3.1 Consider a 32-bit hash function defined as the concatenation of two 16-bit functions:
XOR and RXOR, which are defined in Section 3.2 as “two simple hash functions.”
a. Will this checksum detect all errors caused by an odd number of error bits?
Explain.
b. Will this checksum detect all errors caused by an even number of error bits? If
not, characterize the error patterns that will cause the checksum to fail.
c. Comment on the effectiveness of this function for use as a hash function for
authentication. Get this solution
3.2 Suppose H(m) is a collision-resistant hash function that maps a message of arbitrary
bit length into an n-bit hash value. Is it true that, for all messages x, x' with x x', we
have H(x) H(x')? Explain your answer. Get this solution
3.3 State the value of the padding field in SHA-512 if the length of the message is
a. 1919 bits
b. 1920 bits
c. 1921 bits Get this solution
3.4 State the value of the length field in SHA-512 if the length of the message is
a. 1919 bits
b. 1920 bits
c. 1921 bits Get this solution
3.5 a. Consider the following hash function. Messages are in the form of a sequence of Get this solution
Then, add each column mod 26 and add the result to the running total, mod 26. In this
example, the running total is (24, 2, 6, 10). Round 2: Using the matrix from round 1,rotate the first row left by 1, second row left by 2, third row left by 3, and reverse the
order of the fourth row. In our example:
Now, add each column mod 26 and add the result to the running total. The new running
total is (5, 7, 9, 11).This running total is now the input into the first round of the
compression function for the next block of text. After the final block is processed,
convert the final running total to letters. For example, if the message is ABCDE
FGHIJKLMNOP, then the hash is FHJL.
a. Draw figures comparable to Figures 3.4 and 3.5 to depict the overall tth logic and
the compression function logic.
b. Calculate the hash function for the 48-letter message “I leave twenty million dollars
to my friendly cousin Bill.”
c. To demonstrate the weakness of tth, find a 48-letter block that produces the same
hash as that just derived. Hint: Use lots of A’s. Get this solution
3.7 It is possible to use a hash function to construct a block cipher with a structure similar
to DES. Because a hash function is one way and a block cipher must be reversible (to
decrypt), how is it possible? Get this solution
3.8 Now consider the opposite problem: Use an encryption algorithm to construct a oneway
hash function. Consider using RSA with a known key.Then process a message consisting
of a sequence of blocks as follows: Encrypt the first block, XOR the result with
the second block and encrypt again, and so on. Show that this scheme is not secure by
solving the following problem. Given a two-block message B1, B2, and its hash, we have
RSAH(B1, B2) RSA(RSA(B1) B2)
Given an arbitrary block C1, choose C2 so that RSAH(C1, C2) RSAH(B1, B2).
Thus, the hash function does not satisfy weak collision resistance. Get this solution
3.9 One of the most widely used MACs, referred to as the Data Authentication Algorithm,
is based on DES. The algorithm is both a FIPS publication (FIPS PUB 113) and
an ANSI standard (X9.17). The algorithm can be defined as using the cipher block
chaining (CBC) mode of operation of DES with an initialization vector of zero
(Figure 2.10). The data (e.g., message, record, file, or program) to be authenticated is
grouped into contiguous 64-bit blocks: P1, P2, . . . , PN. If necessary, the final block is
padded on the right with 0s to form a full 64-bit block.The MAC consists of either the
entire ciphertext block CN or the leftmost Mbits of the block with 16 M 64. Show
that the same result can be produced using the cipher feedback mode. Get this solution
3.10 In this problem, we will compare the security services that are provided by digital signatures
(DS) and message authentication codes (MAC).We assume that Oscar is able
to observe all messages send from Alice to Bob and vice versa. Oscar has no knowledge
of any keys but the public one in case of DS. State whether and how (i) DS and
(ii) MAC protect against each attack.The value auth(x) is computed with a DS or a
MAC algorithm, respectively.
a. (Message integrity) Alice sends a message x “Transfer $1000 to Mark”
in the clear and also sends auth(x) to Bob. Oscar intercepts the message and
replaces “Mark” with “Oscar”.Will Bob detect this?
b. (Replay) Alice sends a message x “Transfer $1000 to Oscar” in the
clear and also sends auth(x) to Bob. Oscar observes the message and signature
and sends them 100 times to Bob.Will Bob detect this?
c. (Sender Authentication with cheating third party) Oscar claims that he sent some
message x with a valid auth(x) to Bob, but Alice claims the same. Can Bob clear
the question in either case?
d. (Authentication with Bob cheating) Bob claims that he received a message x
with a valid signature auth(x) from Alice (e.g., “Transfer $1000 from Alice to
Bob”) but Alice claims she has never sent it. Can Alice clear this question in
either case? Get this solution
3.11 Figure 3.14 shows an alternative means of implementing HMAC.
a. Describe the operation of this implementation.
b. What potential benefit does this implementation have over that shown in Figure 3.6? Get this solution
3.15 In a public-key system using RSA, you intercept the ciphertext C 10 sent to a user
whose public key is e 5, n 35.What is the plaintext M? Get this solution
3.16 In an RSA system, the public key of a given user is e 31, n 3599.What is the private
key of this user? Get this solution
3.17 Suppose we have a set of blocks encoded with the RSA algorithm and we don’t have the
private key.Assume n pq, e is the public key. Suppose also someone tells us they know
one of the plaintext blocks has a common factor with n. Does this help us in any way? Get this solution
3.18 Show how RSA can be represented by matrices M1, M2, and M3 of Problem 3.4. Get this solution
3.19 Consider the following scheme.
1. Pick an odd number, E.
2. Pick two prime numbers,P and Q, where (P 1)(Q 1) 1 is evenly divisible by E.
3. Multiply P and Q to get N.
4. Calculate .
Is this scheme equivalent to RSA? Show why or why not. Get this solution
3.20 Suppose Bob uses the RSA cryptosystem with a very large modulus n for which the
factorization cannot be found in a reasonable amount of time. Suppose Alice sends a
message to Bob by representing each alphabetic character as an integer between
0 and 25 (A 0, . . ., Z 25), and then encrypting each number separately using
RSA with large e and large n. Is this method secure? If not, describe the most efficient
attack against this encryption method. Get this solution
3.21 Consider a Diffie-Hellman scheme with a common prime q 11 and a primitive root
α 2.
a. If user A has public key YA 9, what is A’s private key XA?
b. If user B has public key YB = 3, what is the shared secret key K? Get this solution
