Consider the following key-exchange protocol that is based on the one time pad a

Question

Consider the following key-exchange protocol that is based on the one time pad and perfect secrecy:

(a) Alice chooses a random key k and a random string r both of length n, and sends s = k r to Bob.

(b) Bob chooses a random string t of length n and sends u = s t to Alice.

(c) Alice computes w = u r and sends w to Bob.

(d) Alice outputs k and Bob computes w t. Show that Alice and Bob output the same key. Analyze the security of the scheme (i.e., either prove its security or show a concrete break).

Explanation / Answer

To analyze the security,We need to verify that w t = k.

From the data we can analyze the key as follows: -

w t = u r t .

u r t = s t r t

s t r t = k r t r t

k r t r t = k.

As we can easily compute k from the key taken by Bob,the protocol seems insecure. Indeed, an attacker can intercept s, u, w. Note, however, that wu = r and sr = k. Therefore the attacker can easily recover the key.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.