Suppose that you receive an email from someone claiming to be Alice, and the email includes a digital certificate that contains
M = (“Alice”, Alice’s public key) and [h(M)]CA,
here CA is a certificate authority.
a. How do you verify the signature? Be precise.
b. Why do you need to bother to verify the signature?
c. Suppose that you trust the CA who signed the certificate. Then, after verifying the signature, you will assume that only Alice possesses the private key that corresponds to the public key contained in the certificate. Assuming that Alice’s private key has not been compromised, why is this a valid assumption?
d. Assuming that you trust the CA who signed the certificate, after verifying the signature, what do you know about the identity of the sender of the certificate?
Recall that we use both a public key system and a hash function when computing digital signatures.
a. Precisely how is a digital signature computed and verified?
b. Suppose that the public key system used to compute and verify signatures is insecure, but the hash function is secure. Show that you can forge signatures.
c. Suppose that the hash function used to compute and verify signatures is insecure, but the public key system is secure. Show that you can forge signatures.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.