I.D. NUMBER SURNAME OTHER NAMES
|
|
- Melvyn Whitehead
- 5 years ago
- Views:
Transcription
1 THE UNIVERSITY OF CALGARY DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS AND STATISTICS FINAL EXAMINATION SOLUTION KEY CPSC/PMAT 418 L01 Introduction to Cryptography Fall 2017 December 19, 2017, 8:00-11:00 Time: 3 hours I.D. NUMBER SURNAME OTHER NAMES STUDENT IDENTIFICATION Each candidate must sign the Seating List confirming presence at the examination. All candidates for final examinations are required to place their University of Calgary student I.D. cards on their desks for the duration of the examination. Students without an I.D. card who can produce an acceptable alternative I.D., e.g., one with a printed name and photograph, are allowed to write the examination. A student without acceptable I.D. will be required to complete an Identification Form. The form indicates that there is no guarantee that the examination paper will be graded if any discrepancies in identification are discovered after verification with the student s file. A student who refuses to produce identification or who refuses to complete and sign the Identification Form is not permitted to write the examination. EXAMINATION RULES 1. Students late in arriving will not normally be admitted after one-half hour of the examination time has passed. 2. No candidate will be permitted to leave the examination room until one-half hour has elapsed after the opening of the examination, nor during the last 15 minutes of the examination. All candidates remaining during the last 15 minutes of the examination period must remain at their desks until their papers have been collected by an invigilator. 3. All inquiries and requests must be addressed to supervisors only. 4. Candidates are strictly cautioned against: (a) speaking to other candidates or communicating with them under any circumstances whatsoever; (b) (c) (d) bringing into the examination room any textbook, notebook or memoranda not authorized by the examiner; making use of calculators and/or portable computing machines not authorized by the instructor; leaving answer papers exposed to view; (e) attempting to read other students examination papers. The penalty for violation of these rules is suspension or expulsion or such other penalty as may be determined. 5. Discarded matter is to be struck out and not removed by mutilation of the examination paper. 6. Candidates are cautioned against writing on their exam paper any matter extraneous to the actual answering of the question set. 7. The candidate is to write his/her ID number and name on the exam paper as directed. 8. During the examination a candidate must report to a supervisor before leaving the examination room. 9. Candidates must stop writing when the signal is given. Exam papers must be handed to the supervisor-in-charge promptly. Failure to comply with these regulations will be cause for rejection of an answer paper. 10. If during the course of an examination a student becomes ill or receives word of domestic affliction, the student must report at once to the supervisor, hand in the unfinished paper and request that it be cancelled. If physical and/or emotional ill health is the cause, the student must report at once to a physician/counsellor so that subsequent application for a deferred examination is supported by a completed Physical/Counsellor Statement form. Students can consult professionals at University Health Services or Counselling and Student Development Centre during normal working hours or consult their physician/counsellor in the community. Once an examination has been handed in for marking, a student cannot request that the examination be cancelled for whatever reason. Such a request will be denied. Retroactive withdrawals will also not be considered. Question Total Actual Marks Marks Total 104 INSTRUCTIONS This is a closed book exam. No aids are permitted; this includes calculators. Total marks: 104. Score will be out of 100, so you can get up to 104%. Answer all the questions in the space provided. Use the last 3 pages to continue answers if you need more space, or as rough paper. Page 1 of 14
