Cryptography II
VCSG-706
Spring 2012

Assignment 1, due Monday, March 26

Decrypt the ElGamal ciphertext from the table 6.3 page 278. The parameters of the system are p = 31847 = 1 + 2*15923 (15923 is prime), alpha=5, a=7899 and beta=18074. Each element of Z_p represents three alphabetic characters as in Exercise 5.12 page 227. You may use parts of the code from previous quarter assignments. What are the secret values of parameter k used for encryption? Use both Shanks' algorithm and brute force (for verification) to find them. Note, that k's are not needed for the decryption (In this toy example they can be found with the help of any discrete logarithm algorithm). Find the first 30 values of k.

Submit the following:

• brief explanations what you did
• hardcopy of the source code of your programs
• original plaintexts
• list of recovered values of k

Assignment 2, due Wednesday, April 11

Part I

The goal of this exercise is to explore experimentally the structure of cyclic multiplicative subgroups in Z_p, Z_p², and GF(p²), for p=131.

1. Use naive algorithm to compute orders of all elements in Z^*_p. Identify all primitive elements, and find the number of elements of each order. Show a complete isomorphism from (Z^*_p,*) to (Z_p-1,+) using the smallest primitive element (i.e. simply list all powers of this generator in order).
2. Use naive algorithm to find the number of elements of each order in Z_p², and list 15 smallest primitive elements. Illustrate the computations of discrete logarithm of 103 in Z_p² with base equal to the smallest primitive element (generator) using Pohlig-Hellman algorithm (similarly to example 6.4 p. 243).
3. First show that (x²+1) is irreducible in Z_p[x]. Next, represent GF(p²) by polynomials modulo (x²+1). Use naive algorithm to find the number of elements of each order in GF(p²), and list 15 smallest monic primitive (generators with coefficient 1 in the highest degree term) elements. Illustrate the computation of discrete logarithm of (x+101) with base equal to the smallest such generator using Shanks' algorithm. algorithm.

Submit the following:

• printed data as requested in 1, 2 and 3 above
• explanations what you did for each item
• hardcopy of the source code of your programs (only new ones written for this assignment)

Part II

Solve by hand exercises 6.10 and 6.11 page 277. Some software for checking can be used but the point of this exercise is to discover the details of the computational steps.

Assignment 3, due Wednesday, April 25

Some exercises on elliptic curves.

1. Solve exercise 6.13 page 278.
2. Solve exercise 6.16 page 279.
3. Solve exercise 6.17 page 279.
4. Solve exercise 6.18 page 279. In (a) show the intermediate values of variables.

5. Proving associativity of point addition on elliptic curves is quite complicated. In this exercise you will do just a special case of it. Suppose that points P=(p1,p2) and Q=(q1,q2), p1 not equal to q1, are on an elliptic curve E (either real or modular). It is obvious that ((-P) + P) + Q = Q. Prove that (-P) + (P + Q) = Q by
   • using geometric reasoning on the plane
   • using only algebraic transformations defining point addition

Assignment 4, due Wednesday, May 9

NAF

1. Solve exercise 6.19 page 279* (for volunteers, extra credit).

Digital signatures

1. Solve exercise 7.1 page 318.
2. Solve exercise 7.6 page 319.
3. Solve exercise 7.7 page 319.
4. Solve exercise 7.9 page 320.
   In the SHA-3 competition NIST requested that the new hash has to be 0-preimage resistant.
5. Solve exercise 7.13 page 320.

Student presentations, May

Final exam, Wednesday, May 23, 6-8pm, 76-1155

Back to the course page