CSI2108–Cryptographic Concepts

Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due

CSI2108–Cryptographic Concepts

Portfolio Assignment Part 2 (30%)

DUE DATE: 6 May 2024, Monday 5PM

In the workshops throughout this  semester,  we will learn about and explore  various cryptographic concepts and algorithms. As part of this process we will investigate how to make ciphers more secure and how they can be attacked, and the advantages and disadvantages of different kinds of codes and ciphers.

This assignment asks you to formalise your workshop tasks into a portfolio of cryptographic algorithms. You will be building several different algorithms in the program(s) of your choice, documenting and explaining your design choices, and critiquing the ciphers you have built.

In this assignment, the focus is not necessarily on building the best possible ciphers, but about being thoughtful and deliberate about your choices. It is about being able to explain and justify your choices, and about demonstrating an understanding of the strengths and weaknesses of the ciphers you have created.

This part of the portfolio assignment must be completed individually.

This document describes Part 2 of the Portfolio, is worth 30 marks. It focuses on the concepts in Modules 6-8 (RSA, hash functions, digital signatures and message authentication codes). Submission of Portfolio Part 2 is due in Week 11. It is recommended that you read the feedback from Part 1 before you submit Part 2!

To get started on this assignment, read the Portfolio Part 2 instructions and Submission instructionsbelow, making note of the mark distribution for each question and what is expected of you.  Make sure you  read through the advice on academic  integrity to be  sure what is acceptable in this assignment and where to get help if you need advice. Post in the Canvas discussion board if you have any questions.

PORTFOLIO ASSIGNMENT INSTRUCTIONS PART 2 (30 marks)

This section of the Portfolio concentrates on asymmetric ciphers and hash functions.

Asymmetric ciphers like RSA are useful in performing tasks like the exchange of symmetric keys and providing message integrity and authentication through digital signatures.

Complete the following tasks in the programming language of your choice. You may use the MS Excel template codes provided in Canvas for the unit, or you may design your own code using Python or other languages. You will submit your code as part of the assignment, together with a video explaining your code and a written submission giving your answers to any questions not addressed in your video.

Any code you use which has not been provided within the unit and which has been written by a third party, including generative AI, must be clearly referenced and explained.

Background: Alice has encrypted the message X using the symmetric cipher decided in Portfolio Part 1. She now needs to send Bob the key K to this cipher, along with a digital signature or MAC to assure Bob he can trust what he has received.

4.  (Week 6) Design code which encrypts and decrypts your symmetric cipher key K using RSA, using prime numbers and which are both greater than 20. You can use the key from either of your symmetric ciphers (i.e. stream or block ciphers) from Portfolio Part 1. Make sure to state what key K you will be encrypting (e.g. K = “cake”). (6 MARKS) In your video/documentation:

- Explain how you created Bob’s RSA public/private key pair.

- Describe how Alice will encrypt the key K and how Bob will decrypt it. (Leave any ciphertext as numerical values – do not convert to alphabetic characters.) As part of your answer, you will need to consider how to encrypt a key which may be larger than the modulus n, and how calculations should be done in the most efficient way.

[Your video should include an explanation of the steps of your code, as well as a demonstration of your code performing the RSA encryption and decryption of K.]

Marking rubric

Insufficient

Competent

Exemplary

Key pair

An RSA key pair

Values for n, and d

The values of and q

generation

is incorrectly

are correctly calculated

have been thoughtfully

(2 marks)

generated or is correctly

generated with no explanation.

but explanation may be lacking some

details. Little thought has gone into the

choices of and q.

chosen based on the size of the key K being

encrypted and the security required. Derivation of


values for ne and dare fully explained.

Encryption and decryption of K (4 marks)

The key K is incorrectly

encrypted/

decrypted, and/or code is missing.

Little or no

explanation is provided.

The key K is correctly encrypted and

decrypted in principle

but there may be

issues with the

implementation (e.g. missing values for

encryption or

decryption) or an

inefficient and/or

unexplained algorithm for calculating modular exponents.

The key K is both

encrypted and decrypted correctly and a square-

and-multiply algorithm is explicitly implemented to ensure fast calculation of modular exponents.

5.  (Week 8) Design a hash function to create a message digest D for the message X = “ Exams are on red USB drive in JO 18.103. Password is CaKe314. ”. (7 MARKS )In your video/documentation:- Explain the design of your hash function (including how you know it is a hash function and discussing the desirable properties listed in Lecture 8 Slide 7) demonstrate the calculation of the message digest D. Do not use an existing hash function such as MD5 or SHA256 – you must design your own.

- By experimenting with different inputs to your hash function, discuss whether your hash function is cryptographically secure or not.  In your answer you should address   whether your function is pre-image resistant, whether you can find a second message with the same hash as X, and whether your function is collision resistant.

[Your video should include an explanation of your hash algorithm, as well as a demonstration of your code creating the message digest D.]

Marking rubric

Insufficient

Competent

Exemplary

Hash function

Function created is

A simple hash

A complex hash function is

explanation

not a hash function

function is created

created with each step

(3 marks)

or differs in a trivial way from the Excel

with each step

explained, and the message digest D is

explained, and the

message digest D is calculated correctly.


template provided on Canvas.

calculated correctly. Function satisfies

most desirable

properties for a hash function.

Function satisfies all

desirable properties for a hash function, and the

explanation of the design shows thoughtful

consideration for these features.

Hash function security

(4 marks)

Minimal discussion of the security of

the hash function, with insecure

features not being identified.

At least two different security features are investigated, with a reasonable

evaluation as to the overall security of the

function. Flaws are identified but

improvements may not be suggested.

All three security features are investigated, with

sensible conclusions

about the overall security of the function. Where

flaws are discovered, suggestions for

improvement are made. Where security is good, this is explained by the function design.

6.  (Week 7) Design code which produces EITHER a digital signature OR a message authentication code for the message X. If a hash function is required as part of your signature or MAC, you should use the hash function you designed in Task 5. (9 MARKS

)In your video/documentation:

-    Explain what type of digital signature or message authentication code you have created and the (mathematical) ingredients that went into the calculation.  (For   example, the generation of public/private keys for RSA or DSA, or the algorithm being used to create a MAC.)

-    Demonstrate the calculation of the digital signature or MAC by Alice.

-    Show how Bob will verify the signature or MAC and what information this gives him about the message being sent.

-    Justify your choice of digital signature or MAC: why did you choose this particular algorithm given the context of the message being sent?

[Your video should include an explanation of the steps of the signature/MAC calculation and demonstration of signature/MAC creation and verification.]

7. Reflect on how symmetric and asymmetric algorithms are being used together in the cryptosystem you have designed. (8 MARKS)

- Briefly summarise the cryptosystem you have generated in the Portfolio (Parts 1 and 2 together), including all the steps that Alice and Bob will do to transmit and verify the message X. Explain how this hybrid cryptosystem makes use of the advantages of both symmetric and asymmetric encryption.

Remember to cite references here if you use any external materials (outside the lecture slides/unit textbook) to help you answer this question.

- Reflect on what you have learnt, and what you have found difficult, from constructing this portfolio of cryptographic algorithms. How has your experience of the assignment  changed your view of cryptography from the beginning of the unit?

You may do this reflection either in your documentation or in your video, as you prefer.


发表评论

电子邮件地址不会被公开。 必填项已用*标注