Assignment 6 for Applied Cryptography | CS 6260, Assignments of Cryptography and System Security

Material Type: Assignment; Professor: Boldyreva; Class: Applied Cryptography; Subject: Computer Science; University: Georgia Institute of Technology-Main Campus; Term: Fall 2007;

Typology: Assignments

Pre 2010

Uploaded on 08/05/2009

koofers-user-koh-1
koofers-user-koh-1 🇺🇸

8 documents

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS 6260: Applied Cryptography November 12, 2007
Homework 6
Lecturer: Sasha Boldyreva Due: November 20, 2008
Problem 5.1, 5 points.
In RSA-OAEP encryption assume that the output of the keyless transform is a ran-
dom string in ZN, where Nis the RSA modulus. Make an estimate on the probability
that this string is not in Z
Nas the function of k, the length of N.
Problem 5.2, 20 points.
Let Gbe a cyclic group with a generator gsuch that the DDH problem is hard for
G, g. Prove that for the associated ElGamal encryption scheme is IND-CPA secure
against adversaries that make only one query to the LR encryption oracle. (The
standard IND-CPA security will follow from the theorem we proved in class.)
Problem 5.3, 20 points.
Assume there exists a polynomial-time algorithm Athat given an RSA public key
(N, e) can invert 1% of all ciphertexts CZ
N. That is, given (N, e) and C=
Memod Nit can efficiently compute Mif Chappens to be in a “weak” 1% fraction
of all ciphertexts.
Show that then there exists an algorithm that given (N, e) inverts every ciphertext
CZ
Nwith probability more than 1/2, and is usually efficient (runs in expected
polynomial time).
Hint. Use the multiplicative property of RSA: for every public key (N, e) and
M1, M2Z
N,Me
1·Me
2= (M1·M2)e(mod N).

Partial preview of the text

Download Assignment 6 for Applied Cryptography | CS 6260 and more Assignments Cryptography and System Security in PDF only on Docsity!

CS 6260: Applied Cryptography November 12, 2007

Homework 6

Lecturer: Sasha Boldyreva Due: November 20, 2008

Problem 5.1, 5 points. In RSA-OAEP encryption assume that the output of the keyless transform is a ran- dom string in ZN , where N is the RSA modulus. Make an estimate on the probability that this string is not in Z∗ N as the function of k, the length of N.

Problem 5.2, 20 points. Let G be a cyclic group with a generator g such that the DDH problem is hard for G, g. Prove that for the associated ElGamal encryption scheme is IND-CPA secure against adversaries that make only one query to the LR encryption oracle. (The standard IND-CPA security will follow from the theorem we proved in class.)

Problem 5.3, 20 points. Assume there exists a polynomial-time algorithm A that given an RSA public key (N, e) can invert 1% of all ciphertexts C ∈ Z∗ N. That is, given (N, e) and C = M e^ mod N it can efficiently compute M if C happens to be in a “weak” 1% fraction of all ciphertexts. Show that then there exists an algorithm that given (N, e) inverts every ciphertext C ∈ Z N∗ with probability more than 1/2, and is usually efficient (runs in expected polynomial time).

Hint. Use the multiplicative property of RSA: for every public key (N, e) and M 1 , M 2 ∈ Z∗ N , M 1 e · M 2 e = (M 1 · M 2 )e^ ( mod N ).