Semester VII, NOVEMBER 2018

(Department of Computer Science and Engineering)

CS 409: Cryptography and Network Security
Question Bank & Answer

(KTU Scheme)
PART A
(4 Mark Questions)

1. Differentiate between symmetrical cipher system and asymmetrical cipher system.

There are two techniques use to preserve the confidentiality of message, Symmetric and
Asymmetric Encryption. The fundamental difference that distinguishes symmetric and
asymmetric encryption is that symmetric encryption allows encryption and decryption of the
message with the same key. On the other hand, asymmetric encryption uses the public key for
the encryption, and a private key is used for decryption.
Key Differences between Symmetric and Asymmetric Encryption

Symmetric encryption always uses a single key for encryption and decryption of the
message. However, in asymmetric encryption, the sender uses the public key for the
encryption and private key for decryption.

The execution of asymmetric encryption algorithms is slower as compared to the symmetric

encryption algorithm. This is because the asymmetric encryption algorithms are more
complex and has the high computational burden.

The symmetric encryption algorithms that are most commonly used are DES, 3DES, AES
and RC4. On the other hand, Diffie-Hellman and RSA area the most common algorithm used
for asymmetric encryption.

The asymmetric encryption is generally used for exchanging secret keys whereas, the
symmetric encryption is used for exchanging a bulk of data.

2. What is meant by relative prime? Give an example

Two integers are relatively prime (or co prime) if there is no integer greater than one
that divides them both (that is, their greatest common divisor is one). The numbers themselves
do not need to be prime in order for the pair to be relatively prime; all that matters is how the
factors of the numbers are related to each other.

To determine if two numbers are relatively prime, you need to first factor each number into
its prime factors; hopefully you remember that this is also called prime factorization. Then you
will compare these factors to see if any of them are found in both numbers.
As specific examples, 14 and 15 are co prime, being commonly divisible only by 1, while 14
and 21 are not co prime, because they are both divisible by 7.

3. What are roles of public and private key?

For public-key encryption there are two keys, a public encryption key and a private decryption
key. The message is encrypted with the public key, and can only be decrypted with the private
key.
A user's private key is kept private and known only to the user. The user's public key is made
available to others to use. The private key can be used to encrypt a signature that can be verified
by anyone with the public key. Or the public key can be used to encrypt information that can
only be decrypted by the possessor of the private key.

4. What Is the primitive root of a number?

A number g is a primitive root modulo n if every number a co prime to n is congruent to a

power of g modulo n. That is, for every integer a co prime to n, there is an integer k such that
gk ≡ a (mod n).

The number 3 is a primitive root modulo 7 because

3^1 = 3 = 3^0*3=1*3=3=3(mod 7)
3^2 = 9 = 3^1*3=3*3=9 =3(mod 7)
3^3 = 27 = 3^2*3=2*3=6 =3(mod 7)
3^4 = 81 = 3^3*3=6*3=18=3(mod 7)
3^5 = 243 = 3^4*3=4*3=12=3(mod 7)
3^6 = 729 = 3^5*3=5*3=15 =3(mod 7)
3^7 = 2187 = 3^6*3=1*3=3=3(mod 7)

Here we see that the period of 3k modulo 7 is 6. The remainders in the period, which are 3, 2, 6,
4, 5, 1, form a rearrangement of all nonzero remainders modulo 7, implying that 3 is indeed a
primitive root modulo 7.
This derives from the fact that a sequence (gk modulo n) always repeats after some value of k,
since modulo n produces a finite number of values

5. Why Elliptic Curve Cryptography is considered to be better than RSA?

Elliptic curve cryptography is probably better for most purposes, but not for everything.
ECC's main advantage is that you can use smaller keys for the same level of security, especially
at high levels of security (AES-256 ~ ECC-512 ~ RSA-15424). This is because of fancy
algorithms for factoring like the Number Field Sieve.
Advantages of RSA:

Very fast, very simple encryption and verification. Easier to implement than ECC.
Easier to understand. Signing and decryption are similar; encryption and verification are
similar.Widely deployed, better industry support.
Disadvantages of RSA:

Very slow key generation.

