P. 1
ieg4130-hw1

ieg4130-hw1

|Views: 1,498|Likes:
Published by Eng Ahmed Hagras

More info:

Published by: Eng Ahmed Hagras on Nov 23, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/21/2013

pdf

text

original

A , B d .

4 . 1 9
a .
b .
c .
4 . 2 0
4 . 2 1
4 . 2 2
a .
m n m n b .
m n m , n c .

4 . 2 3


x x

a .
x

x x

b .
4 . 2 4
x

a .
x

x

b .
x

c .
4 . 2 5
x

x x

x a .
x

x x

b .
x

x

x

x

x x

x

x c .






























m a i l b a g g i n g










8 . 3
8 . 4



8 . 5
8 . 6




8 . 7






8 . 8




8 . 9
8 . 1 0







8 . 1 1


a .
b .
c .
d .
8 . 1 2

8 . 1 3


8 . 1 4



a .
9 . 1

1 .
2 .


3 .




a .
b .
c .
9 . 2
1 .
2 .
3 .
4 .
5 .
9 . 3

9 . 4


9 . 5
9 . 6


9 . 7


9 . 8




9 . 9


a .
b .
c .

1 .
2 .
d .
9 . 1 0


9 . 1 1




















I D
A













H i n t :

12 What are two problems with the one-time pad? 2.8 Briefly define the Caesar cipher.3 How many keys are required for two people to communicate via a cipher? 2.4 What is the difference between a block cipher and a stream cipher? 2.10 Briefly define the Playfair cipher. 2. 2.1 What are the essential ingredients of a symmetric cipher? 2.11 What is the difference between a monoalphabetic cipher and a polyalphabetic cipher? 2.6 List and briefly define types of cryptanalytic attacks based on what is known to the attacker. 2.9 Briefly define the monoalphabetic cipher. 2.2 What are the two basic functions used in encryption algorithms? 2.13 What is a transposition cipher? .5 What are the two general approaches to attacking a cipher? 2.Playfair cipher polyalphabetic cipher rail fence cipher single-key encryption steganography stream cipher symmetric encryption transposition cipher unconditionally secure Vigenère cipher Review Questions 2.7 What is the difference between an unconditionally secure cipher and a computationally secure cipher? 2.

)4 ). Are there any limitations on the value ofb? Explain why or why not. 2. The most common word in English is "the.485).806*.161.)6 8)4 [ddagger]. Also. For example.46(.48081. .4)485 528806*81 ( 9. meet. That is. Break this code. e is often seen in pairs (e. b. 13) = 3. Justify your statement. p) = (ap + b) mod 26 [Page 57] A basic requirement of any encryption algorithm is that it be one-to-one. b]. Decrypt this message.48 8¶60))85.4 The following ciphertext was generated using a simple substitution algorithm: 53 305))6*.4069285). Otherwise.5* 2:* (. p) E(k. if p q.]8*. 0) = E([a. substitute the ciphertext letter C: C = E([a.88*96*?.48 85. has the following form: For each plaintext letter p. Provide a general statement of which values ofa are and are not allowed.48. 2.4( ?34.:188.2 How many one-to-one affine Caesar ciphers are there? 2.: *8 83 (88)5* .. b].3 A ciphertext has been generated with an affine cipher. and the second most frequent letter of the ciphertext is 'U'. seen.1 A generalization of the Caesar cipher. Therefore. c.8:8 1. q).(88. the first or second (or perhaps third?) most common character in the message is likely to stand for e. been." Use this fact to guess the characters that stand for t 2. a. etc. agree. then E([a.14 What is steganography? Problems 2. Try to find a character in the ciphertext that decodes to e. speed. b].1( 9. decryption is impossible.8)* (.g. for a = 2 and b = 3. then E(k. The affine Caesar cipher is not one-to-one for all values of a. Determine which values of a are not allowed..4826)4 . fleet.). because more than one plaintext character maps into the same ciphertext character. The most frequent letter of the ciphertext is 'B'. knows as the affine Caesar cipher.2. As you know. the most frequently occurring letter in English is e.48)4 . ?. Hints: 1.4956*2(5*-4)88* .

