**1] **

Alice
wants to talk to Bob, so she sends Bob a message saying, “*Hi Bob, this is
Ali*ce” and attaches *Alice’s certificate*. Mallory intercepts the
message and replays it to Bob. Bob thinks the message is from Alice and so
wants to verify, and generates a challenge and sends it to Mallory saying, “*Prove
you are Alice*”.

Mallory
sends the challenge to Alice, who responds correctly. Mallory forwards this
response to Bob. Bob is now convinced that Mallory is Alice.

The
above is a man-in-the-middle attack. Now that Mallory has proven to Bob that he
is Alice, Bob will talk to Mallory thinking Mallory is Alice. Note that we used
a certificate (signed by a trusted authority) to do the authentication.

How
can this be possible? We know that use of certificates makes m-i-t-m attacks not possible. *Briefly show what is wrong
with the above logic*. (That is, show how Alice and Bob can talk privately
in spite of Mallory)

**2]
**

Suppose
Alice and Bob want to communicate (or rather set up a secret key) using the Merkle’s Puzzle algorithm. Alice has to send Bob a large
number of “puzzles”. Each puzzle must be solvable in a reasonable time and the
solution is a number.

- Show an example of
such a puzzle. Be specific.
- Make an estimate as to
how long the puzzle you have designed will take to solve.
- If a puzzle takes 1
minute to solve, how many puzzles must Alice send to Bob to ensure that
Carol does not recover the secret key in 1 day? (1 day = 1440 minutes)
- Given the answer for
C, what is the best method to redesign the system such that Carol takes 1
year to find the secret key.

**3]
**

Alice
writes a digital check for $10 and signs it (using her private key). Then she
takes this check to the bank, which checks the check, and Alice’s signature and
then signs the check (along with Alice’s signature).

Now
Alice e-mails the check to Bob and Carol and Dave.

- What information must
be on the check before the Bank would sign the check? Suggest a format for
the check (assume the check is written in ASCII text).
- Who gets to cash the
check (Bob, Carol, Dave or nobody)?
- Does Alice get caught?
If so how and by whom?