Slow signing and decryption, which are slightly tricky to implement securely. Two-part
key is vulnerable to GCD attack if poorly implemented.
 Advantages of ECC:

Smaller keys, cipher texts and signatures. Very fast key generation. Fast signatures.
Moderately fast encryption and decryption. Signatures can be computed in two stages,
allowing latency much lower than inverse throughput. Good protocols for authenticated
key exchange (FH-ECMQV et al)Better US government support. Special curves with
bilinear pairings allow new-fangled crypto. Binary curves are really fast in hardware.

6. What types of attacks are addressed by message authentication?

.
Disclosure: Release of message contents to any person or process not possessing the
appropriate cryptographic key.
Traffic analysis: Discovery of the pattern of traffic between parties.
– In either a connection-oriented or connectionless environment, the number and
length of messages between parties could be determined.
Masquerade: Insertion of messages into the network from a fraudulent source.
– Eg: creation of messages by an opponent that are purported to come from an
authorized entity.
Content modification: Changes to the contents of a message, including insertion, deletion,
transposition, and modification.
Sequence modification: Any modification to a sequence of messages between parties,
including insertion, deletion, and reordering.
Timing modification: Delay or replay of messages.
Source repudiation: Denial of transmission of message by source.
Destination repudiation: Denial of receipt of message by destination.

7. Distinguish between strong and weak hash functions.

For any given value h it is computationally infeasible to find y = x with H(y) =H(x). This is
“week collision resistance”. It is a one-way property. It is easy to generate a code given a
message, but almost impossible to do the reverse. Function which satisfies the above criteria
known as weak hash function.
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y).this is “strong collision
resistance”. This guarantees that an alternative message hashing to the same values as a given message
cannot be found. This prevents forgery. Function which satisfies the above criteria known as strong
hash function.

8. Define integrity and non repudiation?

Integrity: Integrity assures that the data or information system can be trusted. Ensures
that it is edited by only authorized persons and remains in its original state when at rest.
Data encryption and hashing algorithms are key processes in providing integrity.
Non-repudiation: is a method of guaranteeing message transmission between parties via
digital signature and/or encryption. It is one of the five pillars of information assurance
(IA). The other four are availability, integrity, confidentiality and authentication. Non-
repudiation: is a method of guaranteeing message transmission between parties via digital
signature and/or encryption. It is one of the five pillars of information assurance (IA). The
other four are availability, integrity, confidentiality and authentication.
 9. Distinguish between message integrity and message authentication
Message integrity is the validity of a transmitted message. Message integrity means that
a message has not been tampered with or altered. The most common approach is to use a hash
function that combines all the bytes in the message with a secret key and produces
a message digest that is difficult to reverse.

Message authentication or data origin authentication is a property that a message has not been
modified while in transit (data integrity) and that the receiving party can verify the source of the
message. Message authentication does not necessarily include the property of non-repudiation.

Message authentication is typically achieved by using message authentication

codes (MACs), authenticated encryption (AE) or digital signatures. The message authentication
code, also known as digital authenticator, is used as an integrity check based on a secret key
shared by two parties to authenticate information transmitted between them. It is based on using
a cryptographic hash or symmetric encryption algorithm. The authentication key is only shared
by at least two parties or two communicating devices but it will fail in the existence of a third
party since the algorithm will no longer be effective in detecting forgeries. In addition, the key
must also be randomly generated to avoid its recovery through brute force searches and related
key attacks designed to identify it from the messages transiting the medium.

PART B
(9 Mark Questions)

1. a. Define Euler’s Theorem and Euler’s totient function?

In number theory, Euler's theorem (also known as the Fermat–Euler theorem or Euler's
totient theorem) states that if n and a are co prime positive integers, then a^ φ (n) = 1mod n,

Where φ (n) is Euler's totient function. The theorem is a generalization of Fermat's little
theorem, and is further generalized by Carmichael's theorem.
The theorem may be used to easily reduce large powers Ranges from 1 to n is 1 itself, and
gcd(1, 1) = 1.

Euler's totient function is a multiplicative function, meaning that if two numbers m and n are
relatively prime, then φ(mn) = φ(m)φ(n). It also plays a key role in the definition of the RSA
encryption system. In number theory, Euler's totient function counts the positive integers up
to a given integer n that are relatively prime to n. It is written using the Greek letter phi as φ(n)
or ϕ(n), and may also be called Euler's phi function.