B). x x + 1 and x + 1 over GF(3) c. 550 mod 1769 4. [Page 133] 4. 3 x +1 3 2 b. 4. 2 (7x + 2) (x + 5) 2 2 b.23 For polynomial arithmetic with coefficients in Z . perform the following calculations: 10 a. find the multiplicative inverse of a.21 Demonstrate that the set of polynomials whose coefficients form a field is a ring. 24140 mod 40902 c. Demonstrate that Stein's algorithm does indeed return gcd( . 4 x + 1 (be careful) 4. b.19 Using the extended Euclidean algorithm. Stein's algorithm works in roughly the same number of steps as the Euclidean algorithm. 4.24 Determine which of the following are reducible over GF(2): a.25 Determine the gcd of the following pairs of polynomials: a.Thus. (6x + x + 3) x (5x + 2) 4. The product of polynomials of degrees m and n has degree m + n c. A 4. n]. The sum of polynomials of degrees m and n has degree max[m. 1234 mod 4321 b. 3 2 x + x + 1 and x + x + 1 over GF(2) 3 2 b. x + x + 1 c.22 Demonstrate whether each of these statements is true or false for polynomials over a field: a. d. 5 4 3 2 3 2 x + x + x x x + 1 and x + x + x + 1 over GF(3) . The product of monic polynomials is monic.3 for GF(5).20 Develop a set of tables similar to Table 4.

10 Briefly describe MixColumns.6 How is the S-box constructed? 5.1 What was the original set of criteria used by NIST to evaluate candidate AES ciphers? 5.5 What is the purpose of the State array? 5.9 How many bytes in State are affected by ShiftRows? 5.8 Briefly describe ShiftRows.4. Key Terms. and Problems Key Terms Advanced Encryption Standard (AES) National Institute of Standards and Technology (NIST) power analysis Rijndael S-box Review Questions 5. Review Questions.4 What is the difference between Rijndael and AES? 5. 5.3 What is power analysis? 5.7 Briefly describe SubBytes. .2 What was the final set of criteria used by NIST to evaluate candidate AES ciphers? 5.[Page 161 (continued)] 5. 5.

Discuss the security requirements and implications of the two methods. b. An alternative approach is to determine the route for each destination first.15.1 Electronic mail systems differ in the manner in which multiple recipients are handled. this process is referred to as mail bagging. as illustrated in Figure 7.3 [View full size image] . and these are sent out independently. What are the pros and cons? 7. Describe the scheme.2 Section 7. What is the difference between a session key and a master key? What is a nonce? What is a key distribution center? What is the difference between statistical randomness and unpredictability? Problems 7. the originating mail-handler makes all the necessary copies.15. Figure for Problem 7.2 describes the use of message length as a means of constructing a covert channel. discuss the relative advantages and disadvantages of the two methods. Describe three additional schemes for using traffic patterns to construct a covert channel. a.4 7.8 7. In some systems. and copies are made only when the routes diverge.5 7.7 7. b.9. Then a single message is sent out on a common portion of the route.3 [Page 229] Figure 7.6 7.3 7. 7.9 What types of information might be derived from a traffic analysis attack? What is traffic padding and what is its purpose? List ways in which secret keys can be distributed to two communicating parties. One local area network vendor provides a key distribution facility. Compare this scheme to that of Figure 7. Leaving aside considerations of security. a.7.

