Cryptography Reference
In-Depth Information
8.11.
In this chapter, we saw that the Diffie-Hellman protocol is as secure as the
Diffie-Hellman problem which is probably as hard as the DL problem in the group
Z
p
. However, this only holds for passive attacks, i.e., if Oscar is only capable
of eavesdropping. If Oscar can manipulate messages between Alice and Bob, the
key agreement protocol can easily be broken! Develop an active attack against the
Diffie-Hellman key agreement protocol with Oscar being the man in the middle.
Z
p
by exhaustive
8.12.
Write a program which computes the discrete logarithm in
search. The input parameters for your program are
p
,
α
,
β
. The program computes
x
mod
p
.
Compute the solution to log
106
12375 in
x
where
β
=
α
Z
24691
.
8.13.
Encrypt the following messages with the Elgamal scheme (
p
= 467 and
α
=
2):
1.
k
pr
=
d
= 105,
i
= 213,
x
= 33
2.
k
pr
=
d
= 105,
i
= 123,
x
= 33
3.
k
pr
=
d
= 300,
i
= 45,
x
= 248
4.
k
pr
=
d
= 300,
i
= 47,
x
= 248
Now decrypt every ciphertext and show all steps.
8.14.
Assume Bob sends an Elgamal encrypted message to Alice. Wrongly, Bob
uses the same parameter
i
for all messages. Moreover, we know that each of Bob's
cleartexts start with the number
x
1
= 21 (Bob's ID). We now obtain the following
ciphertexts
(
k
E
,
1
= 6
,
y
1
= 17)
,
(
k
E
,
2
= 6
,
y
2
= 25)
.
The Elgamal parameters are
p
= 31
,
α
= 3
,
β
= 18. Determine the second plaintext
x
2
.
8.15.
Given is an Elgamal crypto system. Bob tries to be especially smart and
chooses the following pseudorandom generator to compute new
i
values:
i
j
=
i
j
−
1
+
f
(
j
)
,
1
≤
j
(8.5)
where
f
(
j
) is a “complicated” but known pseudorandom function (for instance,
f
(
j
)
could be a cryptographic hash function such as SHA or RIPE-MD160).
i
0
is a true
random number that is not known to Oscar.
Bob encrypts
n
messages
x
j
as follows:
i
j
k
E
j
=
α
mod
p
,
i
j
y
j
=
x
j
·
β
mod
p
,
