CIS4360 Final
The ElGamal encryption scheme is based on the Diffie-Hellman key exchange. If q is the common modulus and α is a generator, then the public key of Alice is ( Ya, q, alpha) , where Ya = alpha^Xa mod q, Xa in Zq and the private key is: (Xa, q) . To encrypt a message m , 0 < m < q , Bob computes C1=alpha^k(mod q), k in Zq, and C2= Ya^k * m (mod q). Show how this is down for the special case: q=11, alpha=2, Xa=3, k=2, m=6. What is the encryption (C1,C2) of message m=6?
(4, 10)
The ElGamal encryption scheme is based on the Diffie-Hellman key exchange. If q is the common modulus and α is a generator, then the public key of Alice is ( Ya, q, alpha) , where Ya = alpha^Xa mod q, Xa in Zq and the private key is: (Xa, q, alpha) . To encrypt a message m , 0 < m < q , Bob computes C1=alpha^k(mod q), k in Zq, and C2= Ya^k * m (mod q). Show how this is down for the special case: q=11, alpha=2, Xa=3, k=2, m=6. What is the public key Ya of Alice?
(8, 11, 2)
In the example in class for CDMA the spreading factor for the two senders were (1,-1), (1,1), respectively. These were orthogonal. This means: 1. (1, -1) XNOR (1, 1) = (1 * 1 + (-1) * 1) = 0 2. (1, -1) XNOR (1, 1) = (1 + (-1))) * (1 + 1) = 0 Which one captures better orthogonality?
1
Perform encryption using the RSA algorithm given that: p = 3 , q = 11 , e = 7 , M = 5 For these values, the ciphertext C is:
14
Cipher based MAC: CMAC (an early version based on the Data Authentication Algorithm) For an AES application with 128 bit key. Let the message M be divided into n blocks of length 128 bits: M1, M2, ..., Mn. CMAC(M) is defined as follows: C1 = AES(K, M1) Ci = AES(K, Mi XOR Ci-1), i = 2, ..., n. Then CMAC(M) = Cn, (or the s leftmost bits of Cn if shorter digests are required). The CMAC of the 128 bit block m1 is
AES(K, M1)
Cipher based MAC: CMAC (an early version based on the Data Authentication Algorithm) For an AES application with 128 bit key. Let the message M consist of two 128 bit blocks: M1, M2, where M2 = M1 XOR C1, where C1 = AES(K, M1). Then CMAC(M) = AES(K, M2 XOR C1) is:
AES(K, M1)
For the RSA parameters: p = 5, q = 11, e = 3, find the encryption of M = 9 and the decryption key d.
C=14, d=7
For n=73×151=11023 and e=11 and M=2222 compute the corresponding ciphertext C. Then compute C^d mod n for the values d=491 and d=5891. These values are:
C=7302, 2222, 2222
If ">" means "more efficient" then which one of the following is true?
CDMA > TDMA > FDMA
In the example in class for CDMA the spreading factor for the two senders were (1,-1), (1,1), respectively. The peaks of the combined signal where twice those of the senders' signals
True
It is possible to authenticate a message without sharing a secret key?
True
Let F be a hash'' function that compresses b+n bits to n bits. If F is collision-resistant, then the Merkle-Damgard chain such compression functions is also collision resitant.
True
Let F be a hash'' function that compresses b+n bits to n bits. If F is one-way (pre-image resistant), then the Merkle-Damgard chain such compression functions is also con-way.
True
Long Term Evolution (LTE) and LTE Advanced (LTE-A) and essentially 4G technologies.
True
SHA-512 always uses padding (even if the message is 1,024 bits long).
True
SHA-512 has block-size 1,024 bits. This means that it processes blocks of size 1,024 bits.
True
SHA-512 has message digest size 512 bits. This means that the size of its hashes is 512 bits.
True
SHA3 uses a sponge construction
True
The one-way property of a cryptographic hash function H requires that for any pre-specified hash value y it is computationally infeasible to find a value x such that y = H ( x ) (in other words to "invert" H ).
