Recent Forum Posts
From categories:
page 1123...next »

שאלה שסיקרנה אותי שחשבתי שאולי אקבל לה מענה:

כאשר מתחברים לכבלים, האם למעשה אנו משלמים על קבלת מפתח פיענוח להודעות המוצפנות של חברות הכבלים?

שאלה מעניינת! כנסו! by מר סקרן (guest), 31 Mar 2017 15:51

מר מגניב, מר פינקל, ומר מצטרף לשאלה, שלום

מצורפת בזאת סקיצה של פתרון השאלה

Cain got $z^{10} \pmod {N_1}$ and $z^{22} \pmod {N_1}$. Using extended gcd to compute inverses modulo $N_1$, he can compute $z^{2} \pmod {N_1}$ (using the fact that $22-2\cdot 10 = 2$). Likewise, Cain got $z^{16} \pmod {N_2}$ and $z^{6} \pmod {N_2}$. Using extended gcd (and the fact that $3\cdot 6- 16 = 2$), he can compute $z^{2} \pmod {N_2}$.

Note that typically $z^{2} > N_1$, $z^{2} > {N_2}$ (over the integers), and taking square roots of $z^{2} \pmod {N_1}$, $z^{2} \pmod {N_2}$ modulo any of these moduli (individually) is as hard as factoring.

Using the Chinese remainder theorem, Cain can efficiently find an integer $r, \ \ 0 \leq r < N_1N_2$ such that $r = z^{2} \pmod {N_1}$ and $r = z^{2} \pmod {N_2}$. Since $z < N_1$ and $z< {N_2}$, we have $z^{2} < N_1N_2$, and therefore such $r$ will satisfy $r = z^2$ (without any modular reductions). So we got $z^{2}$, and we can now take its square root over the integers, which can be efficiently computed.

by benny_chorbenny_chor, 18 Mar 2017 18:48
מר מצטרף לשאלה (guest) 17 Mar 2017 14:10
in discussion Forum / Course Forum, Fall 2016/2017 » שאלה 5 מהמבחן

שלום,
אשמח גם כן לתשובה לגבי השאלה הזאת, או לפחות לפרסום סקיצה לפתרון שלה.
סופ"ש נעים

by מר מצטרף לשאלה (guest), 17 Mar 2017 14:10

היא גם בקשה ממנו למסור לך שאתה מרצה מספר 1

by sheldon cooper (guest), 16 Mar 2017 20:47
by sheldon cooper (guest), 16 Mar 2017 16:19

הציונים יימסרו למזכירות ביום א׳ הקרוב, אי״ה.

ד״ש לאיימי פארה פאולר!

by benny_chorbenny_chor, 16 Mar 2017 14:03
by sheldon cooper (guest), 15 Mar 2017 19:14

אני מצטרף לשאלה, ומוסיף: האם תוכלו בבקשה לפרסם פיתרון לשאלה הזאת?

שאלה 5 מהמבחן
מר מגניב (guest) 27 Feb 2017 17:50
in discussion Forum / Course Forum, Fall 2016/2017 » שאלה 5 מהמבחן

שלום לכולם,
במבחן במועד ב', שאלה 5 אליס ובוב חשדו כי יש בעיה קטנה בשאלה והיו רוצים לקבל את חוות הדעת של בני ואורית.

if i remember well it was given that:
gcd(10, fi(p1q1)) = gcd(10, (p1-1)(q1-1)) =1 which is only possible if q1 =2 or p1=2.
same goes for gcd(6, fi(p2q2)).

and so, we will get that 2|N1 and also 2|N2, which is a contradiction to the fact that gcd(N1, N2) =1.

האם אני מפספס משהו?

המשך יום נעים,
מר מגניב.

