A banking app uses Diffie-Hellman key exchange to let customers securely transfer money. Here’s how it works:

1. Customer and Bank publicly agree on: 
   Prime and base . 
2. Customer picks a private secret (e.g., ), computes mod p mod 23 , and sends A to the Bank. 
3. Bank picks a private secret (e.g., ), computes mod p mod 23 , and sends B to the Customer. 
4. Both compute a shared secret key to encrypt the transaction: 
   Customer: mod p mod 23
   Bank: mod p mod 23 \)= 18 

An attacker intercepts the public messages and impersonates the Bank to trick the Customer into sending money to the attacker’s account. 

Why can an attacker impersonate the Bank without knowing any private secrets?

For this question, show your full working out, line by line. Simply submitting a correct answer with no method marks will not give you full marks for the question.  

For public key parameters and , and Alice’s private key = 10 and Bob’s private key = 8.

Determine Bob's public key:

Download the ciphertext linked to this question. Upload it as a file in OpenSSL on Cryptool Online. Using the 'Encrypt & Decrypt' tab, decrypt this file using the aes-256-cbc symmetrical cipher. Ensure the passphrase is cryptography and leave the Initialization Vector (IV) to be Automatic (PBKDF2). Ensure the options: Salt and Base64 are selected.

The ciphertext can be found by the quiz link on the Module Moodle homepage and the file name is "ciphertext_1.data".

Using OpenSSL (via Cryptool online) select the ‘Hashes’ tab. Under input, enter your name and hash it using sha256. Now hash the same input using the ‘whirlpool’ hash function and again using the ‘sha1’ hash function.

What do you notice about the hashes that are being computed for the same input? What impact might this have when these different hashes are used in real-life scenarios? 

Propose one simple modification to the encryption process that would fix this issue. 

What fundamental flaw in textbook Diffie-Hellman does this expose? 

How does it reveal a fundamental limitation of textbook RSA? 

A hospital uses an RSA-based system to send encrypted patient status updates to doctors' pagers. The system encrypts short messages like "STABLE" or "CRITICAL" using textbook RSA: 

1. Convert each letter to a number . 
2. Encrypt the number: mod n.
3. An attacker intercepts encrypted messages and notices that: 
   The message "STABLE" always encrypts to the same ciphertext:  
   . 
   The message "CRITICAL" always encrypts to the same ciphertext:  
   . 

Why is this "same message → same ciphertext" behaviour a serious security flaw in real-world systems? 

An eavesdropper sees and and knows and . Why can’t they compute the shared secret s using only these public values? What critical information is missing? 

For this question, show your full working out, line by line. Simply submitting a correct answer with no method marks will not give you full marks for the question.  

For public key parameters and , and Alice’s private key = 10 and Bob’s private key = 8.

Determine Alice’s public key: