2
Math 445 Introduction to Cryptography First Exam Solutions 1.  (10) State Kerckho’s prin ciple . Explain briey why a crypt osystem designed by someone who follows this principle is likely to be stronger than one designed by someone who does not. Solution:  Kerckho’s principle says that one should always assume that the attacker knows the algo rithm being used. A desig ner who believ es this principle will circulate his or her algorit hm widel y and it will be teste d by many talen ted cryptan alyst s. A designer who does not believe the princ iple may try to keep the algorith m secret. Thus the algor ithm will only be teste d by a few cryptanalysts and we can be much less condent of its strength. 2.  (5) What is the main drawba ck of the one time pad cryptosys tem? Solution:  The one time pad system requires that we secretly communicate in advance a key which is at least as long as the message we will send. This is a severe practical diculty since it requires substantial secret communication in advance of the desired secret communication. 3.  (10) Assuming you can do 2 20 encryptions per second and the key size is 40 bits, how long would a brute force attac k take? Giv e a scena rio where this would be pract ical and another where it woul dn’t. What happens if you double the key size? Solution:  The key space has 2 40 elements, so brute force would take 2 20 seconds, which is about 12 days. This would be practical if the message revealed the location of enemy missles in a cold-war situa tion. It would be impractic al if the message ’s useful life was very short, for example if it was a few frames in a pay-per- view sports video. Doubl ing the key size would make the brute force decryption time 2 60 seconds, which is about 3.8 × 10 16 years. There is no scenar io in which this would be practical. 4.  (15) Y ou have in tercepted a message encrytped with an ane cipher. The ciphertext starts with  BBDJ and you know the plaintext starts with  oops. Find the key. Solution:  An ane cipher has the form y  ≡ ax + b where  x  is the plaintext and  y  is the ciphertext (both inte gers modulo 26). We need to nd  a  and  b. Conv ertin g to numbers, the plai ntext is 14, 14, 15, 18 and the cipher tex t is 1, 1, 3, 9. Thus we need to solve the equatio ns 14 a + b  = 1 and 15a + b  = 3. Substracting the equations,we nd  a = 2 and plugging this into either equation gives b = 25. Unfortunately, the encryption key is not a 1-1 transformation, so if you try to nd the decryp- tion key you may get stuck. Full credit was given if you did something reasonable. 5.  (10) Consider a language with three letters,  a,  b, and  c, with frequencies  .6,  .3, and  .1. Suppose tha t a long message (1000 charact ers) in this language is encrypted with a Vign` ere cipher and we plan to break it using a inde x of coin ciden ce attack . About how big is the larges t index of coincidence we are likely to see? Solution:  If we shift by a multiple of the key length, the probability of coincidence is ( .6) 2 +(.3) 2 + (.1) 2 = . 46. So we would expect about 1000 .46 = 460 coincidences. Other shifts would give lower indices of coincidence. 6.  (15) Use the extended Euclidean algorithm to compute the greatest common divisor  d  of 654 and 123 and to nd integers  m and  n such that 654m + 123n =  d.

Exam1Solns

Embed Size (px)

Citation preview

  • Math 445Introduction to Cryptography

    First Exam Solutions

    1. (10) State Kerckhoffs principle. Explain briefly why a cryptosystem designed by someone who followsthis principle is likely to be stronger than one designed by someone who does not.Solution: Kerckhoffs principle says that one should always assume that the attacker knows thealgorithm being used. A designer who believes this principle will circulate his or her algorithmwidely and it will be tested by many talented cryptanalysts. A designer who does not believe theprinciple may try to keep the algorithm secret. Thus the algorithm will only be tested by a fewcryptanalysts and we can be much less confident of its strength.

    2. (5) What is the main drawback of the one time pad cryptosystem?Solution: The one time pad system requires that we secretly communicate in advance a key whichis at least as long as the message we will send. This is a severe practical difficulty since it requiressubstantial secret communication in advance of the desired secret communication.

    3. (10) Assuming you can do 220 encryptions per second and the key size is 40 bits, how long would abrute force attack take? Give a scenario where this would be practical and another where it wouldnt.What happens if you double the key size?Solution: The key space has 240 elements, so brute force would take 220 seconds, which is about12 days. This would be practical if the message revealed the location of enemy missles in a cold-warsituation. It would be impractical if the messages useful life was very short, for example if it wasa few frames in a pay-per-view sports video. Doubling the key size would make the brute forcedecryption time 260 seconds, which is about 3.8 1016 years. There is no scenario in which thiswould be practical.

