– In general, one can always compute a^{-1} mod b using the extended Euclidean algorithm. The details are in my book “Introduction to Modern Cryptography.”

– In this specific case, we know that the order of the group Z^*_{71} is 70 (because 71 is prime). Since a^{70} = 1 mod 71 for any a \in Z^*_{71}, we have that a^{-1} = a^{69} mod 71 for any a.

]]>[…]Lecture 1 « CMSC414: Computer/Network Security[…]…

]]>Eg:- p = 11 and g = 2. and x = 3 e =g^x mod p= 2^3 mod 11= 8. So the public keys are (2, 8, 11) and the private(secret) key is 3. Sender receives the public keys (2,8,11) chooses random value r = 4 and calculates C1 and C2 for the plaintext(m= 7).

C1=g^r mod p = 2^4 mod 11 =16 mod 11 =5

C2=m*(e^r) mod p =7*(8^4) mod 11 = 7*4096 mod 11=28672=6

sender sends (c1,c2) as (5,6)

m=C2*(C1^-1/x)) mod p=6*(5^-1/3) mod 11= 6*5^(11-1-3) mod 11= 6*5^7 mod 11=6*78125 mod 11=468750 mod 11=7 =m(plain text)

note : please do it manually so you can understand

chakravarthy

S.V.Arts College

Tirupati

andhra pradesh

India

In this post (http://www.mail-archive.com/cryptography@metzdowd.com/msg11041.html), a hash construction is proposed as follows.

C(x) = H1(H1(x) || H2(x))

The hope is that this construction is is stronger than either of its two underlying hash functions H1 and H2.

I am not sure, but I would intuitively say that the construction C is just as secure as H1.

Here is a try for proofing this intuition in which I am not sure:

let

y = C(X) = H1(H1(X) || H2(X)) = H1(X’) with X’ = (X’1 || X’2)

Consider the H1(X’) part of the construction. (|H1|+|H2|)-bit inputs are

mapped to (|H1|)-bit outputs. This means for every output “y” that are 2^(|

H2|) possible inputs.

Now, consider the probability of the following event:

y = C(K) = H1(H1(K) || H2(K)) = H1(X”).

This means find a X” hashing to y. There are 2^(|

H2|) such inputs as shown above.

Therefore we need to compute the probability

= Pr[H1(K) = X”1 and H2(K) = X”2]

= Pr[H1(K) = X”1] * Pr[ H2(K) = X”2]* 2^(|

H2|)

= 1/2^(|H1|)

Obviously, this is equal to the security level of H1.

Do you have any comments if I am thinking wrong or right?

]]>