Alice and Bob agree to communicate privately via email using a scheme based on R
ID: 3692962 • Letter: A
Question
Alice and Bob agree to communicate privately via email using a scheme based on RC4, but they want to avoid using a new secret key for each transmission. Alice and Bob privately agree on a 128-bit key k. To encrypt a message m, consisting of a string of bits, the following procedure is used. 1. Choose a random 80-bit value v 2. Generate the ciphertext c = RC4(v } k) m 3. Send the bit string (v } c) a. Suppose Alice uses this procedure to send a message m to Bob. Describe how Bob can recover the message m from (v } c) using k. b. If an adversary observes several values (v1}c1),(v2}c2),... transmitted between Alice and Bob, how can he/she determine when the same key stream has been used to encrypt two messages? c. Approximately how many messages can Alice expect to send before the same key stream will be used twice? Use the result from the birthday paradox described in Appendix 11A [Equation (11.7)]. d. What does this imply about the lifetime of the key k (i.e., the number of messages that can be encrypted using k)?Explanation / Answer
First consider the 80 bits for v||C,
Now initialize the the vector of v.
Bur the v,c,k are known then there is possibility to recover the mesage
mean decrypted.
. If the adversary observes that vi = vj for distinct i, j then he/she knows that the same key stream was used to encrypt both mi and mj. In this case, the messages mi and mj may be vulnerable to the type of cryptanalysis carried out in the above part.
Since the key is fixed, the key stream varies with the choice of the 80-bit v, which is selected randomly. Thus, after approximately
sqrt(2^80) = 2^40.
messages are sent, we expect the same v, and hence the same key stream, to be used more than once.
The key k should be changed sometime before 2^40 messages are sent.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.