CS 255 Introduction to Cryptography - Stanford University. Programming Assignment 1. Winter 2022 1 Introduction In this assignment, you are tasked with implementing a secure and efficient end-to-end ... encrypted chat client using the Double Ratchet Algorithm, a popular session setup protocol that powers realworld chat systems such as Signal and WhatsApp. As an additional challenge, assume you live in a country with government surveillance. Thereby, all messages sent are required to include the session key encrypted with a fixed public key issued by the government. In your implementation, you will make use of various cryptographic primitives we have discussed in class—notably, key exchange, public key encryption, digital signatures, and authenticated encryption. Because it is ill-advised to implement your own primitives in cryptography, you should use an established library: in this case, the SubtleCrypto library. We will provide starter code that contains a basic template, which you will be able to fill in to satisfy the functionality and security properties described below. 2 End-to-end Encrypted Chat Client 2.1 Implementation Details Your chat client will use the Double Ratchet Algorithm to provide end-to-end encrypted communications with other clients. To evaluate your messaging client, we will check that two or more instances of your implementation it can communicate with each other properly. We feel that it is best to understand the Double Ratchet Algorithm straight from the source, so we ask that you read Sections 1, 2, and 3 of Signal’s published specification here: https://signal. org/docs/specifications/doubleratchet/. Your implementation must correctly use the Double Ratchet Algorithm as described in Section 3 of the specification, with the following changes and clarifications: • You may use HKDF to ratchet the Diffie-Hellman keys the as described in Section 2.3 of the Signal Specification. Proper usage of HKDF is explained in Section 5.2 of the Signal Specification. • HKDF is a key derivation function that we’ve added to lib.js. Section 5.2 describes how it can be used in your implementation. Read the lib.js comments for how to use our API. • The lib.js functions contains two HMAC-related functions: HMACtoAESKey (used to generate keys for AES encryption/decryption) and HMACtoHMACKey (used to generate keys for further HMACs). Part of your task is determining which function to use in each case in order to implement the Signal algorithm. 1• Use ElGamal key pairs for the Diffie-Hellman key exchange. See the generateEG function in lib.js. • Use AES-GCM as the symmetric encryption algorithm for encrypting messages, using the sending and receiving keys as derived in Section 2.4. • Disregard the AD byte sequence input for the ratchetEncrypt and ratchetDecrypt functions in the Signal Specification. Message headers should still be be authenticated. • The header of all sent messages must include an encryption of the sending key under the government’s public key. Use ElGamal public key encryption, with AES-GCM as the symmetric cipher, to encrypt the sending keys. (Note: Since the output of the computeDH function is configured with HMAC, you will need to run the output through HMACtoAESKey to generate a key that can be used with AES-GCM. Please use the govEncryptionDataStr variable as the data parameter in your call to HMACtoAESKey. It may be helpful to refer to the govDecrypt function in test-messenger.js to see how the govEncryptionDataStr variable is used during decryption.) • Every client will a possess an initial ElGamal key pair. These key changes will be used to derive initial root keys for new communication sessions. • Public keys will be distributed through simple certificates. Each client generates its own certificate upon initialization which contains its ElGamal public key. Assume that there is some trusted central party (e.g. server managed by developers of messaging app), and that this central party can securely receive certificates generated by clients. This central party generates a digital signature on each certificate that it obtains, which serves to endorse the authenticity of the certificate owner’s identity and to prevent any tampering of the certificate by an adversary. The signed certificates are then distributed back to the clients, so that every client has the ElGamal public key of every other client in the system. [Show More]
Last updated: 4 months ago
Preview 1 out of 6 pages
Computer Science> EXAM > Splunk Fundamentals 1 module quizzes & final quiz | 100 Questions with 100% Correct Answers | Updated & Verified | 28 Pages (All)
Having separate indexes allows: Select all that apply. Faster Searches. Ability to limit access. Multiple retention policies - >>>>Faster Searches. Ability to limit access. Multiple retention po...
By Annah , Uploaded: Oct 14, 2022
Computer Science> EXAM > ISYE 6501Midterm Quiz 2 - GT Students and Verified MM Learners _ Midterm Quiz 2 _ ISYE6501x Courseware (All)
Question 1 0.0/1.4 points (graded) Number of people clicking an online banner ad each hour Exponential You have used 1 of 1 attempt Question 1 0.0/1.4 points (graded) Time between people clic...