2 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 2 of [10 marks] Multiple Choice Questions For each question, check exactly one answer. (a) [1 mark] Assuming that keys are chosen with equal likelihood, the one-time pad provides semantic security computational security perfect secrecy none of the above (b) [1 mark] Assuming that keys are chosen with equal likelyhood, the entropy of the key space for DES is 64 bits 56 bits 48 bits 32 bits (c) [1 mark] Which mode of operation for a block cipher computes the current ciphertext block by taking the XOR of the current plaintext block with the previous ciphertext block and encrypting the result? Electronic code book Cipher block chaining Cipher feedback Output feedback (d) [1 mark] Let p be a prime and g a primitive root of p. Which of the following properties is true for g? g p 1 1 (mod p) g k 1 (mod p) for all integers k with 1 k p 2 Every element of Z p is a power of g All of the above (e) [1 mark] The security of the Diffie-Hellman key agreement protocol depends on the presumed intractability of the following mathematical problem? Integer factorization problem Discrete logarithm problem Quadratic residuosity problem Primality testing
3 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 3 of 14 (Multiple Choice Questions, cont d) (f) [1 mark] Let m, n N, and let φ denotes Euler s phi function. Under what sufficient condition is φ(mn) = φ(m)φ(n)? Only when m and n are coprime Only when m and n are even Only when m and n are odd Always (g) [1 mark] Encryption functions in public key cryptosystems are one-way functions trap-door one-way functions hash functions linear functions (h) [1 mark] Which of the following approaches can be used to successfully break RSA, given knowledge of the public key (e, n)? Factoring n Finding φ(n) Finding the private key d All of the above (i) [1 mark] Suppose n = pq where p and q are distinct primes, and a Z n. Then a is a pseudosquare modulo n if the following is true: a is a quadratic residue modulo both p and q a is a quadratic residue modulo exactly one of p and q a is a quadratic non-residue modulo both p and q None of the above (j) [1 mark] In a public key infrastructure, which entity or mechanism ensures the authenticity of cryptographic keys? Key distribution centre Peer authentication Certification authority All of the above
4 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 4 of [10 marks] TRUE/FALSE Questions Answer every questions with TRUE or FALSE. Just state your answer; no explanations are required. (a) [1 mark] AES is based on a Feistel network structure, just like DES. FALSE (b) [1 mark] The S-boxes in AES provide diffusion. FALSE (c) [1 mark] In a synchronous stream cipher, the state of the device depends on the previous state but not on the input. FALSE (d) [1 mark] The Keccak algorithm underlying SHA-3 is an iterated hash function. TRUE (e) [1 mark] An algorithm for solving the discrete logarithm problem can be used to solve the Diffie-Hellman problem. TRUE (f) [1 mark] 2 is a quadratic non-residue modulo 7. FALSE because (mod 7) (g) [1 mark] 3 is a primitive root of 7. TRUE (h) [1 mark] The ElGamal public key cryptosystem is signature capable. FALSE as messages are integers modulo a prime and ciphertexts are pairs of such integers. (i) [1 mark] The Goldwasser-Micali public key cryptosystem is GMR-secure provided the discrete logarithm problem is intractable. FALSE the underlying problem is the quadratic residuosity problem. (j) [1 mark] SSH provides an encrypted channel between a server and a client. TRUE
5 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 5 of [10 marks] Definitions (a) [2 marks] Define what it means for an attack on a cryptosystem to be active. An attacker interacts with the system (e.g. modifies the information, as opposed to just listening. (b) [2 marks] Define what it means for a hash function to be weakly collision resistant. Given any input x to H, it is computationally infeasible to find a different input x x to H with H(x) = H(x ) (c) [2 marks] Define hybrid encryption. Encrypting a session key (say, for a conventional cryptosystem) for transmission using a public key system (d) [2 marks] Let p be an odd prime and a Z. Define the Legendre symbol ( a p). 0 if p divides a, 1 if a is a quadratic residue modulo p, 1 if a is a quadratic non-residue modulo p. (e) [2 marks] Define indistinguishability under chosen ciphertext attacks No (active) adversary with access to a decryption oracle (that decrypts arbitrary ciphertexts) can in expected polynomial time select two plaintext messages M 1 and M 2 and then correctly distinguish between encryptions of M 1 and M 2 with probability significantly greater than 1/2.
