For Monday, December 3

---

Authentication

Consider the following authentication technique: Alice and Bob agree on a secure cryptosystem (let's say one-time pad) and use a key K that only they know. Alice sends Bob a message encrypted with K. Bob decrypts the message using K. Since only Alice and Bob know K, only they could have decrypted the message so it should be authentic - they hope. Consider two versions of this scenario:

1. Alice the author sends Bob her editor an encrypted version of the first chapter of her new novel. Bob decrypts the message and reads the chapter. Should he worry as to its authenticity?

2. Alice the scientist generates lots of numerical data from her experiments. She sends Bob her coworker an encrypted version of the data. Should he worry as to its authenticity?

    

3. Most credit-card numbers these days are 16 digits long. How many possible 16-digit credit card numbers are there? How does this relate to the authentication problem? (Hint one: back of the envelope guess that there are one billion or so credit-cards in use in the world today. Hint two: suppose you make a purchase on the Internet with your credit card. What happens if you accidentally type in the wrong number?)

   ---

   Hashing

   Consider the following simple hash function: take the input sequence of bits, break them into blocks of the same size, then XOR all the blocks together, and the result is the hash code. For example, suppose our input (broken into byte-sized blocks) is:

      01010011 01001111 01010011
   

   Taking the exclusive-or of these blocks means lining up the blocks, and summing each column mod 2: (In other words, a one will result if the column has an odd number of ones; a zero will result if the column has an even number of ones.)

         01010011
         01001111
    xor  01010011
    -------------
         01001111   <- the resulting hash code for the message
   

4. Translate the ASCII text "Crypto" into a sequence of six bytes. Compute the simple XOR-block hash code (described above) using each byte as a block.

5. Suppose during the transmission of some data, a freak electrical storm causes a few bits of a message to be flipped (changed from one to zero or from zero to one). Supposing the message had a simple XOR-block hash code (described above) appended to it and that the blocks length is 128 bits. Will the recipient likely detect that the message has been altered? Explain.

6. Suppose during the transmission of an electronic message from Alice to Bob, Eve chooses to flip a few bits of a message. Supposing the message had a simple XOR-block hash code (described above) appended to it and that the blocks length is 128 bits. Can Eve choose the bits to change in such a way that Bob will be unlikely to detect that the message has been altered? Explain.

    

   In class, we discussed criteria that a hash function should satisfy in order to be useful for message authentication. Some of these criteria are phrased as the following questions concerning potential hash function h(x):

   (a) Can h be applied to a block of data of any size?

   (b) Does h produce a fixed-length output? (If so, how long is the output?)

   (c) Given a message x, is h(x) relatively easy to compute even if x is quite large?

   (d) One-way property. Suppose H is the hash code that results from applying h. How difficult is it to compute some x such that h(x) = H?

   (e) Weak-collision resistance. Given a message x, and a hash code H that results from applying h (i.e., h(x) = H), how difficult is it to compute some other message y (that is not the same as x) such that h(x) = h(y)?

7. For each of the following hash functions, answer (and briefly explain your answer) to questions (a) through (e):
   (i) f1(x) = the number of ones in the binary representation of x
   (for example: f1(23) = 4 since 23 in binary is: 10111)

   (ii) f2(x) = (x * x) mod 37

   (iii) f3(x) = x mod 340282366920938463463374607431768211456
   (Note: 340282366920938463463374607431768211456 is 2 raised to the 128th power.)

8. Based on your answers, which (if any) of the above functions would you describe as effective for authentication? Which (if any) of the functions would you describe as poor choices for authentication?

    

9. Briefly describe the avalanche effect in a hash function. Illustrate the effect by providing two examples of messages and their hash codes, using the MD5 applet located here. (Thanks to Santeri Paavolainen at the University of Helsinki - santtu@iki.fi - for the applet.)