# CS 450/650 Fundamentals of Integrated Computer Security

## Spring 2011

## Homework 2 : Cryptography

## Due on Wednesday, Mar 9 at 5:00 pm

1 :
Suppose that a system uses textbook RSA encryption.
An attacker wants to decrypt a ciphertext c to obtain the corresponding confidential plaintext m.
Assume that the victim system readily decrypts arbitrary ciphertexts that the attacker can choose,
except for ciphertext c itself. Show that the attacker can obtain m from c even under this setting,
i.e a chosen ciphertext attack is possible.

2 : In a public-key system using RSA,
you intercept the Ciphertext **10** sent to a user whose public key is e = 5, n = 35.
What is the plaintext **M**?

The following problems are from the text book (Pfleeger, 4th edition):

Chapter 2:

33:
Why do cryptologists recommend changing the encryption key from time to time?
How frequently should a cryptographic key be changed?

34:
Humans are said to be the weakest link in any security system.
Give an example of human failure that could lead to compromise of encrypted data.

Chapter 12:

5: Explain why 2^n is the difficulty factor for a deterministic solution to a nondeterministic problem of time n.
That is, justify that the time bound 2^n is correct.

13: With a public key encryption, suppose A wants to send a message to B.
Let A_PUB and A_PRIV be A's public key and private key, respectively; similarly for B.
Suppose C knows both public keys but neither private key.
If A sends a message to B, what encryption should A use so that only B can decrypt the message? (This property is called secrecy.)
Can A encrypt a message so that anyone receiving the message will be assured the message came only from A? (This property is called authenticity.)
How or why not? Can A achieve both secrecy and authenticity for one message? How or why not?

20: Find keys d and e for the RSA cryptosystem where p = 7 and q = 11.

21: Find primes p and q so that 12-bit plaintext blocks could be encrypted with RSA.

What to turn in:
A softcopy of your solutions (could be a scanned version of the hard
copy of the solutions) to be **uploaded as a single file to WebCT**.