Intro

Question 1

Definition of perfect security, shannon theorem and (t-epsilon) security

Question 2

Definition of computational security

Question 3

Definition of negligible function

Question 4

Definition of complexity

Question 5

Definition of polynomial time algo

Question 6

Cobham-Edmond thesis and extended thesis

Question 7

Definition of probabilistic algorithm

Question 8

Definition of probabilistic polynomial time algorithm

Question 9

Expected PPT algorithm

Question 10

Definition of group

Question 11

Definition of subgroup

Question 12

Definition of cyclic group

Question 13

Order of a group and order of the generator

Question 14

Lagrange Theorem about the order of a group

Question 15

Definition of ring

Question 16

Definition of field

Question 17

Homomorphism for a group and for a ring

Question 18

Equality mod n

Question 19

Ring of integers mod n

Question 20

Invertible number

Question 21

Multiplicative group of integers mod n

Question 22

Euler’s Theorem

Question 23

CRT

Question 24

Definition of finite field

Question 25

Factoring assumption: definition, generation, experiment

Question 26

RSA assumption: definition, generation, experiment

Question 27

Relation between RSA and Factoring assumption, proof

Question 28

DL assumption: definition, generation, experiment

Question 29

Lemma: DL random self reduction and proof

Question 30

DH assumption: definition, generation, experiment

Question 31

Implications of DH assumption and proof

Question 32

Definition of quadratic residue

Question 33

Definition of Legendre symbol

Question 34

Euler’s criterion

Question 35

Jacobi symbol

Question 36

What’s the difference relative to QR if p is prime or not?

Answer 36

numero radici e numero di elementi in QR e QNR

Question 37

Quadratic Residuosity Problem, assumption and experiment

Question 38

Implications between QR assumption and DCR assumption

Question 39

Decisional Composite Residuosity Assumption

Question 40

Perfect, statistical and computational indistinguishability, relationship and proofs

Question 41

Assumptions with respect to indistinguishability

Question 42

Exercise 1.
Provide an equivalent definition of the Decisional Diffie-Hellman Assumption by using an experiment that outputs 0 or 1.

Answer 42

bxy + (1-b)z

Question 43

Exercise 3.
Prove that for the cyclic group (Zp,+) (p prime) with generator g (so g is an integer not divisible by p) the Discrete Logarithm Assumption is false.

Answer 43

ng e inverso g^-1

Question 44

Exercise 4.
Can the following problem be solved in polynomial time? Given a prime p, a value x∈Z∗p−1 and y=gx mod p, where g←$Z∗p, find g.

Answer 44

x*x^-1

Question 45

Exercise 5.
Provide a random self-reduction for the RSA Problem with fixed modulo N.

Answer 45

x^e^f

Question 46

Exercise 6
Show that the DDH assumption for cyclic groups of even order is
false.
(Hint: notice that, when the order n is even, given (g, gx), then x is even ⇐⇒ xn
g2 =1)

Answer 46

check corretta parità di z

Question 47

Exercise 7.
Consider a cyclic group G of prime order q (q odd) generated by g. Show that the following problems are poly-time equivalent:
* The CDH problem;
* Given g^α, compute g^α^2 (square problem SP).