1 / 17

Intro To Encryption Exercise 6

Intro To Encryption Exercise 6. Problem. Is every (weak) CRHF also a OWF. Solution. No!!! Counter Example: Suppose h is a weakly CRHF Let h’ (x)=x|| h (x) No collisions in h’ , clearly not a OWF. What about h’ :{0,1} n  {0,1} l l <n. Exercise . Problem.

meg
Download Presentation

Intro To Encryption Exercise 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intro To EncryptionExercise 6

  2. Problem • Is every (weak) CRHF also a OWF

  3. Solution • No!!! • Counter Example: • Suppose h is a weakly CRHF • Let h’(x)=x||h(x) • No collisions in h’, clearly not a OWF. • What about h’:{0,1}n{0,1}ll<n. • Exercise 

  4. Problem • Show a OWHF and distribution of passwords s.t. both unix and S/Key fail

  5. Solution • Let h(x) be a OWHF. • Let h’(x) return: • 0 if 3 final chars of x end with AAA • h(x) otherwise • What kinds of an attack should ADV use? • For Unix Password Scheme • For S/Key password scheme

  6. Problem • Lets assume a SALT mechanism is proposed for the previous problem. • How should you implement it using the proposed h’ without changing its internal design?

  7. Solution • h’’(x)=h’(x||salt) with salt being != AAA.

  8. Problem • Why does brute-force attack on Target Collision Resistant takesO(2n) guesses (not O(2n/2)-from bithday paradox)

  9. Solution • Since ADV picks x, x’ he may be able to find a collision with O(2n/2). • BUT!!! ADV does not know key k prior to his choice. The key is chose AFTER he chose. • So? • So ADV can’t efficiently calculate hashes for x, x’ because he does not know which hash function The user may choose. • In other words for some key kf(x)=f(x’) but for other key kf(x)!=f(x’)

  10. Problem • Computer viruses modify executable program files to `infect` them. • One common protection against viruses is to maintain, in read-only storage, a list containing a short `fingerprint` of each executable file, allowing the antivirus program to validate that an executable was not modified. • Which of the hash function properties are necessary for computing the fingerprint?

  11. Solution • We need collision resistance features. • Do we need Weakly, Strong or target collision resistance requirements?

  12. Problem • We wish to build hash functions from block ciphers. • We wish Same function as WCRHF that is constructed as:h(x)=Ex(0) [if we use a block cipher which allows arbitrary long keys] • Does this construction provides WCRHF?

  13. Solution • No!!! • Assume Ek(x) is a block cipher. • Assume E’k1,k2(x)=k1Ek2(X). • Is this still a block cipher??? Prove!!! • Let X=X1||X2(without the limitation of generality) • Let h(x1||x2)=E’x1,x2(0)=x1Ex2(0)

  14. Solution • Assume X=10011100 -> X1=1001, X2=1100 • Assume E1100(0)=1101 • Let h(x)=10011101=0101 • Let ADV A find a collision to X=10011100 with h(x)=0101 • Let there be Y=10001110 -> Y1=1000,Y2=1110 • Y2 ‘=Ey2(0)=0011. • Y1 ‘=h(x)  Ey2’(0)=0101  0011=0110

  15. Solution • For our construction: • Let h(Y1’||Y2)=Y1’Ey2(0).i.e. h(01101110). • Y1’Ey2(0)=(h(x)  Ey2’(0))  Ey2(0)=h(x).i.e.: 0110  0011 = 0101.

  16. Problem • Alice and Bob communicate by phone. • Assume they can identify each other’s voice, but a hacker, Eve, may eavesdrop on their communication. • Alice wants to send a shared key to Bob, carried by Charlie, a completely reliable and trustworthy courier, which is unfortunately not known to Bob. • We want Charlie to know some secret so it can prove his identity to Bob by exposing this secret • We also don’t want Eve to impersonate as Charlie. • Show how Alice can establish such a secret using (only) a one-way hash function.

  17. Solution • Alice hands charlie a voice print. She may say: “Hello Bob”. • Charlie uses h as the OWF and uses:h(“Hello Bob”Alice||”Hello Bob from Alice”charlie)To establish a key.

More Related