EssayGhost Assignment代写,Essay代写,网课代修,Quiz代考

EssayGhost-Essay代写,作业代写,网课代修代上,cs代写代考

一站式网课代修,论文代写

高质量的Assignment代写、Paper代写、Report代写服务

EG1hao
网课代修代上,cs代写代考
物理代写案例
您的位置: 主页 > 理科代写案例 > 物理代写案例 >
物理代写:physics Computer Security代写 cryptographic logic代写 testing code代写 - 物理作业代写/物理代考
发布时间:2021-07-25 17:38:25浏览次数:
go fmt*.go: a cool feature of Go: automatically format your code according to the languagePart 1: The Triple Diffie-Hellman handshake (3DH)Computer Security代写A chat between Alice and Bob starts with a handshake where they exchange cryptographic key material and establish a shared session key. First, Alice and Bob must learn each other’s public keys. In the real world this is a significant challenge. For this assignment we’ll just assume they get them from some trusted source like a key server.A classic approach is to do a Diffie-Hellman (hereafter DH) exchange to establish a session key, with Alice and Bob using their private keys to sign their DH values ga, gb. These DH shares are called ephemeral since they last for one session only, compared to the long-term or identity public keys which identify Alice and Bob permanently.Signal does a more interesting handshake to achieve deniability. No signatures are involved. Instead, three DH exchanges are combined to authenticate both parties and produce a session. Alice starts with identity key gA and ephemeral key ga (her secrets are A and a). Similarly Bob has identity key gB and ephemeral key gb (his secrets are B and b). Alice send Bob gA and ga and he sends back gB and gb. Their initial shared secret is:k = KDF(gA·b, ga·B, ga·b)Alice is convinced she’s talking to Bob if he can derive the same kroot1,because this requires knowing his long-term private key B. Similarly Bob is convinced he’s talking to Alice. But it’s also possible for anybody to simulate this handshake without the involvement of either party at all by choosing a and b, so either party can deny they ever participated in the conversation.Computer Security代写Order matters! Note that both parties need to agree on an ordering of the shares gA·b, ga·B, ga·b when they compute the KDF, or they will get different results. We’ll use the following simple convention: whoever sends the first message of the handshake (the initiator) is “Alice” and whoever sends the second (the responder) is “Bob.” Both parties will sort the three shares according to their role in the protocol.Implementation notes: The handshake requires that two messages are exchanged, which are implemented as three methods for a Chatter object:InitiateHandshake():Alice sets up state for her session with Bob and returns an ephemeral publicReturnHandshake(): Bob receives Alice’s ephemeral key. He sets up state for his sessionwith her and returns his own ephemeral public  He also derives the initial root key and returns a key derived from it (for authentication checks).FinalizeHandshake():Alice receives Bob’s ephemeral  She derives the initial root key and returns a hash of it (for authentication checks).To compute a root key,Computer Security代写both sides will call CombineKeys() with the outputs gA·b, ga·B, ga·b in order. Note that CombineKeys() is a variadic function which can take any number of arguments.Checking the handshake: Both Alice and Bob return a special check key derived from the root key. This won’t be used for any encryption, but can be used by both parties to verify that the handshake was successful. In your implementation, use the DeriveKey method on the root key with the label HANDSHAKE_CHECK_LABEL. The testing code will assume you derive the returned key this way (and that you combine keys in the order listed above).Computer Security代写Testing: When you’ve implemented the handshake correctly, your code should pass the TestHandshake test and TestHandshakeVector tests. The second of these tests contains a precise expected value based on a fixed random number generator. Until you pass the basic handshake test the remaining tests will be skipped.Computer Security代写Part 2: Deriving forward-secure message keys with a double ratchetAfter their handshake, Alice and Bob are ready to chat. They chat through the SendMessage and ReceiveMessage methods, which are actually the only two additional methods you’ll need to implement besides the handshake methods (you may of course want some helper functions).Computer Security代写From the root key, Alice and Bob need to derive symmetric keys for authenticated encryption. They’ll derive these from the root key using the DeriveKey() method with the label CHAIN_LABEL. To achieve forward secrecy, after every message the sender and receiver ratchet the chain key (again using the DeriveKey() KDF with CHAIN_LABEL) to derive a new key. They should also delete the old value to ensure that it can’t later leak and allow an adversary to decrypt an intercepted ciphertext.A simple ratchet wouldn’t support receiving out-of-order messages though:the old value would  Computer Security代写need to be kept around if a particular message wasn’t received on time, and that could be usedto derive all future keys in the chain. So Signal instead uses a double ratchet as follows:From each chain key value, a message key is derived by again calling DeriveKey.Computer Security代写Each message key is used only once: message key 1 is used to send/decrypt message 1 and is then deleted. The advantage of the double ratchet is that, if needed, an old message key can be cached to decrypt an out-of-order message, but keeping this value around does not allow deriving any other message keys in the chain.These keys should be used to encrypt each message using the provided AESGCM AuthenticatedEncrypt function. You’ll want to create a random initialization vector for each message. In this application, each key is only used once so it would be okay to use a fixed IV, but it is good practice to generate a fresh IV for each message.Testing: When you’ve implemented the doublet ratchet correctly, your code should pass the TestOneWayChat test, for a simple conversation in which only one party sends messages.Computer Security代写Part 3: Adding resiliency with a Diffie-Hellman ratchetThe symmetric double ratchet enables good forward secrecy, as key material can be deleted quickly after it’s used. However, if this was the only ratcheting, the protocol would not be resilient to a temporary compromise. If an attacker learns any of the chain key values, they could compute all of the following values indefinitely.To address this, Signal adds another layer of ratcheting. The root key is continuously updated by new Diffie Hellman computations. In fact, before Alice (the initiator) ever sends a message, she generates a new secret a2 and ephemeral DH key ga2. She then computes the DH value ga2·b1 (where Bob’s initial ephemeral DH value is gb1) and uses this to update her root key. In your implementation, Alice will update the root key by calling CombineKeys() with the old root key and the new key derived from ga2·b1 (passed in that order). She’ll then derive a new sending key chain as before and use it to encrypt the next message she sends.Computer Security代写For Bob to be able to decrypt,Alice will need to send her new DH value ga2 (her DH ratchet key) along with her encrypted message. Bob can then derive the same value ga2·b1 and update his copy of the root key to derive Alice’s current sending key chain. He can then use this to decrypt Alice’s message. As long as Alice is the only one sending messages, she’ll keep updating this sending chain using the symmetric ratchet (the double ratchet implemented above). Bob should also make sure to delete his secret b1 at this point, since he’ll no longer need it.When Bob has a message to send back, it’s his turn to:Pick a new DH ratchet keygb2Update his root key by combining withga2·b2Derive a new sending keychainUsethis to encrypt his message and send it (along with gb2) to Alice so she can update her root key in the same way and derive the keys needed to decrypt Bob’s messageAll this work to keep Eve out of the conversation! In general, the DH ratcheting proceeds in turns. At first, it’s Alice’s turn to send a new DH ratchet key and update her sending key chain. She’ll use these keys for all messages she sends until it’s her turn again. Note that this process ensures that Alice and Bob are never using the same chain of keys to send messages as each other.Computer Security代写The sequence of root keys and derived chains will go like this

所有物理代写范围:essayghost为美国、加拿大、英国、澳洲的留学生提供物理代写、物理作业代写、物理代考等留学生物理作业代写、exam代考服务。