4 201 Using Fermat's theorem. a. Using this property and the property developed in the preceding problem and the property that f(p) = p 1 for p prime.8. find 3 mod 11. (Note 1000 that this is the same as the last digit of the decimal expansion of 7 . then f(p ) = p p .8 85 Use Euler's Theorem to find a number x between 0 and 28 withx congruent to 6 modulo 35.3 Why is gcd(n. n) = 1 then f(mn) = f(m)f(n).7 1000 Use Euler's Theorem to find a number a between 0 and 9 such thata is congruent to 7 modulo 10.) 8. Hint: What numbers have a factor in common withp ? 8. What is this 8.10 i i i1 i Prove the following: If p is prime.11 It can be shown (see any book on number theory) that if gcd(m.5 Use Fermat's Theorem to find a number a between 0 and 72 witha congruent to 9794 modulo 73. f(27) c.2 that f(n) is even for n > 2. Give an example that satisfies the condition using an odd prime.13 Consider the function: f(n) = number of elements in the set {a: 0 function? a < n and gcd(a.6 85 Use Fermat's Theorem to find a number x between 0 and 28 withx congruent to 6 modulo 29.f(a) is given by: where a is given by Equation (8.n +1) = 1 for two consecutive integersn and n + 1? 8.14 Although ancient Chinese mathematicians did good work coming up with their remainder theorem. Demonstrate this result. Determine the following: a.12 It can also be shown that for arbitrary positive integer a. 8.) 8. .9 Notice in Table 8. The test said that n is prime if and only if n divides (2 2).n) = 1}. namely: . 8. f(41) b. This is true for all n > 2.1). f(440) 8. it is straightforward to determine the value of f(n) for any n. 8. They had a test for primality. they did n not always get it right. Give a concise argument why this is so.) 8. (You should not need to use any brute force searching. 8. (You should not need to use any brute force searching. f(231) d.

e = 17.p). M = 7 5. M2 takes inputs x and p giving output z. Describe the use of this set of tables to perform encryption and decryption between two users. The three tables. Hint: Decryption is not as hard as you think. q = 11. M = 2. are made public. The ith row of M2 corresponds x = i. It should be clear that it is possible to construct M3 to satisfy the preceding condition. . 2. the jth column of M3 corresponds to k = j. The ith row of M3 corresponds to z = i. Such tables would be impractically huge but could. for the following: 1. once constructed. p = 17. f2 (x2 . Similarly. e = 11. use some finesse. yi. p = 11. q = 31. fill in M3 to satisfy the following condition: [Page 282] f3 (f2 (f1 (k). Consider the functions f1 (x1 ) = z1 . Finally. in principle. f3 (x3 . e = 7. p = 7. p with 1 k.6. fill in M3 for the following simple case: Convention: The ith element of M1 corresponds to k = i. Function f1 can be represented by a vector M1 of length N. The intent is to represent the encryption/decryption process by table look-ups for tables with very large values of N. As an example. a. b. p = 3. M1 takes an input k and produces an output x. in which the kth entry is the value of f1 (k).k) = p for all k. Argue that this is a secure scheme. p = 5. q = 11. to the jth column of M2 corresponds to p = j. each integer appears exactly once in M1. Construct M2 so that each row contains a random permutation of the first N integers. 9. p N In words. zi N. M3 takes inputs z and k and produces p.1 Prior to the discovery of any specific public-key schemes. y2 ) = z2 . f2 and f3 can be represented by N x N matrices M2 and M3. be constructed. 1. q = 11. such as RSA. as in Figure 9. M = 9 3. q = 13. where all values are integers with 1 <xi. The scheme works as follows: construct M1 with a random permutation of all integers between 1 and N. e = 3.2 Perform encryption and decryption using the RSA algorithm. that is. y3 ) = z3 . 3.9. c. e = 7. M = 5 2. an existence proof was developed whose purpose was to demonstrate that public-key encryption is possible in theory. M = 8 4.

