Download presentation
Presentation is loading. Please wait.
1
Sample Solution Cryptology Design Fundamentals
Grundlagen des kryptographischen Systementwurfs Lecture ID: ET-IDA-28 Final Examination Closed-book short question part Prof. W. Adi Date : Duration : 20 Minutes , Maximum marks is 30% Sample Solution Vorname ……………………………………….. Nachname ……………………………………….. Matrikel-Nr. ………………………………………..
2
Marks: ∑ 2
3
gcd ( a 7 t – a t , a 9 t – a t ) = a t gcd ( a 6 t – 1 , a 8 t – 1 )
Q1: Compute gcd(910,280). (1 P) n1 n2 q r 910 280 3 70 4 gcd ( 910 , 280 ) = …70.. Q2: Compute gcd [ (a7 t - at) , (a9 t - at) ], where a and t are non-zero positive integers and gcd (t,9)=gcd(t,7)=1. (2 P) gcd ( a 7 t – a t , a 9 t – a t ) = a t gcd ( a 6 t – 1 , a 8 t – 1 ) = a t (a gcd ( 6 t, 8 t ) – 1) = a t (a 2t–1) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? Page 1/5
4
Q3: On which claimed unsolvable problems are the securities of the following cryptosystems based?
1. RSA Signature System Integer factoring problem 2. Omura Proof of Identity Protocol Discrete Logarithm Problem 3. Omura-Massey Lock for Shamir’s 3-Pass Protocol over GF(p) Discrete Logarithm Problem over GF(p) 4. Fiat Shamir proof of identity protocol (4 P)
5
Since ord(3) = 17-1 = 16 as a primitive element
Q4: Compute the multiplicative order of 34 in GF(17) assuming that 3 is a primitive element in GF(17). Since ord(3) = 17-1 = 16 as a primitive element Q5: How many elements are there in the group of units Z*m for m =187= 11· 17. Compute the highest possible multiplicative order for a unit in Z*m (*)Compute the multiplicative order of the element 2 modulo 187 (optional question +4p) (3 P) # of elements in the group is ( ) = (17-1) (11-1) = 160 Highest possible order is: ( ) = lcm [(17) , (11)] = lcm [(17) , (11)] = lcm [16, 10] = / gcd(16,10) = 160/2 = 80 (5 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? Order divides 80 that is 1, 2, 4, 5, 8, 10, 16, 20, 40, or 80 21 = 2 ≠ 1, 22 = 4 ≠ 1, 24 = 16 ≠ 1, 25 = 32 ≠ 1, 28 = 69 ≠ 1, 210 = 89 ≠ 1, 216 = 86 ≠ 1 220 = 67 ≠ 1, 240 = 1 order of 2 is = 40 Page 2/5
6
Q6: Reduce the following expressions to the smallest positive integers in the corresponding deployed algebra: 1. R13 ( – ( 27 ) 5 · 28 2 ) = R13 ( – (1 ) 5 (2)2 ) = R13 (-1 - 4) = R13 (- 5) =8 2. ( 1 – 2x 2 ) ( 2 + 3x2) over GF(5) = 2 + 3 x2 – 4 x2 - 6x4 = 2 – x2–x4 = 2 + 4x2 + 4 x4 (3 P)
7
and the order of a group’s element?
Q7: Which relationship do exist between the number of the group elements and the order of a group’s element? Q8: What is a mathematical „Involution“ function? Is a function which is equal to its inverse function. ( F= F-1 ) Q9: Sketch Shamir perfect secret sharing scheme for two users (2 P) The order of the group element divides the number of its elements Or the order of each element divides the group’s order (Lagrange Theorem) (2 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? (3 P) Page 3/5
8
+ Perfect Secret Sharing RAND Z Random Secret BSS Give User A
Shamir RAND Random BSS Z Secret Give User A Common Secret Between A and B + Exchange to generate Common secret RAND + Z Give User B
9
Compute the possible multiplicative orders for elements in GF(29)?
Q10: In GF(29). Compute the possible multiplicative orders for elements in GF(29)? Possible multiplicative orders are the divisors of (29) = 29-1=28= 2 x 2 x7. These are: 1, 2, 4, 7,14,28 Compute the number of primitive elements in GF(29). # of primitive elements (28) = (22.7) = 28 (1- 1/2) . (1- 1/7) = 12 3. Which are the minimum number of tests required to find out weather a given element β in GF(29) is primitive? β1 ≠ 1, β2 ≠ 1, β4 ≠ 1, β7 ≠ 1, β14 ≠ 1 (6 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?
10
2-6 = 2t = 2-6 mod 28= 2-6 + 28= 2 22 => order of 2 is 28
Compute the multiplicative order of 2 in GF(29) ≠ 1, 22 ≠ 1, 24 =16≠ 1, 27 =128=12≠ 1, 214 =144=28≠ 1 => order of 2 is 28 Compute the smallest positive integer t for which 2-6 = 2t holds. 2-6 = 2t = 2-6 mod 28= = 2 22 => t = 22 Page 4/5
11
Compute a8 and give the corresponding binary vector for a8 .
Q11: GF(26) is generated by the irreducible and primitive polynom P(x)= x6 + x + 1. The element a = = x + 1 is selected from GF(26). Compute a8 and give the corresponding binary vector for a8 . a = (x +1), a 2 = (x 2 + 1), a 4 = (x 2 + 1) 2 = x 4 + 1, a 8 = (x 4 + 1) 2 = x = x 3 + x = as x 6 + x + 1 = 0 x 6 = x x 7 = x 2 + x x 8 = x 3 + x 2 2. Compute the multiplicative order of a (Hint: a= 1+x = x6 ) As P(x) is primitive, the order of x is 26-1=63, as x6=1+x => ord (1+x) = ord( x6) 3. Compute the smallest positive integer t for which a-1 = at holds. The modulus in the exponent for a is the order of a=63 ord (a) = ord (x6) = (ord x) / gcd (ord x , 6) = (2 6 – 1) / gcd (2 6 – 1 , 6) = 63/3 = 21 a -1 mod 21 = a = a 20 t = 20 (10 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?
12
Annex: Euler Function (m) (m) = m ( 1 - ) ( 1 - ) ……
For m = p1 p2 p pt e1 e2 e et (m) = m ( ) ( ) …… P1 1 P2 1 Carmicheal´s function (m) : (2)= 1, (22) = 2, (2e) = 2e for e 3: (pe)= (pe) = (p - 1)pe-1 for p odd prim. for m = p1e1 p2e2 p3e pnen (m) = lcm [ (p1e1 ), (p2e2 ), … (pnen ) ] page 5/5
Similar presentations
![Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x) K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.](/11/3306631/big_thumb.jpg "Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x) K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.>")
![1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’](/16/5002757/big_thumb.jpg "1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’>")
