Cryptography Week 7 Quiz Answer

Cryptography Week 7 Quiz Answer

By University Of Maryland

Cryptography Quiz 7

Digital Signatures

Q1) The Federal Government wants to be able to issue advisories to the general public while ensuring that no one will be able to tamper with their messages or spoof a fake advisory. Which of the following is the best cryptographic approach to address this problem?

• Use a digital signature scheme, with the public key known to everyone, to sign each advisory when it is released.

• Use a message authentication code, with the key known to everyone, to generate a tag for each advisory when It is released.

• Use multiple message authentication codes, with each member of the public being given a unique key, and generate one tag per key each time an advisory is released.

• Use a public-key encryption scheme, with the public key known to everyone, and decrypt each advisory when it is released.



Q2) The president and vice president of a company want to communicate while ensuring integrity of their communication. Which of the following is the best cryptographic approach to address this problem?

• Use a digital signature scheme, with the public key known to everyone, and sign each message they send.

• Use a CPA-secure private key encryption scheme, with the key shared between them, and encrypt each message they send.

• O Use a message authentication code, with the key shared between them, and generate a tag for each message they send.

• Use a message authentication code, with the key made public, and generate a tag for each message they send.

Q3) Assume for the purposes of this question a digital signature scheme for which the time to sign a 256-bit message is 100 times slower than the time to evaluate SHA-256 on a 512-bit input. Which of the following is true if we want to sign a 500MB message M?

• We can sign M by simply hashing it, and avoid using the digital signature scheme altogether

• Signing M using the given scheme is not possible, since it only supports 256-bit messages.

• We can securely sign M by breaking it into 256-bit chunks, and signing each chunk.

• if the hash-and-sign approach is used, then signing M will take roughly the same time as hashing M.



Q4) Assume the "plain" RSA signature scheme, with public key (N = 55, e = 3). Which of the following verifies correctly as the signature on the message m = 17?

• 8 

• 7

• 4

• 43



Q5) Assume the "plain" RSA signature scheme with public key (N, e = 3). For which of the following messages is it always possible to forge a signature without seeing any prior signatures or factoring N? (Assume N > 1000, and N relatively prime to each of the messages that follow.)

• 27

• 37

• 2

• 47

Q6) Assume the "plain" RSA signature scheme with public key (Ne). Say we want to forge a signature on m = 289 but can only obtain a signature on one other message. Which of the following strategies will work? (Assume N > 1000.)

• Obtain signature o on m' = 288. Output 0 + 1 mod N as the signature on m.

• Obtain signature o on m' = 578. Output 2-1.0 mod N as the signature on m. 

• Obtain signature o on m' = 288. Output o - 1 mod N as the signature on m 

• Obtain signature o on m' = 17. Output (o2 mod N) as the signature on m.



Q7) In this and the next question, assume the Schnorr identification protocol is run in the subgroup of Z3 generated by 2. (This subgroup has order 11.) Say the prover's private key is x = 7. What is the prover's public key?

• 14

• 3 

• 13

• 7

Q8) (This is a continuation of the previous question.) Say the prover runs an execution of the Schnorr identification protocol with a verifier. The prover chooses r = 4 and sends A = 16. The verifler sends challenge 3. What response does the prover send? 

• 3 

• 7 

• 13

• 4



Q9)As in the lectures, let cert 4-5 denote a certificate issued by A for B. i.e., cert-B = Sign.,(Bpkb). Assuming D knows pkc and trusts C, which of the following provides evidence to D that A's public key is pk A?

• Cert_C->B, pk_B, cert_B->A, and pk_A.



Q10) Consider the SSL/TLS handshake protocol as described on slide 5 of the SSL/TLS lecture. Say the encryption of pmk were changed from using a CCA-secure public-key encryption scheme to using a CPA-secure public-key encryption scheme. Which of the following attacks would this change potentially enable ?

• A passive eavesdropper can now learn Nc and Ng.In combination with other known information, this allows the attacker to recover mk.

• An attacker can impersonate the server by sending its own public key pk to the client. By doing so, it can convince the client to encrypt pmk again, but this time using a public key for which the attacker can decrypt.

• An attacker can eavesdrop on an execution of the protocol to learn the ciphertext c. Then, it can impersonate the client, send modified versions of c to the server, and learn pmk by using information about whether the server returns an error or not in response to these ciphertexts.

• A passive eavesdropper can now learn prk. In combination with Nc and Ns, this allows the attacker to recover mk.

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Cryptography

• Cryptography Week 1 Quiz Answer

• Cryptography Week 2 Quiz Answer

• Cryptography Week 3 Quiz Answer

• Cryptography Week 4 Quiz Answer

• Cryptography Week 5 Quiz Answer

• Cryptography Week 6 Quiz Answer

• Cryptography Week 7 Quiz Answer

• Cryptography Final Quiz Answer Coursera

-----------------------------------------------------------------------------------------------------------------------------------------------------------