6 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 6 of [10 marks] Short Answer Questions (a) [2 marks] State Kerkhoff s principle. The security of a cryptosystem should depend entirely upon knowledge of the key, not of the method. (b) i. [1 mark] How many bits of security does a 160-bit hash function provide? 80 ii. [1 mark] What is the name of the attack that this security level must protect against? Birthday attack (c) [2 marks] Name two cryptographic services provided by digital signatures. Data authentication, non-repudiation (d) [2 marks] Describe the next-bit test for a pseudorandom bit sequence. There is no polynomial time algorithm that, on input of the first k bits of an output sequence, can predict the (k + 1)-st bit with probability significantly greater than 1/2. (e) [2 marks] Name two cryptographic services provided by the station-to-station protocol. Any two of entity authentication, authenticated key agreement, key confirmation, forward secrecy
7 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 7 of [10 marks] Simple Computations (a) [3 marks] Consider a random variable X with four outcomes X 1, X 2, X 3, X 4 and respective probabilities p(x 1 ) = 1 2, p(x 2) = 1 4, p(x 3) = p(x 4 ) = 1 8. Compute the entropy H(X). Give the actual value of H(X), not just the formula. H(X) = 1 2 log 2(2) log 2(4) log 2(8) = = = 7 4 = 1.75 (b) [2 marks] Determine the value of the Legendre symbol ( 3 13). Use any method you like. Show your work. ( ) 3 13 = ( 1) ( ) 13 = 3 ( ) 13 = 3 ( ) 1 = 1 3 (c) [2 marks] Let φ denote Euler s phi function. Determine φ(24). Show your work. φ(24) = φ(3)φ(2 3 ) = (3 1)(2 1)2 3 1 = = 8 Z 24 = {1, 5, 7, 11, 13, 17, 19, 23} (d) [3 marks] Let f(x) = x 2 + 1, g(x) = x 3 + x + 1 be polynomials with binary coefficients. Compute f(x)g(x) (mod x 4 + 1). Show your work. f(x)g(x) = (x 5 + x 3 + x 2 ) + (x 3 + x + 1) = x 5 + x 2 + x + 1 x (mod x 4 + 1)
8 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 8 of [4 marks] Affine Linear Cipher The affine linear cipher is generalization of the shift cipher as follows. Plaintexts and ciphertexts are elements in Z 26, and keys are pairs (a, b) with a, b Z 26 and gcd(a, 26) = 1. To encrypt a message M with the key (a, b), the sender computes and sends C am + b (mod 26), 0 C 25. To decrypt a ciphertext C, the receiver computes the modular inverse a of a modulo 26 and obtains the plaintext via M a (C b) (mod 26), 0 M 25. (a) [1 marks] Encrypt the plaintext M = 6 under the affine linear cipher with key (7, 4) = (mod 26). (b) [3 marks] Decrypt the ciphertext C = 3 under the affine linear cipher with key (7, 4). Show your work. 26 = = = = = 5 2(7 5) = = 3(26 3 7) 2 7 = So a (mod 26) and hence M 15(3 4) (mod 26).
9 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 9 of [9 marks] Modes of Operation for Block Ciphers Let E K denote encryption under a secret key K of some block cipher, and suppose that M 1, M 2,... are message blocks. (a) [2 marks] Describe how to use the cipher in electronic code book (ECB) mode. Blocks are encrypted sequentially, one at a time: C i = E K (M i ) (i N) (b) [3 marks] Describe the encryption and decryption procedures when using the block cipher in output feedback (OFB) mode in its simplest form (i.e. with one register). KS 0 = IV, KS i = E K (KS i 1 ) C i = KS i M i, M i = C i KS i (i N) (c) [1 mark] Is a block cipher in OFB mode a synchronous or a self-synchronizing stream cipher? Just state the answer, no justification is needed. Synchronous stream cipher (d) [1 mark] Does the initial value IV for a block cipher in CFB mode need to be sent in encrypted form or can it be sent in the clear without compromising security? Just state the answer, no justification is needed. In the clear (e) [2 marks] State an advantage of using a block cipher in OFB mode as opposed to ECB mode. Identical plaintext blocks encrypt to different ciphertext blocks in CFB mode, but in ECB mode, they yield identical ciphertext blocks. OFB also provides better error propagation (and better diffusion) than ECB.
10 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 10 of [5 marks] Message Authentication Codes (a) [2 marks] Define what it means for a message authentication code to be computation resistant. Given zero or more message/mac pairs, it is computationally infeasible to generate a new message/mac pair where the message is distinct from all the given messages. (b) [3 marks] Consider the following message authentication code called BCMAC (for block cipher message authentication code ) which is derived from a block cipher that operates on n-bit plaintexts. BCMAC takes as input a message M of bit length 2n 2 and produces the corresponding tag as follows (here, E K is encryption under the block cipher using key K and denotes concatenation): (1) Write M = M 0 M 1 where M 0, M 1 each have length n 1; (2) BCMAC(M) = E K (0 M 0 ) E K (1 M 1 ). Show that BCMAC is not computation resistant as follows. Suppose an adversary Eve has two distinct messages M = M 0 M 1 and M = M 0 M 1, with M 0 M 0 and M 1 M 1, along with their respective message authentication tags BCMAC(M) and BCMC(M ). Carefully show how Eve can use this information to defeat computation resistance. Eve is given M and M, along with their respective tags BCMAC(M) = E K (0 M 0 ) E K (1 M 1 ), BCMAC(M ) = E K (0 M 0) E K (1 M 1). Put M = M 0 M 1. Then M M as M 0 M 0, and M M as M 1 M 1. Now the adversary can compute BMAC(M ) = E K (0 M 0) E K (1 M 1 ), since the first half of BCMAC(M ) is identical to the first half of BCMAC(M ) and the second half of BCMAC(M ) is identical to the second half of BCMAC(M). So the adversary has found a new message M along with its BCMAC tag. Note that a similar proof works for the choice M = M 0 M 1.
