I have a task:
Let’s say a bank has a cypher key K (just a long random string). That
bank wishes to split it into two pieces p1 and p2 so that both are
required for decryption. The p1 is then given to one executive, and p2
- to another, so both must contribute their pieces for decryption to proceed.
To accomplish that, the bank generates random k1 and sets k′1←k⊕k1. Note
that k1⊕k′1=k. The bank gives k1 to one executive and k′1 to another.
Both must be present for decryption to proceed since, by itself, each
piece contains no information about the secret key k.
Now, suppose the bank wants to split k into three pieces p1,p2,p3 so
that any two of the pieces enable decryption using k. This ensures
that even if one executive is out sick, decryption can still succeed,
but no employee can decrypt a message alone. To do so, the bank
generates two random pairs (k1,k′1) and (k2,k′2) as in the previous
paragraph so that k1⊕k′1=k2⊕k′2=k. How should the bank assign pieces
so that any two pieces enable decryption using k, but no single piece
can decrypt?
What is the answer to the question above?
p1 = (k1, k2), p2 = (k`1, k2), p3 = (k`2);
p1 = (k1, k2), p2 = (k`1, k`2), p3 = (k`2);
p1 = (k1, k2), p2 = (k1, k2), p3 = (k`2);
p1 = (k1, k2), p2 = (k1), p3 = (k`2);
p1 = (k1, k2), p2 = (k2, k`2), p3 = (k`2);
Explain me please, how does it work.
The first is the answer:
p1 = (k1, k2), p2 = (k`1, k2), p3 = (k`2);
because each possible pair can generate k:
p1 & p2: k1 ⊕ k'1 = k
p1 & p3: k2 ⊕ k'2 = k
p2 & p3: k2 ⊕ k'2 = k
Of course each of the parties cannot reconstruct the key by themselves.
The other possibilities are clearly wrong. Let's take the second possible answer and see if p2 & p3 can form a valid key. They cannot, because each have the same k'2 component, so that's not enough. Then p2 has a k'1, but p3 doesn't have a k1.
This is a solved problem, see Shamir's Secret Sharing:
Shamir's Secret Sharing is an algorithm in cryptography created by Adi Shamir. It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret.
Counting on all participants to combine the secret might be impractical, and therefore sometimes the threshold scheme is used where any
k of the parts are sufficient to reconstruct the original secret.
A possible weak 2 of 3 method might be possible using the same scheme that is used in three disk RAID5, any two can reconstitue the original.
Related
The task is something like this. Alice must send Bob the money, but so that the amount remains hidden.
How can this be done if only "hiding" balances are stored in the blockchain? How can I prove to someone that my balance is positive after the transfer?
In other words, how can I prove to someone that the number x >0, if the person only knows the "hiding" of this number, say, g^x, where g is the generator of some elliptic curve. Prove without revealing x.
I know how snarks are constructed: R1 CS-> AP -> weil pairing, I know how this problem would be solved if x were known and not hidden.
For example, we represent x = sum(u_i*2^i) write in R1 CS another u_i u_i = u_i and thus prove that all u_i = 0 or 1
what's next? some very simple dumb guy. if x was known, we would have written it just in r1 cs as a public input and would have quietly checked something like
v2 = u11+u22
v3 = v2+u32^2
...
vn = u_(n-1) + u_n2^(n-1)
and would add public input vn = x
and so what to do?
Currently working on a math problem that requires maple to be solved.
The math problem is
The volume V pf the paralellpiped is given by the following scalar triple product.
V = |(P5->P8 X P5->P6) * P5->P1|
P1 = ( [-17/12] , [11/36], [-65/36])
P5 = ([-11/12], [-7/36], [-47/36])
P6 = ([-2/3],[-1/9],[-8/9])
P8 = ([-5/4],[-1/12],[-17/12])`
answer should be 4 cubic units.
Several times trying it several different ways gives errors or nothing.
with(Student:-MultivariateCalculus):
P1 := <-17/12, 11/36, -65/36>:
P5 := <-11/12, -7/36, -47/36>:
P6 := <-2/3, -1/9, -8/9>:
P8 := <-5/4, -1/12, -17/12>:
abs(TripleScalarProduct(P1-P5, P8-P5, P6-P5));
#1/18
#Executed in Maple 2018
An RSAcryptosystem has public key n = 18721 and e = 25. Messages are encrypted crypted one letter at a time, converting letters to numbers by A = 2, B = 3 c _ 27. Oscar intercepts the message "365, 18242, 4845, 18242, 17173, 16;134:"" from Alice to Bob.
(la) Decrypt the message by factorizing n.
(lb) Decrypt the message assuming that you cannot factorize n.
can any body teach me too step by step how to decrypt message and also what is p&q
Your questions can be answered by reading the wikipedia page on RSA.
1a
When you factor n, you find integers p and q such that n = p * q. You calculate Y = (p - 1)(q - 1). Then you can find the private key exponent d, which is calculated as d = 1/e mod Y.
To decrypt one of the values c in the intercepted message, you simply calculate m = c^d mod n, where m is the decrypted message. This works because (m^e)^d mod n is equal to 1.
I'll leave the actual calculations to you. If you get stuck, the wiki page has some good examples.
1b
If you cannot factorize n, then you can't decrypt the message. If it were possible to decrypt the message using only the public key (n,e), then why would anyone use RSA?
1a. is answered correctly by the upvoted answer
1b.
