首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
COMP2300编程设计讲解、辅导Java,CSS程序、Python编程讲解 辅导Python编程|解析C/C++编程
项目预算:
开发周期:
发布时间:
要求地区:
COMP2300/COMP6300 Applied Cryptography
Assignment 2
Total marks: 30
Weighting: 15%
Deadline: Tuesday (Week 13), 1 June 2021 (11:59 pm).
Note: Submit the assignment via Turnitin (Include Student Name and ID in assignment).
Objectives
This assignment has been designed to test your knowledge of public-key cryptography and application of
cryptography in cryptocurrencies.
Notes
• Assumptions (if any) must be stated clearly in your answers.
• There may not be one right answer for some of the questions. So, your explanations need to present
your case clearly. The explanations you provide do not have to be long; conciseness is preferred to
meandering.
• The hints to solutions of almost all questions in this assignment are in the lecture slides, and the
textbooks [Sma16] and [NBF+16].
1
Submission
• On line submission via Turnitin.
Assignments will be marked and returned online. There are no hardcopy submissions for written assignments.
Ensure you submit the correct file. The submission process shows you a complete preview of your entire
assignment after you have uploaded it but before you have submitted it. Carefully check through every
single page to ensure everything is there and the correct version has been uploaded.
Multiple submissions may be possible via Turnitin prior to the final due date and time of an assessment task
and originality reports may be made available to students to view and check their levels of similarity prior to
making a final submission. Students are encouraged to use these reports to ensure that they do not breach
the Academic Honesty Policy through high levels of similarity (plagiarism).
Teaching staff will use the report to judge whether plagiarism has occurred and whether penalties should
apply for breaches of the Academic Honesty Policy. Any similar text identified by Turnitin will be considered
carefully to see if it is indeed a breach of the Academic Honesty Policy.
2
Question 1 (6 marks)
Recall the (randomised) Elgamal cryptosystem. Let p be a prime. Let G be the group Z
∗
p = {1, 2, . . . , p − 1}
under multiplication modulo p. Let g ∈ G be a generator of the group. Let (x, h) denote Bob’s (private key,
public key) pair, where x is a random element of Zp−1 = {0, 1, . . . , p − 1}, and h ≡ g
x
(mod p).
(a) Suppose Alice sends a message m ∈ G with ciphertext c = (c1, c2) to Bob, encrypted using a random
k ∈ Zp−1. Suppose Eve, the eavesdropper, comes to know both the message m, and its ciphertext c. Explain
what can Eve do if Alice were to encrypt m0 ∈ G using the same k, resulting in ciphertext c
0 = (c
0
1
, c0
2
). (2
marks)
An encryption system is considered malleable if given a ciphertext of some unknown plaintext, it is possible
to obtain a valid ciphertext of a related plaintext without even knowing the contents of the plaintext. This is
problematic depending on the application. For instance, in bidding for a contract, a company might outbid
its competitor by simply multiplying it’s rival company’s encrypted bid by 0.9, without even knowing the
bid [DDN03]. The following questions relates to the malleability of the Elgamal cryptosystem taught in the
lecture.
(b) Suppose we are given the ciphertext c = (c1, c2) of some unknown message m, where c1 ≡ g
k
(mod p)
for some unknown random integer k ∈ Zp−1 and c2 ≡ m · h
k
(mod p), where h is the public key of some
unknown private key x, in the Elgamal cryptosystem. Let m0 be a message that you know. Can you obtain
a valid ciphertext of the message m · m0 without knowing m? (2 marks)
(c) Let p = 227. Given the following ciphertext of some message m1 encrypted using randomized Elgamal,
what is the ciphertext of m1 · m2, where m2 ≡ 11 (mod p)? Show the steps in PARI/GP. (1 mark)
(c1, c2) = (48, 3)
(d) Continuing from part(c), suppose the private key is x = 73. What is the message m1? (1 mark)
Question 2 (6 marks)
Let X be a random variable taking on n values with probabilities p1, p2, . . . , pn. Recall from Lecture 9 that
the min-entropy of X, denoted E∞(X), is given by
E∞(X) = min
i
1
pi
.
If X is uniformly distributed then p1 = p2 = · · · = pn =
1
n
.
