Cryptography Reference
In-Depth Information
2. We assume that an attacker will be able to find a DES key in 10 minutes using
a brute-force attack. Note that this is a somewhat optimistic assumption from an
attacker's point of view, but we want to provide some medium-term security by
assuming increasingly faster key searches in the future.
How frequently must a key be derived if the goal is to prevent an offline decryp-
tion of a 2-hour movie in less than 30 days?
13.10.
We consider a system in which a key
k
AB
is established using the Diffie-
Hellman key exchange protocol, and the encryption keys
k
(
i
)
are then derived by
computing:
k
(
i
)
=
h
(
k
AB
i
)
(13.2)
where
i
is just an integer counter, represented as a 32-bit variable. The values of
i
are public (e.g., the encrypting party always indicates which value for
i
was used
in a header that precedes each ciphertext block). The derived keys are used for the
actual data encryption with a symmetric algorithm. New keys are derived every
60 sec during the communication session.
1. Assume the Diffie-Hellman key exchange is done with a 512-bit prime, and the
encryption algorithm is AES. Why doesn't it make cryptographic sense to use the
key derivation protocol described above? Describe the attack that would require
the least computational effort from Oscar.
2. Assume now that the Diffie-Hellman key exchange is done with a 2048-bit
prime, and the encryption algorithm is DES. Describe in detail what the advan-
tages are that the key derivation scheme offers compared to a system that just
uses the Diffie-Hellman key for DES.
13.11.
We reconsider the Diffie-Hellman key exchange protocol. Assume now that
Oscar runs an active man-in-the-middle attack against the key exchange as explained
in Sect. 13.3.1. For the Diffie-Hellman key exchange, use the parameters
p
= 467,
α
= 2, and
a
= 228,
b
= 57 for Alice and Bob, respectively. Oscar uses the value
o
= 16. Compute the key pairs
k
AO
and
k
BO
(i) the way Oscar computes them, and
(ii) the way Alice and Bob compute them.
13.12.
We consider the Diffie-Hellman key exchange scheme with certificates. We
have a system with the three users Alice, Bob and Charley. The Diffie-Hellman
algorithm uses
p
= 61 and
= 18. The three secret keys are
a
= 11,
b
= 22 and
c
= 33. The three IDs are ID(A)=1, ID(B)=2 and ID(C)=3.
For signature generation, the Elgamal signature scheme is used. We apply the
system parameters
p
= 467,
d
= 127,
α
α
= 2 and
. The CA uses the ephemeral
keys
k
E
= 213, 215 and 217 for Alice's, Bob's and Charley's signatures, respec-
tively. (In practice, the CA should use a better pseudorandom generator to obtain
the
k
E
values.)
To obtain the certificates, the CA computes
x
i
= 4
β
b
i
+ ID(
i
) and uses this value
as input for the signature algorithm. (Given
x
i
,ID(
i
) follows then from ID(
i
)
×
≡
x
i
mod 4.)
1. Compute three certificates
Cert
A
,
Cert
B
and
Cert
C
.