Will this scheme work correctly [i. d.6 9. "Yes.7 9. Holmes. Assume n = pq." "Oh. n). Is this method secure? If not.. Is this safe? Suppose Bob uses the RSA cryptosystem with a very large modulus n for which the factorization cannot be found in a reasonable amount of time.. Suppose also someone tells us they know one of the plaintext blocks has a common factor with n.e. each user has a public key... For a given one-way function F. using the Chinese Remainder Theorem. And just yesterday I found a way to make one-time pad encryption practical. Suppose Bob leaks his private key. n = 3599. e. he will not be able to determine the rest. thus even if he somehow obtains a certain segment of the sequence. Encrypt the message block M = 2 using RSA with the following parameters:e = 23 and n = 233 x 241. if a small number of repeated encodings give back the plaintext. n = 35. 9. Determine a number of modular multiplications per each major transformation (such as encryption. nS < nR. which may be as simple as S. then use the extended Euclidean algorithm to find the multiplicative inverse of 31 modulo f(n). what is the likely cause? Suppose we have a set of blocks encoded with the RSA algorithm and we don't have the private key. What is the plaintext M? In an RSA system. p. for all possible relations between the sender's modulus ns and the recipient's modulus nR (nS > nR. describe the most efficient attack against this encryption method. nS = nR)]? Explain your answer. a." how would you correct this scheme? 9.). the public key of a given user is e = 31. and then encrypting each number separately using RSA with large and e large n. Watson's voice was enthusiastic. Suppose Alice sends a message to Bob by representing each alphabetic character as an integer between 0 and 25(A 0. Document results of all intermediate modular multiplications.9. etc. q) corresponding to the given above public key (e.8 [Page 283] 9. Rather than generating a new modulus. give the possibility to reconstruct the original message at the recipient's side.. really?" Holmes' face lost its sleepy look. primality testing. you intercept the ciphertext C = 10 sent to a user whose public key ise = 5. d d. 9. he decides to generate a new public and a new private key.4 9. And due to the one-way nature of F no one is able to extract S given F(S + i) for some i. Does this help us in any way? In the RSA public-key encryption scheme.11 "I want to tell you. The idea is quite simple.. perform the described below operations. What is the private key of this user?Hint: First use trail and error to determine p and q. and then enciphering the message using recipient's public key (note that you do NOT use hash function before the first transformation).3 In a public-key system using RSA. c.9 Using a spreadsheet (such as Excel)." .. The cryptanalyst is assumed to know F and the general nature of the sequence. Z 25). Holmes. Compute a private key ( . In case your answer is "no.5 9... without using the Chinese Remainder Theorem. 2. decryption. e is the public key. but not secret S. Perform the decryption of the obtained ciphertext using two different methods: 1. In using the RSA algorithm. "that your recent activities in network security have increased my interest in cryptography. b. and a private key. or a calculator. S + 2. I generate a long pseudorandom sequence of elements by applying F to some standard sequence of arguments.10 Assume that you generate an authenticated and encrypted message by first applying the RSA transformation determined by your private key. Test all odd numbers in the range from 233 to 241 for primality using the Miller-Rabin test with base 2." Dr. S + 1.

specifically. In fact. 13. 13. Hint: The final message in this protocol is the same as the final message in the original protocol. .2 Modify the digital signature technique of Table 13.1 can be reduced from seven steps to five. 13. is countered by this revision? 13.9 What is a suppress-replay attack? Problems 13.4 In Section 13. it was stated that alliances to defraud were impossible.1 Modify the digital signature techniques of Table 13.1a and b to enable the receiver to verify the signature.5 In what order should the signature function and the confidentiality function be applied to a message.6 What are some threats associated with a direct digital signature scheme? 13.5 The protocol referred to in Problem 13.13. 13. and why? 13.1c to avoid triple encryption of the entire message. there is one possibility. What attack.7 Give examples of replay attacks.8 List three general approaches to dealing with replay attacks.3 What requirements should a digital signature scheme satisfy? 13. having the following sequence: (1) (2) (3) (4) (5) A B KDC B A B: KDC: B: A: B: Show the message transmitted at each step.4 What is the difference between direct and arbitrated digital signature? 13.3 In discussing Table 13.1c. we outlined the public-key scheme proposed in WOO92a] for the distribution of secret keys. [ The revised version includes IDA in steps 5 and 6. Describe it and explain why it would have so little credibility that we can safely ignore it.2. 13.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->