(a) Show that if X is not uniformly distributed then necessarily one of the pi
’s is > 1/n. (2 marks)
(b) Show that if X is not uniformly distributed then E∞(X) < n. (2 marks)
(c) Argue that min-entropy is the highest if X is uniformly distributed. What is the minimum entropy in
this case? (2 marks)
Question 3 (2 marks)
Let H be a hash function that has the properties of hiding and collision-resistance. Recall that collision
resistance property means that it is infeasible to find two inputs x, y with x 6= y such that H(x) = H(y).
3
Consider the commitment scheme from Lecture 9. To commit to a message m, Alice samples a random
nonce r, and computes
C = H(r||m),
and publishes C as her commitment. A commitment scheme is binding if it is infeasible to find two pairs
(m, r) and (m0
, r0
) with m 6= m0
such that
H(r||m) = H(r
0
||m0
).
Show that if you can find a collision in H, this does not necessarily break the binding property of the
commitment scheme. (2 marks)
Question 4 (3 marks)
In lecture 10, we saw that the initial value for block reward for bitcoins was 50 Bitcoins, which halves every
210,000 blocks. Recall that the sum of an infinite geometric series is
S = a + ar + ar2 + ar3 + · · · =
a
1 − r
,
where a is the starting coefficient, and r is the common ratio between adjacent terms. Since new Bitcoins
can only be created if a new block is created, using the above formula, calculate the final number of Bitcoins
that will ever be created. Your answer should explain your choice of a and r. (3 marks)
Question 5 (3 marks)
Recall from Lecture 10 that a 51% attacker is an attacker who holds at least 51% of the total hash power.
Let α represent the proportion of hash power held by this attacker. Then, α ≥ 0.51. Suppose this attacker
wants to suppress Carol’s transactions by not including any of her transactions. To do so, whenever the
attacker (or the attacker’s nodes) solves the hash puzzle, it proposes a block without Carol’s transactions.
Show that the attacker will be successful in the sense that the longest valid consensus chain will eventually
be the one proposed by the attacker. Why this will not be the case if α < 0.5?(3 marks)
Question 6 (10 marks)
Recall hash puzzles from Lecture 10. In this question, we will see how they work in practice. This question
requires programming in a language that has an implementation of SHA-256 hash function. You could use
Java to program, although, you are free to use any other language with a library containing SHA-256, e.g.,
Python’s hashlib. Create a string s containing all the digits in your student ID. For example, if my student
ID is MQ12345678, then s = 12345678. Set the target t to:
t =
2
256
20
Let H be the SHA-256 hash function. Let r be a counter starting from 0.
(a) Implement a program that tries successive values of r, i.e., r = 0, 1, 2, 3, . . ., computes H(s||r), compares
it with t and halts whenever H(s||r) < t, with the output r. You need to provide the program and the
output r. (5 marks)
4
(b) Modify the program from part (a) by adding i to s, where i = 0 to 999 inclusive, and for each i computing
the hash until the value falls before the target. What is the average number of attempts (over 1,000) before
you found the target? You need to provide your program. (3 marks)
(c) If you drew random values between 0 and 2255 inclusive, how many attempts on average it would take
before you find a value below the target? What does it tell you about SHA-256? (2 marks)
References
[DDN03] Danny Dolev, Cynthia Dwork, and Moni Naor. Nonmalleable cryptography. SIAM review,
45(4):727–784, 2003.
[NBF+16] Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, and Steven Goldfeder. Bitcoin
and cryptocurrency technologies: a comprehensive introduction. Princeton University Press,
2016.
[Sma16] Nigel P Smart. Cryptography made simple, volume 481. Springer, 2016.
5
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
urba6006代写、java/c++编程语...
2024-12-26
代做program、代写python编程语...
2024-12-26
代写dts207tc、sql编程语言代做
2024-12-25
cs209a代做、java程序设计代写
2024-12-25
cs305程序代做、代写python程序...
2024-12-25
代写csc1001、代做python设计程...
2024-12-24
代写practice test preparatio...
2024-12-24
代写bre2031 – environmental...
2024-12-24
代写ece5550: applied kalman ...
2024-12-24
代做conmgnt 7049 – measurem...
2024-12-24
代写ece3700j introduction to...
2024-12-24
代做adad9311 designing the e...
2024-12-24
代做comp5618 - applied cyber...
2024-12-24
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!