True
The parameters of SHA-256 are: message digest size = 256 bits, block size = 512 bits
True
Find the decryption key of the RSA algorithm given that p = 3 , q = 11 , e = 7.
d=3
Keyed cryptographic hash functions can be MACs or digital signatures. The difference is due to:
different kind of keys being used
Pick the odd one out. Message authentication addresses the following types of attack (pick only one that is a bad fit)
disclosure of message contents
We defined the public key protocol RSA using the Carmichae lambda(n) function as the exponent modulus instead of the Euler totient function phi(n) that our textbook, and several others, use. This raises two questions. is lambda the smallest exponent modulus for RSA, and given the encrypt exponent e and the modulus n is the decrypt exponent d unique? In this Quiz we will investigate the latter. In the example in the textbook, and also on Slide 21 of Ch 9, we consider an RSA instance with n=73×151=11023 and e=11. We shall use this instance to solve the uniqueness of exponent d problem, in the following six questions (use the PLANETCALC calculator (https://planetcalc.com/8326/Links to an external site.) for modular calculations). What is lambda(n) and phi(n)?
1800 and 10800
The birthday attack: To find a collision of a (one-way) cryptographic hash function H with m-bit digests with a probability better than 50% you need to compute X (independent) hash values. What is X?
2^(m/2)
SHA-512, aka SHA2-512, processes data in 1,024 bits blocks and has a 512 bit digest. In a brute force attack to get a collision with 50-50 chance of success we need to compute:
2^256 hashes
Alice and Bob use the Diffie-Hellman key exchange with common prime q=11 and generator alpha=2 . If the private key of Bob is Xb=8 and Alice's public key is Ya=2 then what is the Diffie-Hellman exchanged key ?
3
We defined the public key protocol RSA using the Carmichael lambda(n) function as the exponent modulus instead of the Euler totient function phi(n) that our textbook, and several others, use. This raises two questions. is lambda the smallest exponent modulus for RSA and, given the encrypt exponent e and the modulus n is the decrypt exponent d unique? In this Quiz, we will investigate the latter. In the example in the textbook, and also on Slide 21 of Ch 9, we consider an RSA instance with n=73×151=11023 and e=11. We shall use this instance to solve the uniqueness of the exponent d problem, in the following six questions: use the PLANETCALC calculator https://planetcalc.com/8326/Links to an external site. for modular calculations. What is d given the values of n, e and lambda(n) (use PLANETCALC to compute 1/e modulo lambda(n), for the computed value of lambda(n) and the given value of e ).
491
We defined the public key protocol RSA using the Carmichael lambda(n) function as the exponent modulus instead of the Euler totient function phi(n) that our textbook, and several others, use. This raises two questions. is lambda the smallest exponent modulus for RSA and, given the encrypt exponent e and the modulus n is the decrypt exponent d unique? In this Quiz, we will investigate the latter. In the example in the textbook, and also on Slide 21 of Ch 9, we consider an RSA instance with n=73×151=11023 and e=11. We shall use this instance to solve the uniqueness of the exponent d problem, in the following six questions: use the PLANETCALC calculator https://planetcalc.com/8326/Links to an external site. for modular calculations. What is d given the values of n,e and phi(n) (use PLANETCALC to compute 1/e modulo phi(n) for the computed value of phi(n) and the given value of e ).
5891
SHA-512 (aka SHA2-512, with block-size 1,024 bits, and 512 bit digest) processes each 1,024 bit message block Mi in r rounds A message schedule for Mi is used to generate r 64-bit strings Wj that are then combined with the corresponding bit strings of the previous round to get the input for the next round. How much is r (the number of rounds) ?
80
SHA3-512 also uses padding and a 128-bit string whose value is the number of message blocks to be hashed, except that in this case the padding is 10⋯01, where the number of zeroes is k≥0. If the message is 1,024-bits long, (a) what is the value of the the 128-bit string (the number of blocks to be hashed) and (b) the value of k ?
