Cryptography Reference
In-Depth Information
b.
x
= 17 and
k
E
= 49
c.
x
= 85 and
k
E
= 77
2. You receive two alleged messages
x
1
,
x
2
with their corresponding signatures
(
r
i
,
s
i
) from Bob. Verify whether the messages (
x
1
,
r
1
,
s
1
)=(22
,
37
,
33) and
(
x
2
,
r
2
,
s
2
)=(82
,
13
,
65) both originate from Bob.
3. Compare the RSA signature scheme with the Elgamal signature scheme. Where
are their relative advantages and drawbacks?
10.11.
Given is an Elgamal signature scheme with
p
= 31,
α
= 3 and
β
= 6. You
receive the message
x
= 10 twice with the signatures (
r
,
s
):
(
i
)(17
,
5)
(
ii
)(13
,
15)
1. Are both signatures valid?
2. How many valid signatures are there for each message
x
and the specific param-
eters chosen above?
10.12.
Given is an Elgamal signature scheme with the public parameters (
p
=
97
,
= 15). Show how Oscar can perform an existential forgery attack
by providing an example for a valid signature.
α
= 23
,
β
10.13.
Given is an Elgamal signature scheme with the public parameters
p
,
α
∈
Z
p
and an unknown private key
d
. Due to faulty implementation, the following
dependency between two consecutive ephemeral keys is fulfilled:
k
E
i
+1
=
k
E
i
+ 1
.
Furthermore, two consecutive signatures to the plaintexts
x
1
and
x
2
(
r
1
,
s
1
)
and
(
r
2
,
s
2
)
are given. Explain how an attacker is able to calculate the private key with the given
values.
10.14.
The parameters of DSA are given by
p
= 59
,
q
= 29
,
= 3, and Bob's pri-
vate key is
d
= 23. Show the process of signing (Bob) and verification (Alice) for
following hash values
h
(
x
) and ephemeral keys
k
E
:
1.
h
(
x
)=17
,
k
E
= 25
2.
h
(
x
)=2
,
k
E
= 13
3.
h
(
x
)=21
,
k
E
= 8
α
10.15.
Show how DSA can be attacked if the same ephemeral key is used to sign
two different messages.