1. b .Find φ (35), φ (97) Euler’s totient function?

φ (35):
35=5*7
If n=pq, where p and q are prime then,
φ (n)= (p-1)*(q-1)
Therefore φ (35)= 4*6=24
φ (97):
97 is a prime number.Therefore φ (97)=n-1=97-1=96.

2. Explain about Euclidean algorithm for Greatest Common Divisor with an example?
 In mathematics, the Euclidean algorithm, or Euclid's algorithm, is an efficient method for
computing the greatest common divisor (GCD) of two numbers, the largest number that divides
both of them without leaving a remainder. It is named after the ancient Greek mathematician
Euclid, who first described it in his Elements (c. 300 BC). It is an example of an algorithm, a
step-by-step procedure for performing a calculation according to well-defined rules, and is one
of the oldest algorithms in common use. It can be used to reduce fractions to their simplest
form, and is a part of many other number-theoretic and cryptographic calculations.
The Euclidean Algorithm is a technique for quickly finding the GCD of two integers.

The Algorithm

The Euclidean Algorithm for finding GCD(A,B) is as follows:

• If A = 0 then GCD(A,B)=B, since the GCD(0,B)=B, and we can stop.

• If B = 0 then GCD(A,B)=A, since the GCD(A,0)=A, and we can stop.
• Write A in quotient remainder form (A = B⋅Q + R)
• Find GCD(B,R) using the Euclidean Algorithm since GCD(A,B) = GCD(B,R)

Example:

Find the GCD of 270 and 192

• A=270, B=192
• A ≠0
• B ≠0
• Use long division to find that 270/192 = 1 with a remainder of 78. We can write this as: 270
= 192 * 1 +78
• Find GCD(192,78), since GCD(270,192)=GCD(192,78)

A=192, B=78

• A ≠0
• B ≠0
• Use long division to find that 192/78 = 2 with a remainder of 36. We can write this as:
• 192 = 78 * 2 + 36
• Find GCD(78,36), since GCD(192,78)=GCD(78,36)

A=78, B=36

• A ≠0
• B ≠0
• Use long division to find that 78/36 = 2 with a remainder of 6. We can write this as:
• 78 = 36 * 2 + 6
• Find GCD(36,6), since GCD(78,36)=GCD(36,6)

A=36, B=6

• A ≠0
• B ≠0
• Use long division to find that 36/6 = 6 with a remainder of 0. We can write this as:
• 36 = 6 * 6 + 0
• Find GCD(6,0), since GCD(36,6)=GCD(6,0)
A=6, B=0

• A ≠0
• B =0, GCD(6,0)=6

So we have shown:
GCD(270,192) = GCD(192,78) = GCD(78,36) = GCD(36,6) = GCD(6,0) = 6
GCD(270,192) = 6

3. a Define Fermat theorem?

Fermat’s theorem, also known as Fermat’s little theorem and Fermat’s primality test, it
states that for any prime number p and any integer a such that p does not divide a (the pair are
relatively prime), p divides exactly into ap − a. Although a number n that does not divide
exactly into an − a for some a must be a composite number, the converse is not necessarily true.
For example, let a = 2 and n = 341, then a and n are relatively prime and 341 divides exactly
into 2341 − 2. However, 341 = 11 × 31, so it is a composite number (a special type of composite
number known as a pseudo prime). Thus, Fermat’s theorem gives a test that is necessary but
not sufficient for primality.

As with many of Fermat’s theorems, no proof by him is known to exist. The first known
published proof of this theorem was by Swiss mathematician Leonhard Euler in 1736.

3.b Using Fermat theorem evaluate 5^984 mod 7?