894
Suppose that SHA-512 is used to hash a 1,024-bit message. Padding must be added as well the block-length of the message. Padding consists of a bitstring with a bit 1 followed by k≥0 zeroes, and the block-length of the message is a 128-bit string whose value is the number of message blocks that will be hashed --in this case the number is 2 (two 1,024 blocks are used). How much is k?
895
Alice and Bob use the Diffie-Hellman key exchange with common prime q=11 and generator alpha=2 . If the private key of Alice is Xalpha=6 then what is her public key Yalpha ?
9
Cipher based MAC: CMAC (an early version based on the Data Authentication Algorithm), was defined last Friday as follows: For an AES application with 128 bit key. Let the message M be divided into n blocks of length 128 bits: M1, m2, ..., Mn. CMAC(M) is defined as follows: C1 = AES(K, M1) Ci = AES(K, Mi XOR Ci-1), i = 2, ..., n. Then CMAC(M) = Cn, (or the s leftmost bits of Cn if shorter digests are required). However in class we saw that we get collisions with this definition. To fix this we defined the last term Cn as:
Cn = AES(K, Mn XOR Cn-1 XOR K)
A brute force attack on a MAC with 128-bit digest requires 2^128 attempts to find a collision with better than 50-50 chance of success.
False
A hash function is a fanction that maps a message of any lenght into a fixed-length value that serves as an authenticator.
False
Digital signatures are symmetric key cryptosystems
False
Given modulus n and encrypt exponent e, is there a unique decrypt exponent d such that (M^e)^d=M(mod n) for any plaintext M ?
False
HMAC(K, M) = H[(K^+ XOR opad) || (H^+ XOR ipad) || M] ipad is the byte 0101110 ()x5C) and opad is the byte 00110110 (0x36)
False
The Global System for Mobile Communication (GSM) is 3G technology
False
The collision-free property of a cryptographic hash function H requires that it is easy (computationally feasible) to find a pair x , y , x ≠ y , such that H ( x ) = H ( y ) .
False
The encryption of the hashed value of a message with a shared secret key serves as a digital signature.
False
A digital signature must be a bit pattern that depends on the message being signed.
True
A message authentication code (MAC) is a function that takes as input a key K and a message M and outputs a fixed-length value.
True
HMAC(K, M) = H[(K^+ XOR opad) || (H^+ XOR ipad) || M]
True
HMAC(K, M) = H[(K^+ XOR opad) || (H^+ XOR ipad) || M] K^+ is the key K padded with zeros on the right to get b bits
True
If a message is signed twice, at time t1 and at time t2, it is important that the digital signatures are different
True
The birthday problem: In a classroom with X students, there is a 50-50 chance that at least two students will have the same birthday. What is the smallest value of X?
X = 23
A hash function H that is one-way and collision-free is called a cryptographic hash function. A Message Authentication Code (MAC) is: 1. a cryptographic hash function. 2. a keyed cryptographic hash function.
a keyed cryptographic hash function.
What is the difference between a message authentication code (MAC) and a one-way hash function?
a message authentication code uses a secret key whereas a one-way hash function does not use a secret key.
We defined the public key protocol RSA using the Carmichael lambda(n) function as the exponent modulus instead of the Euler totient function phi(n) that our textbook, and several others, use. This raises two questions. is lambda the smallest exponent modulus for RSA and, given the encrypt exponent e and the modulus n is the decrypt exponent d unique? In this Quiz, we will investigate the latter. In the example in the textbook, and also on Slide 21 of Ch 9, we consider an RSA instance with n=73×151=11023 and e=11. We shall use this instance to solve the uniqueness of the exponent d problem, in the following six questions: use the PLANETCALC calculator https://planetcalc.com/8326/Links to an external site. for modular calculations. What is the relation between phi(n) and lambda(n) ?
six times larger
