Homework #5 SolutionsQuestion 1 - TimestampingQuestion 1aSlide 4Slide 5Question 1bSlide 7Question 2 – Encrypting Mail to Mailing ListsQuestion 2aSlide 10Slide 11Question 2bQuestion 2cSlide 14Question 2dSlide 16Question 2eSlide 18Question 3 – Subscribe ProtocolQuestion 3 – SolutionSlide 21Question 4 – Group Symmetric KeySlide 23Question 4Slide 25Slide 26Slide 27Homework #5Homework #5SolutionsSolutionsBrian A. LaMacchiaBrian A. [email protected]@[email protected]@microsoft.comPortions © 2002-2006, Brian A. LaMacchia. This material is provided without warranty of any kind including, without limitation, warranty of non-infringement or suitability for any purpose. This material is not guaranteed to be error free and is intended for instructional use only.February 7, 2006February 7, 2006Practical Aspects of Modern CryptographyPractical Aspects of Modern Cryptography22Question 1 - Question 1 - TimestampingTimestampingClients send the timestamping Clients send the timestamping service a hash value.service a hash value.The service signs the hash value The service signs the hash value together with the current time, together with the current time, producing a producing a timestamping timestamping receipt.receipt.The timestamping receipt is The timestamping receipt is then sent back to the client, then sent back to the client, who can do whatever he wants who can do whatever he wants with it (typically, archive it with it (typically, archive it and/or send it along with the and/or send it along with the signature).signature).February 7, 2006February 7, 2006Practical Aspects of Modern CryptographyPractical Aspects of Modern Cryptography33Question 1aQuestion 1aWhat information would you What information would you include in the receipt?include in the receipt?Why are you including it?Why are you including it?What’s the minimum size in What’s the minimum size in bytes of the information you bytes of the information you have to include?have to include?Assumptions:Assumptions:Hash values sent to you by clients Hash values sent to you by clients are all SHA2-256 hashes and are are all SHA2-256 hashes and are thus 32 bytes in size.thus 32 bytes in size.Time is expressed using the Time is expressed using the GeneralizedTime structure, which GeneralizedTime structure, which is 15 bytes in length. is 15 bytes in length.February 7, 2006February 7, 2006Practical Aspects of Modern CryptographyPractical Aspects of Modern Cryptography44Question 1aQuestion 1aMinimum set:Minimum set:The hash value the client submitted to the The hash value the client submitted to the timestamp service (32 bytes)timestamp service (32 bytes)The timestamping time (15 bytes)The timestamping time (15 bytes)An identifier for the signature algorithm the An identifier for the signature algorithm the timestamp service is going to use to sign timestamp service is going to use to sign the receiptthe receiptThis includes the algorithm the service This includes the algorithm the service uses to hash the receipt contents (e.g. uses to hash the receipt contents (e.g. “RSA-SHA2-256”)“RSA-SHA2-256”)Variable length, could be as small as 1 Variable length, could be as small as 1 byte, but is probably at least 4 bytes. byte, but is probably at least 4 bytes. Anything reasonable is OK so long as you Anything reasonable is OK so long as you justified it.justified it.The timestamp server’s signature will The timestamp server’s signature will take another 256 bytes (assuming RSA take another 256 bytes (assuming RSA with 2048-bit keys)with 2048-bit keys)Per my e-mail, since by “included” I had Per my e-mail, since by “included” I had intended “included in the to-be-signed intended “included in the to-be-signed part”, you didn’t have to include the part”, you didn’t have to include the signature (it’s OK if you did)signature (it’s OK if you did)February 7, 2006February 7, 2006Practical Aspects of Modern CryptographyPractical Aspects of Modern Cryptography55Question 1aQuestion 1aWhat additional information What additional information would you include? Some would you include? Some possibilities:possibilities:Version numbersVersion numbersE.g. For the receipt format (~4 E.g. For the receipt format (~4 bytes typically)bytes typically)Public key of the timestamp Public key of the timestamp authorityauthorityAssume ~260 bytes (256 bytes Assume ~260 bytes (256 bytes for a 2048-bit public key, 4 for a 2048-bit public key, 4 bytes for e if it’s short)bytes for e if it’s short)Certificates for the timestamp Certificates for the timestamp authorityauthorityThese would be at least 512 These would be at least 512 bytes each (subject public key + bytes each (subject public key + issuer signature), probably 1K issuer signature), probably 1K or more in practice.or more in practice.February 7, 2006February 7, 2006Practical Aspects of Modern CryptographyPractical Aspects of Modern Cryptography66Question 1bQuestion 1bDescribe how you could modify Describe how you could modify the operation of your the operation of your timestamping service to defend timestamping service to defend against fraudulent insertion of against fraudulent insertion of timestamps “after the fact”. timestamps “after the fact”. What additional information do What additional information do you have to add to the you have to add to the timestamping receipt to effect timestamping receipt to effect this change?this change?February 7, 2006February 7, 2006Practical Aspects of Modern CryptographyPractical Aspects of Modern Cryptography77Question 1bQuestion 1bOne way to do this is to link the One way to do this is to link the timestamping receipts together by timestamping receipts together by “hash chaining”“hash chaining”Include the hash of the nth receipt Include the hash of the nth receipt within the to-be-signed info of the within the to-be-signed info of the (n+1)st receipt.(n+1)st receipt.Every so often (daily, weekly) widely Every so often (daily, weekly) widely publish (e.g. NYT classifieds) the hash of publish (e.g. NYT classifieds) the hash of the last issued timestamp.the last issued timestamp.Only adds 32 bytes to the receipt (size Only adds 32 bytes to the receipt (size of a SHA2-256 hash)of a SHA2-256 hash)"How to Timestamp a Digital Document," S. "How to Timestamp a Digital Document," S.
View Full Document
Unlocking...