5^984= (5^6)^164
By Fermat theorem we have ,
a^(p-1)=1 mod p
a^(p-1) mod p=1 mod p =1
Here,
We have (5^984) mod 7 =(5^6)^164 mod 7
We know that (5^6) mod 7 =1
Therefore =(5^6)^164 mod 7 mus be 1.
Hence (5^984) mod 7=1

4 a) Define the classes of message authentication function

Message authentication is a procedure to verify that received messages come from the
alleged source and have not been altered in transit. They may also verify sequencing (any
modification to a sequence of messages) and timeliness (delay or replay of messages). On the
other hand, a digital signature also includes measures to counter repudiation by the source.
There is an essential difference between authentication and signatures: authentication is to
protect the two communicating parties (Alice/Bob) from a 3rd party (Oscar/Trudy) who
masquerades as either Alice or Bob, or modifications of the messages in transit. Authentication
cannot help if Alice and Bob do not trust each other; a digital signature is a solution to this
problem. Alice’s digital signature on a message reassures Bob that it indeed came from Alice,
and Alice cannot deny sending this message at a later time.

Any message authentication or digital signature mechanism can be viewed as having

fundamentally two levels. At the lower level, there must be some sort of function that produces
an authenticator: a value to be used to authenticate the message. This lower-level function is
then used as a primitive in a higher level authentication protocol that enables a receiver to
verify the authenticity of a message. There are three classes of functions that can be used to
produce an authenticator.
1. Message Authentication Code: A publicly available function that uses the plaintext
message and a secret key to produce a fixed-length value message that serves as the
authenticator.
2. Hash function: A publicly available function that maps a plaintext message of any length
into a fixed-length hash value, which serves as the authenticator.
3. Message Encryption: The cipher text of the entire message serves as its authenticator

4. b What does Digital Signature mean?

A digital signature is a mathematical scheme for verifying the authenticity of digital
messages or documents. A valid digital signature gives a recipient reason to believe that
the message was created by a known sender (authentication), that the sender cannot deny
having sent the message (non-repudiation), and that the message was not altered in transit
(integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and are
commonly used for software distribution, financial transactions, contract management
software, and in other cases where it is important to detect forgery or tampering.
Digital signatures are often used to implement electronic signatures, a broader term that
refers to any electronic data that carries the intent of a signature, but not all electronic
signatures use digital signatures.
Digital signatures employ asymmetric cryptography. In many instances they provide a layer
of validation and security to messages sent through a non-secure channel.

5 a) What are the criterions of cryptographic hash function?

1. H can be applied to a block of data of any size.

2. H produces a fixed-length output.
3. H(x) is relatively easy to compute for any given x, making both hardware and
software implementations practical.
4. For any given code h, it is computationally infeasible to find x such that H(x) =
h.
5. For any given block x, it is computationally infeasible to find y 6 = x with H(y) =
H(x) (sometimes referred to as weak collision property).
6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)
(sometimes referred to as strong collision property).

5 b) Sketch a simple public key encryption model that provides authentication alone
6. Alice wants to send a message M with a message authentication code MAC(M) to Bob. Alice
and Bob share a secret key k, and have agreed on using a specific MAC algorithm MACfunc,
that takes input parameters M and k.
Identify the steps that Alice must follow when creating MAC(M), and the steps that recipient
Bob must follow for verifying MAC(M).

MAC generation by Alice:

Alice prepares message M.

Alice applies the secure algorithm MACfunc with input parameters M and k to produce MAC(M) =
MACfunc(M,k).
Alice transmits message M and MAC(M) to Bob, together with her unique name and specification
of the MACfunc algorithm she used.

MAC validation by Bob:

Bob receives message M’ (denoted as M’, not M, because from Bob’s point of view the message
origin is still uncertain), as well as MAC(M).
Bob applies MACfunc on M’ to produce MAC(M’ ) = MACfunc(M’,k).
Bob checks whether MAC(M) =? MAC(M’). If TRUE, then MAC(M) is valid, meaning that M’ =
M. Bob therefore is convinced that Alice really is the sender of message M. If FALSE, then the
signature MAC(M) is invalid, meaning that M’ ≠ M. Bob therefore does not know who created the
received message M’. He might then decide to reject the message, or alternatively he can use it
while knowing that its origin is uncertain.

