Cryptology
Spring 2000
Homework Ten

Read this assignment (and all the associated reading!) thoroughly before class on May 2. Be prepared to write about the reading in class. The homework is due Friday, May 5. .

Reading:

1. Singh, pp. 331-350.
2. "Quantum Cryptography" by Charles H. Bennett, Gilles Brassard and Artur K. Ekert. Scientific American, October 1992, pp. 50-57.
3. "Quantum-Mechanical Computers" by Seth Lloyd. Scientific American, October 1995, pp. 140-145.
4. Quantum Entanglement by Leah Henderson and Vlatko Vedral.
5. Towards Quantum Information Technology prepared by Simon Benjamin and Artur Ekert.
6. Quantum Computing by Lov K. Grover.

Review:

1. Chaffing and Winnowing: Confidentiality without Encryption by Ronald Rivest
2. Singh, pp. 317--331
3. Quantum Computing with Molecules by Neil Gershenfeld and Isaac L. Chuang. Scientific American, June, 1998

Problems:

Hash functions

In Stallings, on p. 253, the author lists criteria that a hash function should satisfy in order to be useful for message authentication. Some of these criteria are phrased as the following questions concerning potential hash function h:x

(a) Can h be applied to a block of data of any size?

(b) Does h produce a fixed-length output? (If so, how long is the output?)

(c) Given a message x, is h(x) relatively easy to compute even if x is quite large?

(d) One-way property. Suppose H is the hash code that results from applying h. How difficult is it to compute some x such that h(x) = H?

(e) Weak-collision resistance. Given a message x, and a hash code H that results from applying h (i.e., h(x) = H), how difficult is it to compute some other message y (that is not the same as x) such that h(x) = h(y)?

1. For each of the following hash functions, answer (and briefly explain your answer) to questions (a) through (e):
   (i) f1(x) = the number of ones in the binary representation of x
   (for example: f1(23) = 4 since 23 in binary is: 10111)

   (ii) f2(x) = (x * x) mod 37

   (iii) f3(x) = x mod 340282366920938463463374607431768211456
   (Note: 340282366920938463463374607431768211456 is 2 raised to the 128th power.)

2. Based on your answers, which (if any) of the above functions would you describe as effective for authentication? Which (if any) of the functions would you describe as poor choices for authentication?

3. Briefly describe the avalanche effect in a hash function. Illustrate the effect by providing two examples of messages and their hash codes, using the MD5 applet located here. (Thanks to Santeri Paavolainen at the University of Helsinki - santtu@iki.fi - for the applet.)

   ---

   Quantum Computing and Cryptography

4. There are numerous technical hurdles that must be overcome before the theory of quantum computing can have practical application. Describe a few of these hurdles.

5. There are also technical hurdles that must be overcome before the theory of quantum cryptography can have practical application. Describe at least one such hurdle.

6. Suppose you are head of a major government funding agency. Given that a great deal of research must be done before either of these quantum-mechanical ideas come to fruition, to which area would you commit more research funds? Explain your choice.

7. Consider the following scenario: In 2025, quantum cryptography becomes practical for everyday people to use. In 2050, quantum computers become available at a reasonable cost to the general public. Do you think, in 2055, people will use their quantum computers for cryptanalysis? Explain your answer.

   ---

   Chaffing and Winnowing

   For these problems, it may be useful to use the MD5 applet provided by Santeri Paavolainen at the University of Helsinki (santtu@iki.fi).

   Suppose Alice uses chaffing and winnowing to send secret messages to Bob. For the authentication code she uses MD5 applied to the intended plaintext (the wheat) with a secret key (that she and Bob have previously agreed upon) tacked on to the end of each piece of plaintext before applying the hash function. To the chaff, she just applies MD5 directly. She sends to the world the following (the plaintext does not, of course, include the quotation marks):

     ("1. Bob, remember to attack", 2f0539ede8276bf2407ec134a0ea2b8d)
     ("1. Bob, remember to take",   cdb01921ae1f35d3a24dd9cc33110068)
     ("2. at dawn!",                8d8db8e240219d3d367418d9b3482816)
     ("2. the trash out at noon.",  9ece67c224af20ab4ece8c816e93583b)
   

8. Separate the wheat from the chaff to determine Alice's message to Bob. Explain the weakness of Alice's method and how you exploited it.

9. Suppose Alice adopts a public-key chaffing and winnowing system, as follows: To send a message to Bob, she tacks Bob's public key to the plaintext before using MD5. To create chaff, she tacks her private key on to some bogus plaintext before using MD5. Explain why this is also an ineffective way to use chaffing and winnowing to communicate secretly.

10. Alice decides that to communicate with winnowing and chaffing she will stick to using secret keys. This leaves chaffing and winnowing with a similar problem to DES and all classical (secret-key systems). Explain that problem.

11. Propose a way to use public-key technology in conjunction with MD5 and chaffing and winnowing to achieve an effective cryptosystem. Comment on the efficiency of your system.

    For the next problem, every participant in our class will share a secret key with me. The secret keys have been (or will be) established using Diffie-Hellman exchange. If you correctly performed Diffie-Hellman key exchange with me for Homework Six (or subsequently) and you remember that key, use it for this problem. Otherwise, send me an e-mail message ASAP to get a key.

    I am sending secret messages to all of you using the chaffing and winnowing method. All the messages are here. The format of each message is: (M, h) where M is the plaintext message block and h is the hash code generated by applying MD5 to M with k appended to it, where k is a secret key.

12. Find and report your message.

13. Optional - extra credit: decipher one or more messages that were sent to other people. (Hints are available as to how to go about this!)