    4. (15) You have intercepted a message encrytped with an affine cipher. The ciphertext starts with BBDJand you know the plaintext starts with oops. Find the key.Solution: An affine cipher has the form y ax+ b where x is the plaintext and y is the ciphertext(both integers modulo 26). We need to find a and b. Converting to numbers, the plaintext is 14,14, 15, 18 and the ciphertext is 1, 1, 3, 9. Thus we need to solve the equations 14a + b = 1 and15a+ b = 3. Substracting the equations,we find a = 2 and plugging this into either equation givesb = 25.

    Unfortunately, the encryption key is not a 1-1 transformation, so if you try to find the decryp-tion key you may get stuck. Full credit was given if you did something reasonable.

    5. (10) Consider a language with three letters, a, b, and c, with frequencies .6, .3, and .1. Suppose thata long message (1000 characters) in this language is encrypted with a Vigne`re cipher and we plan tobreak it using a index of coincidence attack. About how big is the largest index of coincidence we arelikely to see?Solution: If we shift by a multiple of the key length, the probability of coincidence is (.6)2+(.3)2+(.1)2 = .46. So we would expect about 1000 .46 = 460 coincidences. Other shifts would give lowerindices of coincidence.

    6. (15) Use the extended Euclidean algorithm to compute the greatest common divisor d of 654 and 123and to find integers m and n such that 654m+ 123n = d.

  • Solution: We have654 = 5 123 + 39123 = 3 39 + 639 = 6 6 + 36 = 2 3 + 0

    and so the gcd d = 3. Working backwards, we have

    3 = 39 6 6= 39 6(123 3 39) = 19 39 6 123= 19(654 5 123) 6 123 = 19 654 101 123

    and so m = 19 and n = 101.

    7. (10) Recall that we can represent the field of 256 elements as polynomials F2[X] modulo X8 + X4 +X3 +X + 1. Find the inverse of X in this field.Solution: We start to use the Euclidean algorithm:

    X8 +X4 +X3 +X + 1 = (X7 +X3 +X2 + 1) X + 1

    and after 1 step we are done: this equation says that X (X7 + X3 + X2 + 1) 1 (mod X8 +X4 +X3 +X + 1) and so the inverse of X is X7 +X3 +X2 + 1.

    8. (10) Recall that in a Feistel system, we divide the state into left and right halves LiRi and then definethe new state by Li+1 = Ri and Ri+1 = Li f(Ki, Ri) where Ki is the key for the i-th round and fis a function of the key and half of the state. Prove that no matter what the function f is, the roundtransformation is 1-to-1, i.e., we can recover the old state from the new state and the key.Solution: We just solve the equations for Li and Ri:

    Ri = Li+1Li = Ri+1 f(Ki, Ri) = Ri+1 f(Ki, Li+1)

    This shows that we can solve for Li and Ri if we know Li+1, Ri+1 and Ki.

    9. (15) Briefly describe the Shift Rows and Byte Substitution layers of Rijndael. Explain why we can applythem in either order with the same result.Solution: The state in Rijndael is a 4 4 matrix with entries in the field of 256 elements. Theshift row layer shifts each row to the right a certian amount, wrapping the entries around. Moreprecisely, the first row is not shifted, the second row is shifted by one, the third row is shifted bytwo, and the fourth row is shifted by three.

    The Byte Substitution layer can be viewed as a lookup table. Each matrix entry, representedby an 8-bit byte, is broken into two pieces which index the rows and columns of a 16 16 lookupmatrix. The byte is replaced by the corresponding entry in the table, which is another 8-bit byte.

    The Byte Substitution layer is applied entry by entry to the state, with all entries treated inthe same way. The Row Shift layer simply moves the bytes around. Thus it doesnt matter inwhich order we apply these layers: shifting and substituting is the same as first substituting thenshifting.


Plato - Symposium

Plato - Symposium

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Puntuación PAEF,s

Puntuación PAEF,s

Documents
Physical Modelling Synthesis Overview

Physical Modelling Synthesis Overview

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Documents
Who Killed God

Who Killed God

Documents
Rubik's cube solution

Rubik's cube solution

Documents
Star Wars Original Trilogy Trivia (Episodes IV-VI)

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Bhagavad Gita

Bhagavad Gita

Documents
How Computer Monitors Work

How Computer Monitors Work

Documents
The Dutch Republic In International Trade

The Dutch Republic In International Trade

Documents
1 시스템분석입문

1 시스템분석입문

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
The Last Carnival I Ever Saw

The Last Carnival I Ever Saw

Documents
Algorithms

Algorithms

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Documents
European Colinization of Latin America

European Colinization of Latin America

Documents
Chapter-01

Chapter-01

Documents
Tragic Heroes

Tragic Heroes

Documents
United States Constitution

United States Constitution

Documents
Venture Capital

Venture Capital

Documents
Iron Mills Essay

Iron Mills Essay

Documents
xCDC14a

xCDC14a

Documents
Heidegger Kritik

Heidegger Kritik

Documents