Home Exercises
There are 6 sets of home assignments in the course HA1-HA6. They will each be added here on the same day as F1, F2, F3, F5, F6 and F7 respectively.
The procedure for solving and handing in the exercises can be found in the "intro" lecture slides. Also rules and how grading is done can be found there. Make sure that you read those slides carefully! Note that, after receiving student feedback, some things have changed. Check "Results" for details. It was my impression on the lecture that all changes were improvements.
Some exercises will require you to consult an academic paper. These can be accessed the University network, but also from home by logging in to LibHub. In some cases a link is provided in the home assignment, otherwise Google Scholar is a good tool for findig them.
Feedback hours. If you want to get feedback on your answers and/or discuss the answers, time slots for this is provided on Wednesdays and Thursdays 12.30 - 13.15 (in Paul's office). These time slots might be revised depending on needs.
Deadlines have now been moved to Sundays. HA6 has been removed and HA5 will cover both F6 and F7.
HA1: Added Wednesday, 2012-10-31
Deadline: 2012-11-16, 23.59
Hints:
A4: The "why" might leave room for interpretation. It is perhaps more clear if read it as "how".
A8: The bank has a long list of all costumers and their IDs. How can the bank use this list to break the anonymity? Note that the hash functions are public, as usual.
B2: Do not make this more difficult than you have to. A hash function can be seen as a function that outputs a random value based on an input.
C1: You should implement the protocol on page 9 in the lecture notes. Make sure that you pick all blinding values r_i such that gcd(r_i,n)=1. Otherwise you will not be able to extract the real signature.You do not need to implement the connection between the bank and the user. Passing values inside your program is sufficient. Pick k appropriately.
HA2: Added Wednesday, 2012-11-07
Deadline: 2012-11-25, 23.59
Hints:
C2: It is probably easier not to have n fixed.
HA3: Added Wednesday, 2012-11-14 (2012-11-16 typo fixed + clarification)
Deadline: 2012-12-02, 23.59
Hints:
A13: Information theoretic means it can never be broken, regardless of computing power. Computational means that it can always be broken, you just need enough time and resources (with the point being that you do not have that).
B3: For ElGamal, you can just use a prime of manageable size, and the number 2 as "generator". It seems that the description of the threshold decryption in section 8.1 is not very clear and it is probably difficult to get it to work using that description. It has been updated now, but for full points it is enough that you demonstrate the public key secret sharing scheme in section 4.4 using ElGamal. The verification given by eq (3) is optional. If you are following 8.1, note that the x_i values of the authorities cannot be chosen arbitrarily - they need to be related according to section 4.4.
HA4: Added Tuesday, 2012-11-27
Deadline: 2012-12-09, 23.59
HA5: Added Wednesday, 2012-12-05
Deadline: 2012-12-16, 23.59