Pick one of the following three projects. The goal in the first two projects is to give you some hands on experience with crypto programming. There is no need to go overboard with features, etc.
Wenesday, Dec. 8th.
Project 1: Secure Tunnel
The goal is to build a secure tunnel that can be used tranparently by many applications such as a POP3 mail reader, ftp, etc. The secure tunnel is made up of two components: tunnel-server and tunnel-client. Tunnel-client runs on the client machine and waits for a connection from an application (e.g. a mail reader). When a connection to a local port is received the tunnel-client looks up the port number in an internal table and determines the name and port number of the remote service to contact. For example, the table might say that the local POP3 port is mapped to the POP3 port on the host mypop.com. The tunnel-client then connects to the tunnel-server on the remote host (e.g. mypop.com), establishes a secure session with the tunnel-server, and functions as a relay between the application and the remote service (e.g. the POP3 server). On the remote host, the tunnel-server accepts the connection from the client, establishes a secure session with the client and connects to the local service port (e.g. the local POP3 port). From that point on the tunnel-server acts as a relay between the remote application and the local service. The picture looks as follows:
You can implement the secure tunnel using either C or Java. The implementation is likely to be easier using Java.
Project 2: Authenticated Tunnel
The project framework is similar to the secure tunnel. You will build an authentication-server and an authentication-client. The picture above applies equally to the authenticated tunnel. Your goal is to enable the authentication-client to prove its identity to the authentication server. For example, you could use Fiat-Shamir authentication. In this case, the authentication-client has a Fiat-Shamir private-key, while the authentication-server has the corresponding Fiat-Shamir public key. You will implement the authentication protocol. If you wish, you are free to choose other authentication protocols.
It is recommended that you implement the authentication tunnel in Java. Use the BIGINT type to manipulate the required arithmetic operations. In addition to the authentication tunnel code you will need to write a short utility to generate a public/private key pair and write them to files. The public key file is given to the server while the private key file is given to the client.
Project 3: A couple of questions
Answer four of the following six questions. Try to solve these questions yourself. You are also free to research these questions by looking them up in textbooks and research papers.
Question 1: Show that 2-key 3-DES can be broken in time 256 using a chosen-ciphertext-attack.
Question 2: bit security of RSA. Recall that the RSA function is f(M) = Me mod N . This function is easy to compute, but hard to invert without the factorization of N. However given f(M) an attacker may still be able to compute some of the bits of M. Show that an attacker that always succeeds in computing the least significant bit of M given f(M) can completely break RSA. In other words, suppose you are given an oracle that given f(M) returns the least significant bit of M. Show that using this oracle it is possible to completely invert the function f (without knowing the factors of N).
Question 3: Let N be a large modulus. In class we described a zero-knowledge proof of knowledge for proving knowledge of the square root of x modulo N. Show a zero-knowledge proof of knowledge for proving knowledge of the fourth root of x modulo N. Try to minimize the number of rounds in your proof. Prove security of your protocol by giving a simulator and an extractor.
Question 4: Given a cryptosystem
Ek, define the randomized cryptosystem Fk by
Note that for the case of Fk the opponent has no control over the random pad R used in the creation of the given plaintext/ciphertext pairs. Prove that if Ek is secure against KR-RPA attacks then Fk is secure against KR-CPA attacks. Typically proofs of this type are done by proving the contra-positive: show that a KR-CPA attacker on Fk gives rise to a KR-RPA attacker on Ek .
Question 5: Compare the security features provided by SSL versus those provided by SSH.
Question 6: Factor the following number:
RSA-232 = 100988139787192354690956489430946858281823382195557395514112051620 \ 583102133852854537436610975715436366491338008491706516992170152473 \ 329438927028023438096090980497644054071120196541074755382494867277 \ 1374075011577182305398340606162079 (digits = 232, bits = 768)A factorization will get you an automatic `A+' and ten thousand dollars from RSA Labs.