

A challenge with a prize - crypto, programming, logic, your choice. - RiderOfGiraffes

Greetings all,<p>I couldn't think of a better title - sorry.<p>I'm currently writing an article about the mathematics underlying public-key cryptography, and I thought I'd use an unusual example.  If you have a good pseudo-random number generator, you can distort the Diffie-Hellman-Merkle-Williamson public-key negotiation system into a public-key cryptosystem (sort-of).<p>So I've done that, and I thought I'd set a small challenge.  Now,
I'm not an expert in these things, and the article will make clear
that the real-world implementation problems are deep and subtle,
but just to make things interesting I'm offering a prize.<p>I've generated a public key and embedded it in a small encryption
program.  I've also used it to encrypt a short message.  If you
can decrypt the message (and that should only be possible if you
have my secret key) then I will send you a book of your choosing
from Amazon up to the value of 30 pounds sterling.<p>If you're interested you can find the challenge here:<p>http://www.penzba.co.uk (slash) DHMW_Challenge (dot) txt<p>Please do <i>not</i> make it clickable.  Please do <i>not</i> link to it.  While it's in its current state it's specifically for you folks here on HN, and I don't want it found by Google.
======
RiderOfGiraffes
To allow for differing time-zones, I will choose a winner at random from all
correct replies received within 48 hours of the first correct reply. This
allows for the possibility that this is trivial and there's an avalanche of
correct responses.

EDIT: corrected typo - I'm half afraid there'll be a flood of correct answers
in the next few hours ...

------
sweis
Some words of advice: Don't make up your own crypto.

I didn't look at what your construction is, but there appears to be a flaw in
the implementation. Your code does not generate a strong primes for the
modulo. So, the order of the cylic group may be small.

You generally want p = 2q+1, where q is a large prime. Then there are only two
subgroups of order 2 and q.

For your example prime
9062412837773369110292196105482480248709337252604489001268564868178757630921032967632809984689867835102097066512990361073635001670558988501315334600583471
is definitely not strong, so Z_p^* has many small subgroups.

~~~
RiderOfGiraffes
I know that in a complete implementation I should be using 2q+1 where q is a
Sophie Germain prime. The implementation is deliberately unencumbered by
anything not directly related to the actual process.

And I'm not inventing my own crypto. If you do take a look at the construction
you will see that it's actually very well-known.

I appreciate your comments. They show me where the article will need to be
extra clear.

Are you going to have a go at claiming the prize?

------
bmm6o

      C:\Users\bmm6o>ping www.penzba.co.uk
      Ping request could not find host www.penzba.co.uk. Please check the name and try again.

~~~
RiderOfGiraffes
Did you check the name and try again? It works for me from proxies in three
different time zones ...

Can you provide more information? How many times did you try?

~~~
bmm6o
It's working tonight. I don't know what the problem was. (from my home
computer, So Cal, USA both times).