שאלה 5 מהמבחן by מר מגניב (guest), 27 Feb 2017 17:50

1. Yes
2. Note that this is a public key encryption, so the encryption key is known and he can compute the encryption of the message.
This does not mean he can distinguish between two encryptions of m_0, m_1. A public key encryption must be randomized, so two encryptions of m_0 will have two different results.
If a PKE were deterministic, then it wouldn't be secure (because then the adversary could distinguish between E(m_0) and E(m_1))

Given some $s \in Z^*_{pq}$, you can efficiently compute its inverse modulo $pq$ by using extended gcd.
Computing the inverse of $e$ modulo modulo $(p-1)(q-1)$ is a different story because you do not know $(p-1)(q-1)$.
If $(p-1)(q-1)$ was known, then you can certainly apply extended gcd. However, finding $(p-1)(q-1)$ will also enable you
to factor $pq$.

Hi,

In the soultion of question number 2, section b it stated that: "Benny would calculate t = a^e * y^-1"
But, according to question Benny does not hold p and q (the only private info Benny has is x).

As I recall when the factoraztion of pq is not known it is considered hard to find y^-1 when we only have y.
This is true from the same reason it's hard to find d = e^-1 in RSA.

What am i missing?

thanks!

A question about Moed A sol by sherlok (guest), 24 Feb 2017 17:47

Indeed, interesting and relevant. We often assume certain properties hold, and such assumptions may be violated (though this happens quite rarely).
It is always worthwhile to think what would be the consequences of such violations.
It is also worth noting that earlier attacks against SHA-1, despite being less efficient, had cast some doubts on its long term security.

Thanks much to the curious student for pointing it out!

כמובן. אלו הן גם הדרישות של האוניברסיטה.
מאידך אין לצפות כי המבחנים בשני המועדים יהיו זהים.

Re: חומר למבחן by benny_chorbenny_chor, 24 Feb 2017 16:09

1.in recitation 3 slide 7 a definiton for epsilon-indistinguishable is presented,
is it equivalent to the following definiton ?
let d be choosen randomly from D0 union D1
P[A(d) gives the right answer (A answers D0 or D1)] <= 0.5 + epsilon

2. in recitation 7, slide 11 security for muliple encryptions is proven.
the adversary A2 in this proof tries to distinguish between two vectors of encrypted msgs.
as part of the proof, there is another adversary A1 who is trying to distinguish between two encrypted msgs ,
to do so he calls for A2.
according to the proof presented in the recitation A1 can compute the encryption of a given msg - this makes no sense to me,
since if A1 could compute the encryption of a single msg, he could always distinguish between two encrypted msgs. (without calling A2)

a few questions regrading the recitation by eilon (guest), 24 Feb 2017 12:41
חומר למבחן
אביחי (guest) 23 Feb 2017 18:41
in discussion Forum / Course Forum, Fall 2016/2017 » חומר למבחן

אפשר להניח שהחומר למועד ב' הוא אותו הדבר כמו המועד א', נכון?

חומר למבחן by אביחי (guest), 23 Feb 2017 18:41

https ://security.googleblog .com/2017/02/announcing-first-sha1-collision.html?m=1
(remove the spaces in the middle)

Thought this might be interesting 4 days before the Moed Bet... by just a curious student (guest), 23 Feb 2017 13:56
benny_chorbenny_chor 13 Feb 2017 21:23
in discussion Forum / Course Forum, Fall 2016/2017 » appeal

לא נדרשתם לכתוב את הנימוקים והתשובות בנפרד. מה יכול להניע אותנו לדרוש זאת?
אבל יש לנו גם מספר עיסוקים נוספים ולכן בדיקת הערעורים תיקח עוד מספר ימים.

by benny_chorbenny_chor, 13 Feb 2017 21:23
appeal (guest) 12 Feb 2017 07:34
in discussion Forum / Course Forum, Fall 2016/2017 » appeal

i've sent the appeal 5 days ago where i wrote both the "NIMUKIM" and the answers them selves rewritten
i got no reply to this.
if you've ment that we need to rewrite the answers on a differenet file i miss understood and now its been more then 5 days since the time you published the grades
what can i do?

by appeal (guest), 12 Feb 2017 07:34
page 1123...next »
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License