# A Classical Introduction to Cryptography Exercise BookCryptographic Protocols

A Classical Introduction to Cryptography Exercise Book: Cryptographic Protocols Chapter 11 Exercises Exercise 1 Breaking the RDSA Identification Scheme An identification scheme is an interactive protocol in which a prover wants to convince a verifier that he knows some private information. It can be used, for instance, in access control. The original RDSA iden- tification scheme was proposed by Ingrid Biehl, Johannes Buchmann, Safuat Hamdy, and Andreas Meyer in [2]. The security issues about this scheme were raised by Pierre-Alain Fouque and Guillaume Poupard in PI Let s and t be some given security parameters (e.g., s = 1024 bits and t = 160 bits). We assume that the prover and the verifier have set up some public parameters, that the prover (only) has a private key, and that the verifier has the public key of the prover. Those values are set up as follows. Public Parameters: a large integer n of size s, an element y E ZE, a prime q of size t Private Key: an integer a E [2, q - 11 Public Key: a = ya mod n Following the identification scheme on Figure 11.1, the prover convinces the verifier that he knows the private key without disclosing it. EXERCISE BOOK Prover Verifier choose http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png

# A Classical Introduction to Cryptography Exercise BookCryptographic Protocols

18 pages

/lp/springer-journals/a-classical-introduction-to-cryptography-exercise-book-cryptographic-voZR9Z886s
Publisher
Springer US
ISBN
978-0-387-27934-3
Pages
211 –229
DOI
10.1007/0-387-28835-X_11
Publisher site
See Chapter on Publisher Site

### Abstract

Chapter 11 Exercises Exercise 1 Breaking the RDSA Identification Scheme An identification scheme is an interactive protocol in which a prover wants to convince a verifier that he knows some private information. It can be used, for instance, in access control. The original RDSA iden- tification scheme was proposed by Ingrid Biehl, Johannes Buchmann, Safuat Hamdy, and Andreas Meyer in [2]. The security issues about this scheme were raised by Pierre-Alain Fouque and Guillaume Poupard in PI Let s and t be some given security parameters (e.g., s = 1024 bits and t = 160 bits). We assume that the prover and the verifier have set up some public parameters, that the prover (only) has a private key, and that the verifier has the public key of the prover. Those values are set up as follows. Public Parameters: a large integer n of size s, an element y E ZE, a prime q of size t Private Key: an integer a E [2, q - 11 Public Key: a = ya mod n Following the identification scheme on Figure 11.1, the prover convinces the verifier that he knows the private key without disclosing it. EXERCISE BOOK Prover Verifier choose

Published: Jan 1, 2006

Keywords: Hash Function; Signature Scheme; Blind Signature; Pseudorandom Number Generator; Cryptographic Protocol

### There are no references for this article.

Access the full text.

Sign up today, get DeepDyve free for 14 days.