Manifest: Wednesday 3 October 2001

Assignments Due
Wednesday, 10 October	Problem Set 3
Wednesday, 17 October	No Class
Wednesday, 24 October	Midterm

Readings
MBC Chapter 18 has some "sketches" of protocols. We will explore several of these protocols in more detail in later classes.
A Private Matchmaking Protocol, Kan Zhang and Roger Needham. Optional, but useful if you are trying Challenge #2.

Quiz Answers

1. Here is the RSA algorithm, with some pieces missing. Fill in the blanks:
   1. Pick 2 large secret primes, p and q.
   2. Let n = pq [blank 1]
   3. Choose e and d so: ed ≡ 1 mod (p - 1) (q - 1) [blank 2]
   4. Encryption function (public): E(M) = M^e mod n.
   5. Decryption function (private): D(C) = C^d mod n [blank 3]

2. What is the private key?
   d or (d, n). To do decryption, we need to know d and n. No one else can know d. The public key is (e, n). Note that p and q must be kept secret, but are not part of the private key (we don't need them to decrypt). They should be destroyed after computing d.
3. What is the range of M that can be reliably transmitted using RSA?
   0..n-1. We are transmitting M^e mod n, so we could not transmit more than n different messages without having two messages map to the same ciphertext.

Questions

• Why would n be a bad choice for the modulus: ed ≡ 1 mod _____.
• What are the properties of a good cryptographic hash algorithm? How do we evaluate how well a particular algorithm satisfies those properties?
• What is the difference between weak collision resistance and strong collision resistance?
• Give a good n-bit hashing function, how hard is it to find x such that H(x) = h?
• Give a good n-bit hashing function, how hard is it to find x and y such that H(x) = H(y)?
• How can Alice send a message to Bob without revealing to anyone else that she is sending a message to Bob?

Links

• Onion Routing project at NRL
• Anonymous Remailers

University of Virginia Department of Computer Science CS 588: Cryptology - Principles and Applications

David Evans evans@virginia.edu