11 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 11 of [6 marks] RSA Common Modulus Suppose two users (1 and 2) share the same RSA encryption modulus n, but have different encryption exponents e 1 and e 2, respectively, with gcd(e 1, e 2 ) = 1. Suppose that a third party sends the same message M to both users, i.e. she sends C 1 M e 1 (mod n) to user 1 and C 2 M e 2 (mod n) to user 2. (a) [4 marks] Carefully explain a procedure by which an adversary can efficiently recover M. Use the Extended Euclidean Algorithm to find integers x, y with e 1 x + e 2 y = 1. Then C x 1 C y 2 (M e 1 ) x (M e 2 2 )y M e 1x+e 2 y = M 1 = M (mod n). (b) [1 mark] What kind of attack is this (ciphertext only, known plaintext, chosen plaintext, chosen ciphertext)? Ciphertext only attack. (c) [1 mark] Is this attack active or passive? Passive 10. [6 marks] RSA-OAEP Consider the RSA-OAEP public key encryption scheme given by C (s t) e (mod n) with s = (M 0 k 1 ) G(r) and t = r H(s), where (e, n) is the RSA public key, G and H are random functions, r is a random number, and denotes concatenation. For this question, provide clear succinct answers of 1-2 sentences. (a) [2 marks] What is the role of the random input r? To ensure that a given message does not always encrypt to the same ciphertext. (b) [2 marks] What is the role of the k 1 -bit input string in s consisting of k 1 zeros? To prevent chosen ciphertext attacks by introducing redundancy into the message. Upon decryption, a message is rejected if the prescribed redundancy is not present. (c) [2 marks] Suppose SHA-256 is used to implement the functions G and H. Does this SHA-256 based implementation of RSA-OAEP achieve plaintext awareness? Justify your answer. No. The analysis of OAEP assumes that the functions G and H are random, and SHA- 256 is not random.
12 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 12 of [10 marks] RSA as a signature scheme Suppose Alice s public RSA key is (e, n), her private RSA key is d, and she wishes to deploy RSA as a signature scheme. (a) [2 marks] Explain how Alice can use RSA in combination with a cryptographic hash function H : {0, 1} Z n to sign any message M {0, 1}. Signature to M is S H(M) d (mod n), S Z n. (b) [2 marks] Explain how anyone can verify an RSA signature S to a given message M. Compute S e (mod n) and H(M). If they match, the signature is accepted as valid. (c) [3 marks] Suppose Alice does not hash her messages before generating signatures. Explain how an adversary Eve can commit existential forgery against Alice. Eve generates a random S Z n and computes M S e (mod N). She sends the message M with signature S to Bob. Bob verifies by computing S e (mod n) and comparing the result with M. Since they match, he accepts the signature as coming from Alice. (d) [3 marks] Suppose Eve manages to find φ(n). Explain how she can factor n. n = pq and φ(n) = (p 1)(q 1) = n p n/p + 1, so p 2 (n + 1 φ(n))p + n = 0. This is a quadratic equation in p which can be solved for p using the quadratic formula; the second solution is q. p q } = n + 1 φ(n) 2 (n ) + 1 φ(n) 2 ± n. 2
13 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 13 of [14 marks] ElGamal Public Key Cryptosystem Recall that for the ElGamal public key cryptosystem, Alice produces her public and private keys as follows: 1. Selects a large prime p and a primitive root g of p. 2. Randomly selects x such that 0 < x < p 1 and computes y g x (mod p). 3. Alice s public key is (p, g, y); her private key is x. Bob encrypts a message M Z p intended for Alice as follows: 1. Obtains Alice s public key (p, g, y). 2. Selects a random integer k with 0 < k < p Computes C 1 g k (mod p), 0 C 1 < p. 4. Computes C 2 y k M (mod p), 0 < C 2 < p. 5. Sends the ciphertext (C 1, C 2 ). Alice decrypts the ciphertext (C 1, C 2 ) with her private key x by computing C 2 (mod p). C p 1 x 1 (a) [3 marks] Carefully prove that the decryption is correct, i.e. that C 2 C p 1 x 1 M (mod p). Show all your work. C 2 C p 1 x 1 (My k )(C p 1 x 1 ) (Mg xk )(g k(p 1 x) ) Mg xk+k(p 1) kx M(g p 1 ) k M (mod p), where the last congruence follows from g p 1 1 (mod p). (b) Suppose Alice selects p = 11, g = 2 and x = 9. i. [2 marks] Use the primitive root test to verify that 2 is a primitive root of 11. Show your work. 2 (11 1)/ (mod 11) 2 (11 1)/ (mod 11) ii. [3 marks] Use the binary exponentiation algorithm to compute Alice s public key. Show your work. Solutions not using binary exponentiation will get no credit. 9 = (1001) 2 r 0 = 2 r 1 = 2 2 = 4 r 2 = 4 2 = 5 y r (mod 11) Alice s full public key is (11, 2, 6).