PART C
i. Mark Questions)

1. Briefly explain the Diffie-Hellman protocol with an example

Diffie–Hellman key exchange (D–H) is a specific method of exchanging cryptographic keys. It is

one of the earliest practical examples of key exchange implemented within the field of
cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior
knowledge of each other to jointly establish a shared secret key over an insecure communications
channel. This key can then be used to encrypt subsequent communications using a symmetric key
cipher.
The simplest and the original implementation of the protocol use the multiplicative group of
integers modulo p, where p is prime, and a primitive root modulo p.
1. Alice and Bob agree to use a prime number p = 23 and base g = 5 (which is a primitive root
modulo 23).
2. Alice chooses a secret integer a = 6, then sends Bob A = g ^a mod p
• A = 56 mod 23 = 8
3. Bob chooses a secret integer b = 15, then sends Alice B = g ^b mod p
• B = 515 mod 23 = 19
4. Alice computes s = B^ a mod p
• s = 196 mod 23 = 2
5. Bob computes s = A^ b mod p
• s = 815 mod 23 = 2 6.
Alice and Bob now share a secret (the number 2). Both Alice and Bob have arrived at the same
value, because (g a )^ b (for Bob, 8 15 mod 23 = (g ^a mod p)^ b mod p = (g^ a )^ b mod p) and (g
^b )^ a are equal mod p. Note that only a, b, and (g^ab mod p = g ^ba mod p) are kept secret. All the
other values – p, g, g a mod p, and g b mod p – are sent in the clear. Once Alice and Bob compute
the shared secret they can use it as an encryption key, known only to them, for sending messages
across the same open communications channel. Of course, much larger values of a, b, and p would
be needed to make this example secure, since there are only 23 possible results of n mod 23.
However, if p is a prime of at least 300 digits, and a and b are at least 100 digits long, then even the
fastest modern computers cannot find a given only g, p, g b mod p and g a mod p. The problem such
a computer needs to solve is called the discrete logarithm problem. The computation of g a mod p is
known as modular exponentiation and can be done efficiently even for large numbers. Note that g
need not be large at all, and in practice is usually a small prime (like 2, 3, 5...) because primitive
roots usually are quite numerous.
GENERALIZATION
Here’s a more general description of the protocol,
1. Alice and Bob agree on a finite cyclic group G and a generating element g in G. (This is usually
done long before the rest of the protocol; g is assumed to be known by all attackers.) We will write
the group G multiplicatively.
2. Alice picks a random natural number a and sends g^ a to Bob.
3. Bob picks a random natural number b and sends g ^b to Alice.
4. Alice computes (g^ b )^ a .
5. Bob computes (g^ a )^ b .
EXAMPLE
g = public (prime) base, known to Alice, Bob, and Eve. g = 5
• p = public (prime) number, known to Alice, Bob, and Eve. p = 23
• a = Alice’s private key, known only to Alice. a = 6 • b = Bob’s private key known only to Bob. b
= 15 3
• A = Alice’s public key, known to Alice, Bob, and Eve. A = g^ a mod p = 8
• B = Bob’s public key, known to Alice, Bob, and Eve. B = g ^b mod p = 19
• Now s = the shared secret key and it is known to both Alice and Bob, but not to Eve. s = 2
Note: It should be difficult for Alice to solve for Bob’s private key or for Bob to solve for Alice’s
private key. If it is not difficult for Alice to solve for Bob’s private key (or vice versa), Eve may
simply substitute her own private / public key pair, plug Bob’s public key into her private key,
produce a fake shared secret key, and solve for Bob’s private key (and use that to solve for the
shared secret key. Eve may attempt to choose a public / private key pair that will make it easy for
her to solve for Bob’s private key). Another demonstration of Diffie-Hellman (also using numbers
too small for practical use) is given here

2a. Find gcd (1970, 1066) using Euclid’s algorithm?

Q=quotient
R =reminder
R1=large number
R2= small number
Q R1 R2 R
1 1970 1066 904
1 1066 904 162
5 904 162 94
1 162 94 68
1 94 68 26
2 68 26 16
1 26 16 10
1 16 10 6
1 10 6 4
1 6 4 2
2 4 2 0
2 0
Step 1. Divide the larger number by the smaller one:
1,970 ÷ 1,066 = 1 + 904;

Step 2. Divide the smaller number by the above operation's remainder:

1,066 ÷ 904 = 1 + 162;

Step 3. Divide the remainder from the step 1 by the remainder from the step 2:
904 ÷ 162 = 5 + 94;

