Appendix G: Exercises - Codes: The Guide to Secrecy from Ancient to Modern Times

Cryptography Reference

In-Depth Information

Alice computes m j = f − 1 ( r j ), and sends the values x j = m j ⊕

2.

s j

(where

⊕

is the mod 2 addition of the bitstrings), for j =1 , 2 ,..., ,

to Bob.

3. Bob knows m k = f − 1 ( f ( r k )) = r k , so Bob can compute m k ⊕

x k = s k .

Show that Bob cannot compute s j for j

= k . Explain how Bob can cheat

Alice by altering his computation of c j in step 1.

5.2. Explain how Kerberos (see pages 196 and 197), is vulnerable with respect

to (1) host security; (2) Carol's password (encryption keys); and (3) o^ine

attacks on Carol's ticket.

5.3. Show how the three-way authentication protocol described on page 198

would be vulnerable to the man-in-the middle attack (see Footnote 3.7 on

page 134), if the DSS is not employed. In other words, if signatures are

not employed, show how Mallory can impersonate Alice and successfully

convince Bob that he is talking to her.

In Exercises 5.4-5.7, use the Fiege-Fiat Shamir identification protocol pre-

sented on pages 202 and 203 to show that Bob should accept Alice's proof,

given the parameters in each case.

5.4. Let p = 523

1637 = 856151, s A =5, a = 2, and assume that in round

1, Alice selects m = 651, and Bob chooses c = 0, while in round 2, Alice

picks m = 1516 and Bob selects c =0.

·

5.5. Let p = 613

2281 = 1398253, s A =7, a = 2, and assume that in round

1, Alice selects m = 3291, and Bob chooses c = 1, while in round 2, Alice

picks m = 1923 and Bob selects c =1.

·

5.6.

2557 = 1889623, s A = 25, a = 3, and assume that in

round 1, Alice selects m = 3681, and Bob chooses c = 1; in round 2, Alice

picks m = 111 and Bob selects c = 0; and in the third round Alice picks

m = 38888 and Bob chooses c =1.

Let p = 739

·

5.7.

3323 = 2847811, s A = 49, a = 3, and assume that in

round 1, Alice selects m = 333, and Bob chooses c = 1; in round 2, Alice

picks m = 723 and Bob selects c = 1; and in the third round Alice picks

m = 111111 and Bob chooses c =1.

Let p = 857

·

In Exercises 5.8-5.11, employ the Schnorr identification protocol delineated

on page 205 to show that Bob should accept Alice's identity. As usual,

the parameters are artificially small to make computation reasonable. In

other words, we are not choosing p

40 , for

instance. We will assume that all certificates and signature verifications

have taken place. All that is required is the calculation of the commitment,

the response, and the verification as outlined in steps 1-4 of the protocol

given on the aforementioned page.

≥

2 1024 ,or q> 2 t with t

≥

Codes: The Guide to Secrecy from Ancient to Modern Times

Search WWH ::

Custom Search

Home