14 CPSC/PMAT 418 (L01) Introduction to Cryptography Fall 2017 Page 14 of 14 (ElGamal Public Key Cryptosystem, cont d) (c) Bob might be tempted to use the same random number k for repeated encryptions rather than generating a random k for each new ciphertext. That way, he can pre-compute and store the first component C 1 of the ciphertext (C 1, C 2 ), thereby speeding up encryption significantly. Suppose Eve intercepts a ciphertext (C 1, C 2 ) that is the encryption of some plaintext M with Alice s public key; she wants to find M. She has previously obtained a plaintext M and its encryption (C 1, C 2 ) under Alice s public key. Eve also knows that the same k value was used for both encryptions (but she does not know this value k). i. [1 mark] What kind of attack is this (ciphertext only, known plaintext, chosen plaintext, chosen ciphertext)? Known plaintext attack. ii. [2 marks] Carefully explain how Eve can find y k (mod p). She first finds the inverse of M (mod p) and then computes y k C 2(M ) 1 (mod p) iii. [2 marks] Carefully explain how Eve can find M. She first finds the inverse of y k (mod p) and then computes M C 2 y k (mod p) iv. [1 mark] Which number theoretic algorithm does Eve use in her attack described in parts (c) (ii) and (iii)? Just state the name, no need to explain the algorithm. Extended Euclidean Algorithm / Modular Inversion End of Solution Key RS / rs
RSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationThe most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who
1 The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who exchange messages from any third party. However, it does
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationStudy Guide to Mideterm Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #7 Professor M. J. Fischer February 20, 2012 Study Guide to Mideterm Exam For the exam, you are responsible
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationIntroduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationPublic-key encipherment concept
Date: onday, October 21, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on Public Key Cryptography Public-key encipherment concept Each user in a secure communication
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lectures 16, 17: Security of RSA El Gamal Cryptosystem Announcement Final exam will be on May 11, 2015 between 11:30am 2:00pm in FMH 319 http://www.njit.edu/registrar/exams/finalexams.php
More informationPublic Key Algorithms
Public Key Algorithms CS 472 Spring 13 Lecture 6 Mohammad Almalag 2/19/2013 Public Key Algorithms - Introduction Public key algorithms are a motley crew, how? All hash algorithms do the same thing: Take
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationDigital Signatures. Luke Anderson. 7 th April University Of Sydney.
Digital Signatures Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Digital Signatures 1.1 Background 1.2 Basic Operation 1.3 Attack Models Replay Naïve RSA 2. PKCS#1
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationOther Topics in Cryptography. Truong Tuan Anh
Other Topics in Cryptography Truong Tuan Anh 2 Outline Public-key cryptosystem Cryptographic hash functions Signature schemes Public-Key Cryptography Truong Tuan Anh CSE-HCMUT 4 Outline Public-key cryptosystem
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationECE 646 Fall 2009 Final Exam December 15, Multiple-choice test
ECE 646 Fall 2009 Final Exam December 15, 2009 Multiple-choice test 1. (1 pt) Parallel processing can be used to speed up the following cryptographic transformations (please note that multiple answers
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More informationPart VI. Public-key cryptography
Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel
More informationTuesday, January 17, 17. Crypto - mini lecture 1
Crypto - mini lecture 1 Cryptography Symmetric key cryptography (secret key crypto): sender and receiver keys identical Asymmetric key cryptography (public key crypto): encryption key public, decryption
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationSolutions to exam in Cryptography December 17, 2013
CHALMERS TEKNISKA HÖGSKOLA Datavetenskap Daniel Hedin DIT250/TDA351 Solutions to exam in Cryptography December 17, 2013 Hash functions 1. A cryptographic hash function is a deterministic function that
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationCS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.
