To improve your understanding of RSA, hash functions, MAC and key distribution.
To develop problem-solving and design skills. To improve written communication skills.
1. [18 marks] We discussed in the subject that a message M (encoded as an integer) can
be signed using RSA private key by S = Md mod n and verified by the corresponding
public key by M′ = S
e mod n and check whether M == M′
. We also showed the
concept of blinding on RSA.
Perform the following implementation tasks in a language of your choice. You are not
allowed to use any library function to perform exponentiation. In order to get full
marks, your algorithm has to be able to work in realistic cryptographic environments
(consider inputs in the order of 101000).
(a) Implement the function Sign(M, n, d) which takes the encoded message and a
private key as arguments, calculates and returns the signature. You may assume
that M < n. Print the code here.
(b) Implement the function Verify(S, n, e, M) takes as inputs a signature, a public
key and the original message. It should return True if the signature is valid, or
False if the signature is invalid. You may reuse the Sign() function implemented
above, if you want to. Print the code for this function.
(c) Implement a function BlindSign to sign a message using the blinding concept.
Remind that you shouldn’t directly sign the original message by Md mod n as
you did in Sign function, but you may call the Sign function if needed. Print
the code here.
An integer encoded message M and a pair of RSA keys are provided as following:
M = 314159265?????93 (please replace ????? with the last five digits of your student
Private key: < n, d > Public key: < n, e >
n = 11396311342906819133245180752504625094447926145771153608337005942535340
e = 65537
d = 20729576806810227945651433503304642530313216592724403339332811669890870
(d) Sign the message by calling your above implemented Sign function. Print the
(e) Sign the message through blinding process by calling BlindSign, with x equals to
the last four digits of your student ID (you may find the definition of x from week
5 lecture). Print signatures for both the blinded message and original message.
2. [9 marks] Assume that Alice has chosen a large RSA modulus n such that factorization
is impossible with reasonable time and resources. She also then chooses a large random
public exponent e < n for which the RSA problem is also not practical. However Bob
decides to send a message to Alice by encrypting each alphabet character (represented
by an integer between 0 and 25) separately using Alice’s public key < n, e >.
(a) Describe an efficient attack against this method.
(b) Suggest a countermeasure to this attack.
3. [16 marks] Professor Parampalli generated two pairs of RSA keys for his tutors, using a
pair of p and q. The chosen public component e1 and e2 are different prime numbers.
Both p and q are very large prime numbers and were destroyed immediately after
generating the following keys:
Jaiden: < n, e1 >, < n, d1 >
Jiajia: < n, e2 >, < n, d2 >
Answer the following questions with detailed process and/or justification.
(a) Lianglu wants to send a confidential message M to both Jaiden and Jiajia, so he
calculates and then sends C1 = Me1 mod n and C2 = Me2 mod n. Explain how
you may recover this message without knowing Jaiden’s or Jiajia’s private key.
(b) Outline a strategy that may help Jiajia recover Jaiden’s private key.
4. [18 marks] An alternative key distribution method suggested by a network vendor is
illustrated in the figure below.
Center (KDC) Responder B Initiator A
(1) IDa ||
(2) IDa || E(Ka, Na)
|| IDb || E(Kb, Nb)
|| E(Ka, [Ks
|| IDb || Na])
(4) E(Ka, [Ks
|| IDb || Na])
(a) Describe the scheme in steps.
(b) How do A and B know that the key is freshly generated?
(c) How could A and B know that the key is not available to other users in the
(d) Does this scheme ensure the authenticity of both A and B? Justify your answer.
5. [14 marks] Consider the following hash function based on RSA. The key < n, e > is
known to the public. A message M is represented by blocks of predefined fixed size
M1, M2, M3, …, Mm such that Mi < n. The hash is constructed by XOR the results
of encrypting all blocks. For example, the hash value of a message consisting of three
blocks is calculated by
H(M) = H(M1, M2, M3) = (Me
1 mod n) ⊕ (Me
2 mod n) ⊕ (Me
3 mod n)
Does this hash function satisfy each of the following requirements? Justify your answers (with examples if necessary).
(a) Variable input size
(b) Fixed output size
(c) Efficiency (easy to calculate)
(d) Preimage resistant
(e) Second preimage resistant
(f) Collision resistant
Submission and Evaluation
• You must submit a PDF document via the COMP90043 Assignment 2 submission
entry on the LMS by the due date. Handwritten, scanned images, and/or Microsoft
Word submissions are not acceptable — if you use Word, create a PDF version for
• Late submission will be possible, but a late submission will attract a penalty of 10%
available marks per day (or part thereof). Requests for extensions on medical grounds
will need to be supported by a medical certificate. Any request received less than 48
hours before the assessment date (or after the date) will generally not be accepted
except in the most extreme circumstances.
• This assignment will be marked out of 75 marks, and will contribute to 7.5% of your
total marks in this subject. Marks are primarily allocated for correctness of your
thinking and clarity of your communication, rather than (only) the correct result
without sufficient justification.
• We expect your work to be neat — parts of your submission that are difficult to read
or decipher will be deemed incorrect. Make sure that you have enough time towards
the end of the assignment to present your solutions carefully. Time you put in early
will usually turn out to be more productive than a last-minute effort.
• You are reminded that your submission for this assignment is to be your own individual
work. For many students, discussions with friends will form a natural part of the
undertaking of the assignment work. However, it is still an individual task. You
are welcome to discuss strategies to answer the questions, but not to share the work
(even draft solutions) on social media or discussion board. It is University policy
that cheating by students in any form is not permitted, and that work submitted for
assessment purposes must be the independent work of the student concerned.
Please see https://academicintegrity.unimelb.edu.au
If you have any questions, you are welcome to post them on the LMS discussion board
so long as you do not reveal details about your own solutions. You may also email the Head
Tutor, Lianglu Pan (email@example.com) or the Lecturer, Udaya Parampalli
(firstname.lastname@example.org). In your message, make sure you include COMP90043 in the
subject header. In the body of your message, include a precise description of the problem.