University of Virginia, Department of Computer Science CS588: Cryptology - Principles and Applications, Fall 2001

Manifest: Wednesday 3 October 2001
 Assignments Due Wednesday, 10 October Problem Set 3 Wednesday, 17 October No Class Wednesday, 24 October Midterm

MBC Chapter 18 has some "sketches" of protocols. We will explore several of these protocols in more detail in later classes.
A Private Matchmaking Protocol, Kan Zhang and Roger Needham. Optional, but useful if you are trying Challenge #2.

1. Here is the RSA algorithm, with some pieces missing. Fill in the blanks:
1. Pick 2 large secret primes, p and q.
2. Let n = pq [blank 1]
3. Choose e and d so: ed ≡ 1 mod (p - 1) (q - 1) [blank 2]
4. Encryption function (public): E(M) = Me mod n.
5. Decryption function (private): D(C) = Cd mod n [blank 3]

2. What is the private key?
d or (d, n). To do decryption, we need to know d and n. No one else can know d. The public key is (e, n). Note that p and q must be kept secret, but are not part of the private key (we don't need them to decrypt). They should be destroyed after computing d.
3. What is the range of M that can be reliably transmitted using RSA?
0..n-1. We are transmitting Me mod n, so we could not transmit more than n different messages without having two messages map to the same ciphertext.

Questions
• Why would n be a bad choice for the modulus: ed ≡ 1 mod _____.
• What are the properties of a good cryptographic hash algorithm? How do we evaluate how well a particular algorithm satisfies those properties?
• What is the difference between weak collision resistance and strong collision resistance?
• Give a good n-bit hashing function, how hard is it to find x such that H(x) = h?
• Give a good n-bit hashing function, how hard is it to find x and y such that H(x) = H(y)?
• How can Alice send a message to Bob without revealing to anyone else that she is sending a message to Bob?