CS 393 - Network Security Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA. Course Logistics Homework 2 revised. Due next Tuesday midnight. 2/26,28/02 Module 7 - Pubic Key Crypto
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 8 September 28, 2015 CPSC 467, Lecture 8 1/44 Chaining Modes Block chaining modes Extending chaining modes to bytes Public-key Cryptography
More informationDigital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2
Digital Signatures KG November 3, 2017 Contents 1 Introduction 1 2 Digital Signatures 2 3 Hash Functions 3 3.1 Attacks.................................... 4 3.2 Compression Functions............................
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationHomework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING
UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING ENEE 457 Computer Systems Security Instructor: Charalampos Papamanthou Homework 2 Out: 09/23/16 Due: 09/30/16 11:59pm Instructions
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 6 Introduction to Public-Key Cryptography ver. November 18, 2010 These
More informationCS669 Network Security
UNIT II PUBLIC KEY ENCRYPTION Uniqueness Number Theory concepts Primality Modular Arithmetic Fermet & Euler Theorem Euclid Algorithm RSA Elliptic Curve Cryptography Diffie Hellman Key Exchange Uniqueness
More informationn-bit Output Feedback
n-bit Output Feedback Cryptography IV Encrypt Encrypt Encrypt P 1 P 2 P 3 C 1 C 2 C 3 Steven M. Bellovin September 16, 2006 1 Properties of Output Feedback Mode No error propagation Active attacker can
More informationIntroduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information
1 Introduction Cryptography is an interdisciplinary field of great practical importance. The subfield of public key cryptography has notable applications, such as digital signatures. The security of a
More informationAppendix A: Introduction to cryptographic algorithms and protocols
Security and Cooperation in Wireless Networks http://secowinet.epfl.ch/ Appendix A: Introduction to cryptographic algorithms and protocols 2007 Levente Buttyán and Jean-Pierre Hubaux symmetric and asymmetric
More informationPublic Key Cryptography and RSA
Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 7 January 30, 2012 CPSC 467b, Lecture 7 1/44 Public-key cryptography RSA Factoring Assumption Computing with Big Numbers Fast Exponentiation
More informationRSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.
RSA (material drawn from Avi Kak (kak@purdue.edu) Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto. protocols The RSA algorithm is based on the following property
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationHomomorphic Encryption
Homomorphic Encryption Travis Mayberry Cloud Computing Cloud Computing Cloud Computing Cloud Computing Cloud Computing Northeastern saves money on infrastructure and gets the benefit of redundancy and
More informationASYMMETRIC CRYPTOGRAPHY
ASYMMETRIC CRYPTOGRAPHY CONTENT: 1. Number Theory 2. One Way Function 3. Hash Function 4. Digital Signature 5. RSA (Rivest-Shamir Adleman) References: 1. Applied Cryptography, Bruce Schneier 2. Cryptography
More information10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem
[Part 2] Asymmetric-Key Encipherment Asymmetric-Key Cryptography To distinguish between two cryptosystems: symmetric-key and asymmetric-key; To discuss the RSA cryptosystem; To introduce the usage of asymmetric-key
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Misconceptions Concerning Public-Key Encryption Public-key encryption is more secure from
More informationPublic Key Cryptography
Public Key Cryptography Giuseppe F. Italiano Universita` di Roma Tor Vergata italiano@disp.uniroma2.it Motivation Until early 70s, cryptography was mostly owned by government and military Symmetric cryptography
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationSymmetric Encryption 2: Integrity
http://wwmsite.wpengine.com/wp-content/uploads/2011/12/integrity-lion-300x222.jpg Symmetric Encryption 2: Integrity With material from Dave Levin, Jon Katz, David Brumley 1 Summing up (so far) Computational
More informationIntroduction to Cryptography and Security Mechanisms. Abdul Hameed
Introduction to Cryptography and Security Mechanisms Abdul Hameed http://informationtechnology.pk Before we start 3 Quiz 1 From a security perspective, rather than an efficiency perspective, which of the
More informationINDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator EXAMINATION ( End Semester ) SEMESTER ( Spring ) Roll Number Section Name Subject Number C S 6 0 0 8 8 Subject Name Foundations
