 ⊕ b1 ⊕ b2 , x3 ⊕ b3 , x4 ⊕ b1 ⊕ b4 )
(a) Encrypt the rst block of the message
Diamond ahead!
using this Feistel cipher with key K = 000111101011
(b) Conrm your answer in (a) by decryption
(a) The message Diamond ahead! has rst block P = 01000100. Note that
K1 = 0110
K2 = 0101
K3 = 0111
Write P = L0 ||R0 where L0 = 0100 and R0 = 0100. It follows that
L1 = R0 = 0100,R1
= L0 ⊕ fK1 (R0 )
= 0100 ⊕ fK1 (0100)
= 0100 ⊕ 1110
= 1010
L2 = R1 = 1010,R2
= L1 ⊕ fK2 (R1 )
= 0100 ⊕ fK2 (1010)
= 0100 ⊕ 0110
= 0010
L3 = R2 = 0010,R3
= L2 ⊕ fK3 (R2 )
= 1010 ⊕ fK3 (0010)
= 1010 ⊕ 1001
= 0011
Therefore, EK (P ) = R3 ||L3 = 00110010.
(b) We decrypt 00110010. Now, L0 = 0011 and R0 = 0010. Thus,
L1 = R0 = 0010,R1
= L0 ⊕ fK3 (R0 )
= 0011 ⊕ fK3 (0010)
= 0011 ⊕ 1001
= 1010
L2 = R1 = 1010,R2
= L1 ⊕ fK2 (R1 )
= 0010 ⊕ fK2 (1010)
= 0010 ⊕ 0110
= 0100
L3 = R2 = 0100,R3
= L2 ⊕ fK1 (R2 )
= 1010 ⊕ fK1 (0100)
= 1010 ⊕ 1110
= 0100
So, DK (1001001) = R3 ||L3 = 01000100 = P as required.