Knowing that each message chunk is only 1 character Oscar can encrypt each character of the alphabet with the same e and n and compare them.
a = 2^25 mod 18721 = 6400
b = 3^25 mod 18721 = 18718
c = 4^25 mod 18721 = 17173
...
The upvoted answer is true for encryptions of more than one character but not the case when each character is individually encrypted.
For the 1b approach the phrase Rainbow Table might be revealing (though intentionally somewhat over-specific/misleading).
It was pretty fun. I'll tell you that your 2nd and 4th letters are 'E'; and that I'm pretty sure you typoed the last value (134). It's either 1375 (which makes the most sense to me) or 13444 (the closest string match, and also sort of makes sense).
#bkjvbx's answer is right in the case of RSA as used in the wild; but since this (presumably) homework assignment is using raw RSA on remarkably scoped inputs it's a whole different beast.
This is an exercise that was suggested for my upcoming exam, the bottom is what I have gathered thus-far. All constructive input will be appreciated.
P1, P2 and P3 share three semaphores (x, y and z) each with 1 as initial value and three variables (a, b and c).
P1:
(1.1) wait(x);
(1.2) a = a + 1;
(1.3) wait(y);
(1.4) b = b - a;
(1.5) wait(z);
(1.6) c = a + 2*b -c;
(1.7) signal(z);
(1.8) signal(y);
(1.9) signal(x)
Code for P2:
(2.1) wait(y);
(2.2) b = b*2;
(2.3) wait(z);
(2.4) c = c - b;
(2.5) signal(y);
(2.6) wait(x);
(2.7) a = a + c;
(2.8) signal(x);
(2.9) signal(z)
Code for P3:
(3.1) wait(y);
(3.2) b = b*2;
(3.3) wait(z);
(3.4) c = c - b;
(3.5) signal(z);
(3.6) signal(y);
(3.7) wait(x);
(3.8) a = a / 10;
(3.9) signal(x)
A. If P1 and P2 run concurrently on a computer with only a single CPU, is it possible for these two processes to get into a deadlock? If so, show one execution sequence of the code that results in the deadlock, and show how to revise P2 only (P1 is not changed) to prevent deadlock.
B. If P1 and P3 are run concurrently on a computer with only a single CPU, is it possible for these two processes to get into a deadlock? If so, show one execution sequence of the code that results in the deadlock, and show how to revise P3 only (P1 is not changed) to prevent deadlock.
The changes you make should not violate the mutual exclusion requirement on shared variable access.
A) I'm not sure what it means by an example of when they would get into a deadlock? To me, it appears that y will cause a deadlock because line 1.3 will cause y to become -1 an would not be unlocked until 2.5 of P2.
To resolve this, 1.3 should be moved below 1.5 because that is when y is released in P2. It looks like there will be other conflicts though with x, but I don't know what a good way to rearrange P1 would be to resolve this without changing P2.
B) Here it appears 1.3 (wait(y)) causes a problem again since it is not signaled until 3.6. The resolution would then be to move it to after 1.6?
I'm trying to use Wiki's pages on Deadlock and Semaphore Programming to do this exercise.
Well, in the first case as an example;
Sequence Holds lock on
(1.1) wait(x); P1 x, P2 -
(1.2) a = a + 1; P1 x, P2 -
(2.1) wait(y); P1 x, P2 y
(2.2) b = b*2; P1 x, P2 y
(2.3) wait(z); P1 x, P2 yz
(2.4) c = c - b; P1 x, P2 yz
(2.5) signal(y); P1 x, P2 z
(2.6) wait(x); P1 x, P2 z - P2 locks waiting for x
(1.3) wait(y); P1 xy, P2 z
(1.4) b = b - a; P1 xy, P2 z
(1.5) wait(z); P1 xy, P2 z - P1 locks waiting for z
It could - for example - be fixed by locking P2 in the order same order as P1 (x, y, z instead of y, z, x). It may mean that you'll have to lock x before you really need to for mutual exclusion, but it will prevent deadlock.
As far as I can see, P1 and P3 can't mutually deadlock, since P3 is locked in the sequence y, z (which follows the x, y, z sequence, just skips the lock on x), then releases the locks and only locks/unlocks x.
a few years ago I had an Operating Systems seminar. I had been tasked to create an algorithm for process synchronization using as few semaphores as possible. It should have looked like this:
P1 -> P2 -> P3 -> P4 -> P5
P(n) - process
Only one process running at a time and strict ordering was needed.
Last year I came with solution using 3 semaphores (effectively creating a barrier).
Here is my algorithm:
P S1 S1 S1 S1
4W1 W0 W0 W0 W0
4S0 P S2 S2 S2
3W2 W1 W1 W1
3S1 P S1 S1
2W1 W0 W0
2S0 P S2
W2 W1
S1 P
(execution is from top to bottom, each lane is a single process)
P - real work which needs to be done serialized
W(n) - waitn
S(n) - signaln
4W1 means "do 4 wait1s"
wait1 and signal1 operates with semaphore1 and so on...
Explanation of algorithm:
Every process lane starts
first process will run and others will do signal1()
every other process except the first one will wait for semaphore0 (doing wait0)
after process1 waits for 4 semaphores1 it sends 4 signals0, creating a barrier because other processes waits for first one to successfully complete.
The problem is I can't figure out how to make it work using 2 semaphores.
PS: this is not an assignment, it's a problem that's been lying in my head for too long.
It can't be done using 2 semaphores. 3 is minimum.