This commit is contained in:
parent
065fac349d
commit
150c3f5a9d
40
cw/cw.tex
40
cw/cw.tex
|
|
@ -122,6 +122,30 @@
|
|||
\subsection*{3.5}
|
||||
Yes, since I know the private key I can just decrypt the message.
|
||||
|
||||
\section*{4}
|
||||
\subsection*{4.1}
|
||||
$$P||R = E(K,C)$$
|
||||
then you can remove the $R$ part and the $P$ can be obtained
|
||||
\subsection*{4.2}
|
||||
The q pairs could look like: $${(1, k),(2,k),(3,k)\cdots(q, k)}$$
|
||||
where k is a constant value for simplicity sets say $k=0$
|
||||
|
||||
$E_b$ is the list of encrypted values returned by the oracle
|
||||
|
||||
This q pairs work because when the oracle selects b=0:
|
||||
|
||||
There will be no colisions:
|
||||
$$\forall i,k : i \ne j \and P_0[i] \neq p E_0[i] \implies E_0[i] \neq E_0[j]$$
|
||||
there if you don't find any colissions you can assume that the the oracle selected b=0
|
||||
|
||||
if the oracle selects b=1:
|
||||
|
||||
If q is big enough, there will be colissions:
|
||||
$$\exists i,k : i \ne j \and P[i] \eq P[j] \and R[i] = R[j] \implies E_1[i] = E_1[j]$$
|
||||
where $R$ is the list of random values generated for each pair
|
||||
|
||||
\subsection*{4.3}
|
||||
|
||||
\section*{5}
|
||||
\subsection*{5.1}
|
||||
The hash function is collision resistante for $n=1$, since if the block size is one the hash function is the encryption. Therefore:
|
||||
|
|
@ -154,6 +178,22 @@
|
|||
When the message has the size of a block, the authenticated encryption system scheme has both data confidentiality and integrity because the hash function is only collision resistant with messages of block size 1, because of that is impossible to change the ciphertext in away that when the mac is generated on the receiver side, the mac will be the same and since the mac key is not public the attacker cannot generate the new mac.
|
||||
When the message has a bigger size than one block, the scheme still has data confidentiality because the message can still not be decrypted without knowing the key, but it has no longer data integrity because the attacker can change the message in such a way that it would generate a hash collision; therefore the sender could not prove that the information that was received was not sent that way by the server.
|
||||
|
||||
\section*{6}
|
||||
\subsection*{6.1}
|
||||
\subsubsection*{6.1.1}
|
||||
Bob can
|
||||
$$h = H(g^s\times y^c mod p || C)$$
|
||||
where y is Alice's pub key.
|
||||
|
||||
If the equasion holds then Bob knows that Alice signed the Contract
|
||||
\subsubsection*{6.1.2}
|
||||
If the Alice used the the same r then this equasion would only have 2 variables to solve, $a$ and $r$ which makes this equasion possible to solve.
|
||||
$$\begin{cases}
|
||||
s = r - h \times a mod q\\
|
||||
s' = r - h' \times a mod q
|
||||
\end{cases}
|
||||
$$
|
||||
|
||||
\section*{7}
|
||||
\subsection*{7.1}
|
||||
$$v1 = (137, 312), v2 = (215, -187)$$
|
||||
|
|
|
|||
Reference in New Issue
Block a user