# Assymetric cryptography questions

Document Type:QA

Subject Area:Computer Science

Within the asymmetric cryptography encryption algorithm, there exist two keys public & private keys for deciphering the message contents. Given the equation X2 − Y 2 = (X + Y) (X − Y) modulus N Using Fermat factorization technique, the value constraint N = X2 − Y 2 = (X + Y) (X − Y), calculate n+12, n+22, n+32 until we reach the designated square values for N= P. Q where P > Q for values calculated as Number: 1091989 | Fermat steps: 1 | Factor 1: 1051 | Factor 2: 1039 For RSA modulus N= P. Q evaluated using Fermat factorization techniques, Calculate n+12, n+22, n+32 until we reach the designated square values 1091989 + 62 = 1092025 Square value of 1092025 = 1045 10452- 62 = 1051. for values RSA modulus N= P. To encrypt the message M=0 message space M = {0, 1}, we define Epk(0) as: y←$1,2,. q Return (gy,hy) Return (public key pk = (G, g, Q, h), private key sk = x).

To encrypt message M=1 message space M = {0, 1}, we define Epk(1) as: y←$1,2,. q z←$1,2,. q Return (gy,gz) (b) Specify the appropriate decryption algorithm Dec (sk, c) and show that the scheme is correct. iii. Let A be the developed oracle input to solve the DDH. iv. The converse reduction algorithm evaluates DDH ≤ R IND-CPA of the DDH problem. Then evaluate A as the public input key, the pair of cipher text c1,c2 and the Group G DDH instances ( g, g 1 , g 2 , g 3 ). Decryption algorithm: In order to recover message m from cipher text c, the cipher text c is decrypted using private key using formula M =C d mod N in order to recover original message content m. Encryption algorithm: In order to convert cipher text c into message m, the plaintext message M is encrypted using RSA public key (N, e) in order to get the cipher text using modular exponential equation C = Me mod N.

RSA signature are computed using RSA modulus equation S = Md mod N where M is the message, (N, e) is the public key, and d is the secret key. In blind signature scheme, RSA message is computed where the user selects a random message value r (blinding factor) to obtain the RSA cipher text using modulus arithmetic. The user A signs the message m using equation form s = md mod n. Let Σ = (GenΣ, Sign, and Verify) be a digital signature scheme. Let AE = (GenAE, Enc, Dec) be a public key encryption scheme. Assume you want to combine both schemes such that a sender S who is in possession of the signing key pair (skS,pkS) ← GenΣ(κ) can send some confidential and authenticated message to the receiver R who is in possession of the encryption key pair (skR,pkR) ← GenAE(κ).

Consider a combined scheme that uses Σ and AE and those algorithms Gen and SignCrypt are defined in the following: • Gen(κ): output (skS,pkS) ← GenΣ(κ), (skR,pkR) ← GenAE(κ). • SignCrypt(skS,pkR,m): compute σ ← Sign(skS,m), c ← Enc(pkR,(m,σ)), output c. The signcryption scheme outputs error symbol if the origin check is completely invalid. The correctness of the signing verification must be clearly accepted by the verifier party. Assuming the digital signature is valid; the signing verification equation is computed in form r ≡ αk (mod p). Section 3 – Cryptographic Protocols Recall the Pedersen commitment scheme for cyclic groups G of prime order Q that works for messages m ∈ ZQ: • Gen (κ): choose random generators g, h ∈R G; output public key pk = (g, h). • Commit (pk, m): choose a random r ∈ ZQ, output a commitment c = gm · hr.

mn ∈ ZQ consists of only one group element (like in the original scheme). Specify the algorithms (Gen, Commit, and Decommit) of your multi-message commitment scheme and show its correctness. Multi-message commitment scheme allows the sender to commit multiple messages (m1. mn) at the same time. To commit message m1,. e. mi ̸= m∗i , whereas for all other indices j ∈ [1, n], j ̸= i the messages are the same, i. e. mj = m∗j. In addition, explain why your multi-message commitment scheme still achieves perfect hiding. ZKPoK [(x1, x2, x3):y1 =gx1 ∧ y2 =gx1 ·gx2 ·gx3 ∧ y3 =gx3]. Honest-verifier) Zero knowledge proof depicts the intuition that the Verifier shouldn’t learn anything about the desired secret protocols. The communication between the protocols “Prover” and the Verifier mustn’t depict any information about the secret.

To achieve the designed interactive (honest-verifier) zero knowledge proof between a Prover P and verifier V, there exists some simulator S, without prior knowledge of the secret, allowing decrypting the information contents between the Prover and Verifier. d) Does your protocol have the two required properties: soundness and zero- knowledge? Justify your answer.

From $10 to earn access

Only on Studyloop

Original template

Downloadable

Similar Documents