Step 4. Divide the remainder from the step 2 by the remainder from the step 3:
162 ÷ 94 = 1 + 68;

Step 5. Divide the remainder from the step 3 by the remainder from the step 4:
94 ÷ 68 = 1 + 26;

Step 6. Divide the remainder from the step 4 by the remainder from the step 5:
68 ÷ 26 = 2 + 16;

Step 7. Divide the remainder from the step 5 by the remainder from the step 6:
26 ÷ 16 = 1 + 10;

Step 8. Divide the remainder from the step 6 by the remainder from the step 7:
16 ÷ 10 = 1 + 6;

Step 9. Divide the remainder from the step 7 by the remainder from the step 8:
10 ÷ 6 = 1 + 4;

Step 10. Divide the remainder from the step 8 by the remainder from the step 9:
6 ÷ 4 = 1 + 2;

Step 11. Divide the remainder from the step 9 by the remainder from the step 10:
4 ÷ 2 = 2 + 0;

At this step, the remainder is zero, so we stop:

2 is the number we were looking for, the last remainder that is not zero.
This is the greatest common factor (divisor).
Greatest (highest) common factor (divisor):
gcd (1,970; 1,066) = 2;

2b) Evaluate 20 ^62 mod 77

According to euler’s theorem,

a^ Φ (n) ≡1 mod n
Here n=77, a=20 and n is not a prime number,
Therefore Φ (77) = (p-1)(q-1)=10*6=60
20^60 mod 77= 1 mod 77=1
20^60*20^2 mod 77=1*20^2 mod 77= 20^2 mod 77= 15
Answer=1
3 .Demonstrate encryption and decryption using RSA algorithm for the following:
p=3 q=11 e=7 m=5
RSA Algorithm:
Steps:
1. Take 2 large prime p,q
2. Calculate n=p.q
¢(n)= (p-1)(q-1)
3. Assume 'e' such that gcd(e,¢(n))=1
4. Assume’d’ such that d.e.mod¢(n)=1
Public key :{e,n}
Private key :{d,n}
Encryption: C=m^e mod n
Decryption: M=c^d mod n

Here, p=3 q=11 e=7 m=5

n = pq = 3*11=33
¢(n) = (p-1)(q-1) = 2*10=20
e=7 such that gcd(7,20)=1
d e mod¢(n) = 1 => d 7 mod 20 = 1 => d = 3

Private {e,n} = { 7,33 }

Public {d,n} = { 3,33 }

C = m^e mod n
= 5^7 mod 33
=14

M = c ^d mod n
=14^3 mod 33
=5

4. Describe SHA-1 algorithm in detail.

SHA-1 is a cryptographic hash function. This algorithm is based on design of MD-5 with key
differences. Produces a 160-bit (20-byte) hash value known as a message digest .It is used for
digital signature and message integrity.
Digest length = 160 bit
Input text = 512 bit
Sub block size = 32 bit
No. of sub blocks = 512/32 = 16
No. of rounds = 4
Iteration per round = 20
Chaining variable = 5*32=160
k[t] constant, where t=0 to 79
Output = four 32 bit block

Algorithm:
Steps:
1. Padding: Length of message is 64 bits short of multiple of 512 after padding.
2. Append: 64-bit length value of original message.
3. Divide the input into 512 bit blocks.
4. Initialize CV 5-word (160 bit ) buffer (A,B,C,D,E)
5. Process blocks:
 Message in 16-word (512 bit) chunks:
• Copy CV into single register for storing temporary intermediate as well as the final
Result.
• Divide the current 512-bit blocks into 16 sub-blocks, each consisting of 32-bits.
• Has no. of rounds -4. Each round consists of 20 bits/step iteration operation on msg
Block and buffer.
• Expand 16 words into 80 words (20*4) by mixing & shifting w[t]
•

k[t]

constant, where t =0 to 79.

• Form new buffer value by adding output to input.
6. Output value is the final buffer value.
Compression Function:

One iteration within the SHA-1 compression function:

A, B, C, D and E are 32-bit words of the state. F is a nonlinear function that varies; <<<n denotes a
left bit rotation by n places; n varies for each operation. Wt is the expanded message word of round
t; Kt is the round constant of round t. Addition denotes addition modulo 2^32