By Hilda , Uploaded: Sep 07, 2021
Computer Science> EXAM > WGU C702 CHFI and OA - Questions and Answers (All)
WGU C702 CHFI and OA - Questions and Answers Which of the following is true regarding computer forensics? Computer forensics deals with the process of finding evidence related to a digital crime to f...
By Ajay25 , Uploaded: Nov 07, 2022
Computer Science> EXAM > COMPUTER STUDIES AND AZ 104 TOPICAL QUESTIONS AND ANSWERS PLUS PAST PAPERS 2023 WITH TEST EXAMS (All)
Answer all questions in this section 1. Using a program flowchart explain the “WHILE…DO” interaction construction. ( 3marks) • It is a repetitive control structure that is used to carry out condit...
By Essie , Uploaded: May 05, 2023
Computer Science> EXAM > Cyber Security Awareness Test (Latest 2023 / 2024) Solved 100% Correct (All)
Cyber Security Awareness Test (Latest 2023 / 2024) Solved 100% CorrectCyber Security Awareness Test (Latest 2023 / 2024) Solved 100% CorrectCyber Security Awareness Test (Latest 2023 / 2024) Solved...
By ExamNavigator , Uploaded: May 02, 2023
Computer Science> EXAM > BANA 2372 - Hollander - Final Exam - Chapters 1-9 - All Exam Questions and Answers (All)
____ analytics is the set of analytical techniques that yield a course of action. Prescriptive _____ analytics consists of analytical techniques that use models constructed from past data to pre...
By FOREVERGREATIFUL2012 , Uploaded: Oct 06, 2022
Computer Science> EXAM > AZ-204 RENEWAL EXAM QUESTIONS AND ANSWERS 2022 (All)
1) You plan to deploy an Azure web app that will have the following settings: Name: WebApp1 Publish: Docker container Operating system: Windows Region: West US Windows Plan (West US):...
By ELIANA , Uploaded: Jul 22, 2022
Computer Science> EXAM > 32144 IT 2023 LATEST SECURITY AND PRIVACY IN THE IOT REPORT EXAM 100%( GUARANTEED PASS GRADED A+) (All)
32144 IT 2023 LATEST SECURITY AND PRIVACY IN THE IOT REPORT EXAM 100%( GUARANTEED PASS GRADED A+ )
By kelly jane , Uploaded: May 11, 2023
Computer Science> EXAM > AzureAZ-104 Renewal Exam- QUESTIONS AND ANSWERS (NEW) (2022) (All)
1. A company named Contoso, Ltd. has an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the following virtual netw...
By James003 , Uploaded: Aug 09, 2022
Computer Science> EXAM > ISACA Certified Information Security Manager (CISM) Prep | 40 Questions with 100% Correct Answers | Verified (All)
Which of the following is the primary step in control implementation for a new business application? - ANS - D. Risk assessment When implementing an information security program, in which phase of t...
By Eustace , Uploaded: Sep 26, 2022
Connected school, study & course
About the document
May 02, 2023
Number of pages
This document has been written for:
May 02, 2023
Avoid resits and achieve higher grades with the best study guides, textbook notes, and class notes written by your fellow students
Your fellow students know the appropriate material to use to deliver high quality content. With this great service and assistance from fellow students, you can become well prepared and avoid having to resits exams.
Your fellow student knows the best materials to research on and use. This guarantee you the best grades in your examination. Your fellow students use high quality materials, textbooks and notes to ensure high quality
Get paid by selling your notes and study materials to other students. Earn alot of cash and help other students in study by providing them with appropriate and high quality study materials.
Florida State University
Great way to get paid for all of the hard work!.
It is an excellent site to post assignment.
Florida State University
Awesome and a great way to make money!.
Thank you so much for this nice platform.
University Of South Florida
Great! It is a good place to share knowledge.
University of Windsor
G D Goenka University
It is helpful Platform for offering the notes
Louisiana State University
I love this site, they make everything so easy
Florida State University
Great tool for learning! I wish you success.
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
Copyright © Browsegrades · High quality services·