[SOLVED] Cs6260 homework 1- breaking sha-1- applied cryptography fall2025

Objectives: Understanding UF-CMA by attacking a real hash function and integrity scheme.

1.      Introduction

The goal of this assignment is to break the security of a deterministic hash-based MAC. Namely, let H be the hash function constructed from the compression hash function h via the Merkle-Damg˚ard transform as per Figure 1. Then, to tag a message M consisting of b-bit blocks under a b-bit key K we compute tag ←H(K ∥M).

We have provided you with several Python files (See Code section) that you will work with in this assignment. In particular, you will be demonstrating that the MAC described above is not UF-CMA secure by modifying student.py to create a forged message and a corresponding tag. Detailed explanations can be found in the following section.

You will be submitting your deliverables via Gradescope.

The MAC prepends a secret symmetric key to an input message, then passes it to the SHA1 algorithm:

tag = Sha1(password ∥ message)

You don’t know the symmetric key, but you do know what length it might be (See the Objective section)

A length extension attack is a type of attack where an attacker can use the hash of a message and the length of the message to calculate the hash of that message prepended to another message, where the second message is chosen by the attacker. This can be done without knowing the content of the first message.

This MAC is vulnerable to a length extension attack. Specifically, it’s possible to forge a valid (message, tag) pair where the message has some arbitrary data appended to the end, while only knowing the length of the password (not its actual value).

This is problematic in the MAC construction above because an attacker can include extra information at the end of the message and produce a valid hash without knowing the secret.

Apart from the course material, the only resource you may use for this assignment is the RFC for the Sha1 algorithm that describes how SHA-1 works. You must pay

special attention to Sections 3–5 and 6.1. You will also need to carefully read over the code files we have provided you.

This section describes the code you have been provided and what you need to modify.

You’ve been provided the following library:

This is the only file you will modify for submission.

The docstrings in each file provide further details about these modules; read them!

You can install the latest version of Python 3 for your system from here; there are no

extra dependencies to install. Older versions of Python 3 may work, but we cannot make guarantees. To run the local auto-grader, simply execute:

python grader.py [your GT username]

You should make student.main() return a (message, tag) pair that:

(where message is a sequence of bytes and tag is a hexadecimal string value)

There are two parts to this:

You will need to submit the following deliverables via Gradescope. There are different assignments for each, so please be careful to submit to the right one!

You must keep the existing structure: nothing should run if you execute python student.py on its own, the input parameters should stay the same, and the return value(s) should match the expected format and types.

Submit this to Homework 4 (Code) on Gradescope.

The autograder will run a suite of tests to determine your score, offering small suggestions for common mistakes if it encounters them or exception logs if your code doesn’t run.

Submit this to Homework 4 (Report) on Gradescope.

All of these can be answered in one page or less; take care to be succinct and precise. Report content past your second page may be ignored.