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationINDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator EXAMINATION ( Mid Semester ) SEMESTER ( Spring ) Roll Number Section Name Subject Number C S 6 0 0 8 8 Subject Name Foundations
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Problem 1 True or False (10 points) Circle True or False. Do not justify your answer. (a) True or False : It is safe (IND-CPA-secure) to encrypt
More informationUnit 8 Review. Secure your network! CS144, Stanford University
Unit 8 Review Secure your network! 1 Basic Problem Internet To first approximation, attackers control the network Can snoop, replay, suppress, send How do we defend against this? Communicate securely despite
More informationCryptographic protocols
Cryptographic protocols Lecture 3: Zero-knowledge protocols for identification 6/16/03 (c) Jussipekka Leiwo www.ialan.com Overview of ZK Asymmetric identification techniques that do not rely on digital
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017
Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017 Name : TU/e student number : Exercise 1 2 3 4 5 6 total points Notes: Please hand in this sheet at the end of the exam.
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 10 Digital Signatures Israel Koren ECE597/697 Koren Part.10.1 Content of this part
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 7 February 5, 2013 CPSC 467b, Lecture 7 1/45 Stream cipher from block cipher Review of OFB and CFB chaining modes Extending chaining
More informationSymmetric Encryption
Symmetric Encryption Ahmed Y. Banihammd & Ihsan, ALTUNDAG Mon November 5, 2007 Advanced Cryptography 1st Semester 2007-2008 University Joseph Fourrier, Verimag Master Of Information Security And Coding
More informationRSA (algorithm) History
RSA (algorithm) RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard
More informationAlgorithms (III) Yijia Chen Shanghai Jiaotong University
Algorithms (III) Yijia Chen Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationAlgorithms (III) Yu Yu. Shanghai Jiaotong University
Algorithms (III) Yu Yu Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the assumed
More informationA SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS
A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationMath236 Discrete Maths with Applications
Math236 Discrete Maths with Applications P. Ittmann UKZN, Pietermaritzburg Semester 1, 2012 Ittmann (UKZN PMB) Math236 2012 1 / 33 Key size in RSA The security of the RSA system is dependent on the diculty
More informationBlum-Blum-Shub cryptosystem and generator. Blum-Blum-Shub cryptosystem and generator
BBS encryption scheme A prime p is called a Blum prime if p mod 4 = 3. ALGORITHM Alice, the recipient, makes her BBS key as follows: BBS encryption scheme A prime p is called a Blum prime if p mod 4 =
More informationPublic-Key Cryptanalysis
http://www.di.ens.fr/ pnguyen INRIA and École normale supérieure, Paris, France MPRI, 2010 Outline 1 Introduction Asymmetric Cryptology Course Overview 2 Textbook RSA 3 Euclid s Algorithm Applications
More informationDigital Signature. Raj Jain
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationChannel Coding and Cryptography Part II: Introduction to Cryptography
Channel Coding and Cryptography Part II: Introduction to Cryptography Prof. Dr.-Ing. habil. Andreas Ahrens Communications Signal Processing Group, University of Technology, Business and Design Email: andreas.ahrens@hs-wismar.de
More informationAnalysis, demands, and properties of pseudorandom number generators
Analysis, demands, and properties of pseudorandom number generators Jan Krhovják Department of Computer Systems and Communications Faculty of Informatics, Masaryk University Brno, Czech Republic Jan Krhovják
More informationISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)
Outline ISA 662 Internet Security Protocols Some Math Essentials & History Asymmetric signatures and key exchange Asymmetric encryption Symmetric MACs Lecture 2 ISA 662 1 2 Beauty of Mathematics Demonstration
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationSome Stuff About Crypto
Some Stuff About Crypto Adrian Frith Laboratory of Foundational Aspects of Computer Science Department of Mathematics and Applied Mathematics University of Cape Town This work is licensed under a Creative
More informationDigital Signatures 1
Digital Signatures 1 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants of the ElGamal Signature Scheme The Digital Signature Algorithm
More information