辅导案例-COMP90043

欢迎使用51辅导,51作业君孵化低价透明的学长辅导平台,服务保持优质,平均费用压低50%以上! 51fudao.top
The University of Melbourne
School of Computing and Information Systems
COMP90043 Cryptography and Security
Assignment 2, Semester 2 2019
Due Date: October 8, 23:59
Objectives
To improve your understanding of RSA, hash functions, MAC and key distribution.
To develop problem-solving and design skills. To improve written communication skills.
Questions
1. [18 marks] Professor Parampalli selected two large prime numbers p and q. He decided
to generate three pairs of RSA keys (with different e being relatively prime to each
other, and corresponding d) for his tutors, using the same p and q. He destroyed both
p and q immediately after generating the following keys:
Ge: < n, eG >, < n, dG >
Jiajia: < n, eJ >, < n, dJ >
Zhuohan: < n, eZ >, < n, dZ >
Answer the following questions with detailed justification.
(a) Zhuohan wants to send a message M to both Ge and Jiajia, so he calculates
CG =M
eG mod n and CJ =M eJ mod n. Explain how Lianglu could recover the
message without knowing Ge’s or Jiajia’s private key.
(b) Suppose Lianglu has access to private key for Ge. However, he is only interested in
decrypting messages sent to Zhuohan. Outline a strategy that may help Lianglu
recover Zhuohan’s private key.
2. [17 marks] Consider the following 3-person encryption scheme based on RSA. Lianglu
(can be trusted in this case) generates two large primes p and q, calculates both n
and φ(n). He also chooses k1, k2 and k3 such that GCD(ki, n) = 1 and k1k2k3 ≡
1 mod φ(n). Keys are securely distributed to three other tutors as follows:
Ge: < n, k1, k2 >
Jiajia: < n, k2, k3 >
Zhuohan: < n, k3, k1 >
Answer the following questions.
1
(a) Ge has a message M1 for Jiajia. Give the encryption function for Ge as well as
the decryption function for Jiajia, so that the message won’t be seen by anyone
else.
(b) Jiajia has a message M2 for both Ge and Zhuohan. Give the encryption function
for Jiajia, as well as decryption functions for both Ge and Zhuohan, so that the
message won’t be seen by any other person.
3. [14 marks] An alternative key distribution method suggested by a network vendor is
illustrated in the figure below.
Key Distribution
Center (KDC) Initiator AResponder B
(1) IDa ||
(2) IDa || E(Ka, Na)
|| IDb || E(Kb, Nb)
(3) E(Kb, [Ks || IDa || Nb])
|| E(Ka, [Ks || IDb || Na])
(4) E(Ka, [Ks || IDb || Na])
E(Ka, Na)
(a) Describe the scheme in steps.
(b) Estimate the key storage requirements of both the KDC and users. You may
need to make some appropriate assumptions.
(c) Does this scheme ensure the authenticity of both A and B? Justify your answer.
(d) Could a replay attack be detected in this scheme? If yes, explain which step(s)
could it be identified and how. If no, show how an attacker could perform the
attack.
4. [12 marks] The Diffie-Hellman (DH) key agreement protocol is vulnerable to a man-
in-the-middle attack. Is it possible to secure the key agreement protocol against this
attack by using each of the following primitives? If yes, sketch the method. If no,
give reasons.
(a) Public Key Digital Signatures
(b) Hash functions
(c) Message Authentication Codes (with a prior agreed key)
2
5. [14 marks] Consider the following hash function based on RSA. The key < n, e > is
known to the public. A message M is represented by blocks of predefined fixed size
M1,M2,M3, ...,Mm such that Mi < n. The hash is constructed as: encrypt the first
block, XOR the result with the second block and encrypt again, etc. For example, the
hash value of a message consisting of two blocks is calculated by
H(M) = H(M1,M2) = ((M
e
1 mod n) XOR M2)
e mod n
Does this hash function satisfy each of the following requirements? Justify your an-
swers (with examples if necessary).
(a) Variable input size
(b) Fixed output size
(c) Efficiency (easy to calculate)
(d) Preimage resistant
(e) Second preimage resistant
(f) Collision resistant
3
Submission and Evaluation
• You must submit a PDF document via the COMP90043 Assignment 2 Turnitin sub-
mission form on LMS by the due date. Handwritten, scanned images, and/or Microsoft
Word submissions are not acceptable — if you use Word, create a PDF version for
submission.
• Late submission will be possible, but a late submission will attract a penalty of 10%
per day (or part thereof).
• This assignment contributes 7.5% of the total marks in this subject. Marks are pri-
marily allocated for correctness, but how clearly you communicate your thinking will
also be taken into account.
• We expect your work to be neat — parts of your submission that are difficult to read
or decipher will be deemed incorrect. Make sure that you have enough time towards
the end of the assignment to present your solutions carefully. Time you put in early
will usually turn out to be more productive than a last-minute effort.
• You are reminded that your submission for this assignment is to be your own individual
work. For many students, discussions with friends will form a natural part of the
undertaking of the assignment work. However, it is still an individual task. You
are welcome to discuss strategies to answer the questions, but not to share the work
(even draft solutions) on social media or discussion board. It is University policy
that cheating by students in any form is not permitted, and that work submitted for
assessment purposes must be the independent work of the student concerned.
Please see https://academicintegrity.unimelb.edu.au
If you have any questions, you are welcome to post them on the LMS discussion board
so long as you do not reveal details about your own solutions. You can also email the Head
Tutor, Lianglu Pan ([email protected]) or the Lecturer, Udaya Parampalli
([email protected]). In your message, make sure you include COMP90043 in the
subject header. In the body of your message, include a precise description of the problem.
4
51作业君

Email:51zuoyejun

@gmail.com

添加客服微信: abby12468