8.5. Compute the two public keys and the common key for the DHKE scheme with the parameters p=467,=2, and 1. a3,b5 2. a=400,b=134 3. a=228,b=57 8.13. Encrypt the following messages with the Elgamal scheme (p=467 and = 2): 1. kpr=d=10.5,i=21.3,x=3.3 2. kprd105,i123,x33 3. kpr=d=300,i=45,x=248 4. kprd300,i47,x248 Now decrypt every ciphertext and show all steps. 10.1. In Sect. 10.1.3 we state that sender (or message) authentication always implies data integrity. Why? Is the opposite true too, i.e., does data integrity imply sender authentication? Justify both answers. 10.2. In this exercise, we want to consider some basic aspects of security services. 1. Does privacy always guarantee integrity? Justify your answer. 2. In which order should confidentiality and integrity be assured (should the entire message be encrypted first or last)? Give the rationale for your answer. 10.3. Design a security service that provides data integrity, data confidentiality and nonrcpudiation using public-kcy cryptography in a two-party communication system over an insecure channel. Give a rationale that data integrity, confidentiality and nonrepudiation are achieved by your solution. (Recommendation: Consider the corresponding threats in your argumentation.) 10.5. Given an RSA signature scheme with the public key (n=9797,e=131), which of the following signatures are valid? 1. (x=123,sig(x)=6292) 2. (x=4333,sig(x)=4768) 3. (x=4333,sig(x)=1424) 10.6. Given an RSA signature scheme with the public key (n=9797,e=131), show how Oscar can perform an existential forgery attack by providing an example of such for the parameters of the RSA digital signature scheme. 10.3. Design a security service that provides data integrity, data confidentiality and nonrepudiation using public-key cryptography in a two-party communication system over an insecure channel. Give a rationale that data integrity, confidentiality and nonrepudiation are achieved by your solution. (Recommendation: Consider the corresponding threats in your argumentation.) 10.5. Given an RSA signature scheme with the public key (n=9797,e=131), which of the following signatures are valid? 1. (x=123,sig(x)=6292) 2. (x=4333,sig(x)=4768) 3. (x=4333,sig(x)=1424) 10.6. Given an RSA signature scheme with the public key (n=9797,e=131), show how Oscar can perform an existential forgery attack by providing an example of such for the parameters of the RSA digital signature scheme. 10.10. We now consider the Elgamal signature scheme. You are given Bob's private key Kpr(d)(67) and the corresponding public key Kpub(p,,) (97,23,15). 1. Calculate the Elgamal signature (r,s) and the corresponding verification for a message from Bob to Alice with the following messages x and ephemeral keys kE : a. x17 and kE31 10.11. Given is an Elgamal signature scheme with p=31,=3 and =6. You receive the message x10 twice with the signatures (r,s) : (i) (17,5) (ii) (13,15) 1. Are both signatures valid? 2. How many valid signatures are there for each message x and the specific parameters chosen above? 10.14. The parameters of DSA are given by p=59,q=29,=3, and Bob's private key is d=23. Show the process of signing (Bob) and verification (Alice) for following hash values h(x) and ephemeral keys kE : 1. h(x)17,kE25 2. h(x)2,kE13 3. h(x)=21,kE8 11.3. Draw a block digram for the following hash functions built from a block cipher e() : 1. e(Hi1,xi)xi 2. e(Hi1,xiHi1)xiHi1 3. e(Hi1,xi)xiHi1 11.5. We consider three different hash functions which produce outputs of lengths 64,128 and 160 bit. After how many random inputs do we have a probability of =0.5 for a collision? After how many random inputs do we have a probability of 0.1 for a collision? 11.6. Describe how exactly you would perform a collision search to find a pair x1, x2, such that h(x1)=h(x2) for a given hash function h. What are the memory requirements for this type of search if the hash function has an output length of n bits