From Cryptography to Communication Security - A Classical Introduction to Cryptography: Applications for Communications Security

Cryptography Reference

In-Depth Information

in order to avoid it), so depending on how secure an application should be, users really

need to authenticate their public keys accordingly.

Also, a key may eventually get compromised (for instance if a pass phrase is

intercepted when typing it), and key revocation is ad hoc based. When one wants to

revoke his key, he must broadcast a revocation message to any potential user of his

public key. Indeed, no central revocation list is available for the same reasons. Of

course, one can set up an authority for certification and revocation of PGP keys, but

PGP was not done for that and careless users will naturally bypass this feature.

For these reasons PGP is mostly used for small fixed communities in an ad hoc

way.

12.5

Exercises

Exercise 12.1. RC5-CBC-PAD is specified in the informative Internet document

RFC 2040. It describes how to pad digital messages (represented as a sequence of

bytes) in order to be encrypted via block cipher RC5 in CBC mode. Here is how it

works.

Take the message x 1 ,...,

x as a sequence of

bytes.

Take an integer p such that

+

p is a multiple of 8 and that 1

≤

p

≤

8 .

Let x i =

p for i

= +

1

,..., +

p.

Take the byte sequence x 1 ,...,

x + p and rewrite it as a block sequence

.

Encrypt the block sequence via RC5 in CBC mode, and obtain the encrypted

message C 1 ,...,

B 1 ,...,

B + p

8

C + 8 .

1. Show that p is essentially unique and express its value with a mathematical

formula.

2. Explain how the C i are computed.

3. We assume that the receiver of the encrypted message first decrypts in CBC

mode, then checks if the padding is correct, and finally extracts the clear text.

Carefully explain how all this is performed (for instance by writing a computer

program).

4. Given a ciphertext y

( y ) be equal to 1 if the padding

check is correct after the RC5-CBC decryption or equal to 0 otherwise. By

using subroutine calls to the

=

( C 1 ,...,

C n ) , let

O

oracle, write a program which given a block

C computes RC5 − 1 ( C ) .

Hint: Submit ciphertexts with the form ( R

C ) for a carefully chosen block R.

5. By using the previous question show how to decrypt any message by having

access to

,

only.

6. In order to fix the scheme, we decide to encrypt twice with RC5 in CBC

mode. Namely, we add an extra step in the previous scheme by re-encrypting

C 1 ,...,

O

in CBC mode and obtaining C 1 ,...,

C + p

8

. Make a picture of

the encryption scheme. Show that a similar attack holds: we can still decrypt

C + p

8

A Classical Introduction to Cryptography: Applications for Communications Security

Search WWH ::

Custom Search

Home