Knowee
Questions
Features
Study Tools

Aldebaran computes cmsg = Enc(pkC , m), cdest = Enc(pkC , pkB ) and broadcasts (pkC , cmsg, cdest). Chandra observes the broadcast containing her public key. She then computes m = Dec(skC , cmsg) and pkdest = Dec(skC , cdest). Lastly, she re-encrypts c′ = Enc(pkdest, m) and broadcasts (pkdest, c′). Borealis identifies their public key in the broadcast and obtains the message m = Dec(skB , c′). state Secure or Insecure, and explain why that approach does or does not achieve the two desired notions of confidentiality described above.

Question

Aldebaran computes cmsg = Enc(pkC , m), cdest = Enc(pkC , pkB ) and broadcasts (pkC , cmsg, cdest). Chandra observes the broadcast containing her public key. She then computes m = Dec(skC , cmsg) and pkdest = Dec(skC , cdest). Lastly, she re-encrypts c′ = Enc(pkdest, m) and broadcasts (pkdest, c′). Borealis identifies their public key in the broadcast and obtains the message m = Dec(skB , c′). state Secure or Insecure, and explain why that approach does or does not achieve the two desired notions of confidentiality described above.

...expand
🧐 Not the exact question you are looking for?Go ask a question

Solution 1

This approach is Secure.

The two desired notions of confidentiality are:

  1. An eavesdropper who sees the ciphertext but does not know the secret key cannot determine anything about the plaintext.
  2. Even if an eavesdropper sees many ciphertexts of their choice, they still cannot determine anything about other plaintexts encrypted with the same key.

In the given scenario, Aldebaran encrypts the message m using Chandra's public key pkC, and also encrypts Borealis's public key pkB using Chandra's public key pkC. This encrypted message and key are then broadcasted.

Chandra, upon recognizing her public key, decrypts the message and the destination public key using her secret key skC. She then re-encrypts the message using the decrypted destination public key (which is Borealis's public key) and broadcasts it.

Borealis, upon recognizing his public key, decrypts the message using his secret key skB.

Throughout this process, an eavesdropper without the correct secret keys cannot decrypt the message or the destination public key. Even if they see many such broadcasts, they cannot determine anything about the plaintexts or the destination keys. Therefore, this approach achieves the desired notions of confidentiality.

This problem has been solved

Solution 2

The approach described is Secure.

Here's why:

  1. Confidentiality of the message: The message 'm' is always in encrypted form during transmission. Initially, it is encrypted by Aldebaran using Chandra's public key (pkC). Then, Chandra decrypts it using her private key (skC) and re-encrypts it using Borealis's public key (pkB) before broadcasting. Thus, an eavesdropper cannot read the message without the corresponding private keys.

  2. Confidentiality of the receiver's identity: The receiver's public key (pkB) is also always in encrypted form during transmission. Initially, it is encrypted by Aldebaran using Chandra's public key (pkC). Then, Chandra decrypts it using her private key (skC) and uses it to re-encrypt the message. Thus, an eavesdropper cannot identify the receiver without Chandra's private key.

In both cases, the security relies on the difficulty of obtaining the private keys from the corresponding public keys, which is a fundamental assumption of public key cryptography.

This problem has been solved

Similar Questions

Aldebaran computes cmsg = Enc(pkC, m), cdest = Enc(pkC, pkB) and broadcasts(pkC, cmsg, cdest). Chandra observes the broadcast containing her public key. She then decrypts the destination address as pkdest = Dec(skC, cdest) and broadcasts (pkdest, cmsg). Borealis then obtains the message as m = Dec(skB, cmsg).Is it secure?

(Sign-then-Encrypt 1) Aldebaran computes σ = Sign(sk′ A, m), and cσ = Enc(pkC, σ). Aldebaran sends this ciphertext along with their usual broadcast(pkC, cdest, cmsg). Chandra performs her usual steps, as well as decrypting to obtain σ = Dec(skC, cσ). She sends it along with her usual broadcast (pkB, c′ msg) for Borealis. Lastly, Borealis, decrypts to obtain the message m. Borealis believes the message should have come from Aldebaran. He runs Verify(pk′ A, m, σ) and is satisfied only if the signature accepts.

. For each approach, state Secure or Insecure, and explain why that approach does or does not achieve the two desired notions of confidentiality described above.Aldebaran computes cmsg = Enc(pkC, m), cdest = Enc(pkC, pkB) and broadcasts(pkC, cmsg, cdest). Chandra observes the broadcast containing her public key. She then computes m = Dec(skC, cmsg) and pkdest = Dec(skC, cdest) and broadcasts (pkdest, m). Borealis identi￾fies their public key in the broadcast and obtains the message m. 1 (d) Aldebaran computes cmsg = Enc(pkC, m), cdest = Enc(pkC, pkB) and broadcasts(pkC, cmsg, cdest). Chandra observes the broadcast containing her public key. She then computes m = Dec(skC, cmsg) and pkdest = Dec(skC, cdest). Lastly, she re-encrypts c ′ = Enc(pkdest, m) and broadcasts (pkdest, c′ ). Borealis identifies their public key in the broadcast and obtains the message m = Dec(skB, c′ ).

) The consortium decide to implement the final approach described in question 1, using Elgamal public key encryption with the following parameters: (p, g) = (103, 5). Aldebaran’s public key is pkA = 51, Borealis’ public key is pkB = 55 and Chandra’s public key is pkC = 38. Some time later, Chandra receives a different broadcast (38, cmsg, cdest) where cdest = (55, 10) and cmsg = (c1, c2) = ((101, 28),(90, 94)). i. (2 marks) Confirm whether or not Chandra’s public key corresponds to her secret key skC = 22. ii. (5 marks) Who is the final intended recipient of the message? (Hint: compute the Elgamal decryption Dec(skC, cdest) and compare with the known public keys.) iii. (6 marks) Hence, what does Chandra broadcast? (Hint: compute the Elgamal decryptions Dec(skC, c1) and Dec(skC, c2))

Some time later, Chandra receives a different broadcast (38, cmsg, cdest) where cdest = (55, 10) and cmsg = (c1, c2) = ((101, 28),(90, 94)). i. (2 marks) Confirm whether or not Chandra’s public key corresponds to her secret key skC = 22. ii. (5 marks) Who is the final intended recipient of the message? (Hint: compute the Elgamal decryption Dec(skC, cdest) and compare with the known public keys.) iii. (6 marks) Hence, what does Chandra broadcast? (Hint: compute the Elgamal decryptions Dec(skC, c1) and Dec(skC, c2))

1/2

Upgrade your grade with Knowee

Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.