VE475 Introduction to Cryptography Assignment 7 solved

Description

Ex. 1 — Cramer-Shoup cryptosystem
1. Detail the construction of the Cramer-Shoup cryptosystem.
2. Explain why this cryptosystem is secure even against adapative chosen ciphertext attacks (no
formal proof is required, only some basic explanations).
3. Compare this construction to the Elgamal cryptosystem (highlight the similarities and differences).
Ex. 2 — Simple questions
1. Let p be a prime and α be an integer such that p – α. Explain why h(x) ≡ α
x mod p is not a
good cryptographic hash function.
2. Express b2
30√
ic for i = 2, 3, 5 and 10, in hexadecimal. Compare your results to the constants
Ki
, 0 ≤ i ≤ 79, in SHA-1.
Ex. 3 — Birthday paradox
In this exercise we derive the approximation of the probability of having at least one match in a list of
length r over n possible birthdays.
1. Let f (x) = ln(1 − x) and g(x) = ln(1 − x) + x + x
2
. Study the functions f and g over [0, 1/2]
and conclude that over this interval
−x − x
2 ≤ ln(1 − x) ≤ −x.
2. Prove that if r ≤ n/2 then
−
(r − 1)r
2n
−
r
3
3n
2 ≤
Xr−1
j=1
ln 
1 −
j
n

≤ −
(r − 1)r
2n
.
3. Let λ = r
2/(2n), and suppose λ ≤ n/8. Prove that
e
−λ
e
c1/sqrtn ≤
rY−1
j=1

1 −
j
n

≤ e
−λ
e
c2/sqrtn, where c1 =
r
λ
2
−
(2λ)
3/2
3
and c2 =
r
λ
2
.
4. Prove that when n is large and λ is a constant less than n/8, then
rY−1
j=1

1 −
j
n

≈ e
−λ
.
Ex. 4 — Birthday attack
Suppose we observe 40 licence plates, each ending with a 3-digit number.
1. What is the probability of seeing two plates ending with the same three digits?
2. Assuming we have one ending with 123. What is the probability that one of the 40 license plates
observed has the same 3 last digits?
3. Explain how these results relate to how Alice overcomes the birthday attack in chapter 5.
Ex. 5 — Faster multiple modular exponentiation
Let α, β, a, b and n be five integers. The most obvious strategy for compute α
aβ
b mod n consists in
using the modular exponentiation (Square and Multiply) algorithm (3.38) to compute α
a mod n, and
β
b mod n and then multiply the results mod n.
1. What is the time complexity of this method?
2. Assuming the product αβ is known, rewrite the square and multiply algorithm, such that at most
one multiplication is calculated at each iteration.
3. Suppose a and b are l bits long; how many squaring and multiplications are necessary to compute
α
aβ
b mod n?
4. Implement the two strategies and compare their speed on large numbers.