EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions

Similar documents
Classic Cryptography: From Caesar to the Hot Line

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Introduction to Cryptology Dr. Sugata Gangopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Roorkee

Nature Sunday Academy Lesson Plan

Classical Cryptography

Cryptosystems. Truong Tuan Anh CSE-HCMUT

Senior Math Circles Cryptography and Number Theory Week 1

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Cryptography Worksheet

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security

SOLUTIONS FOR HOMEWORK # 1 ANSWERS TO QUESTIONS

CPSC 467b: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Math236 Discrete Maths with Applications

Public Key Cryptography and the RSA Cryptosystem

S. Erfani, ECE Dept., University of Windsor Network Security. 2.3-Cipher Block Modes of operation

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

CPSC 467b: Cryptography and Computer Security

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

CS61A Lecture #39: Cryptography

CS 161 Computer Security

Block Ciphers Tutorial. c Eli Biham - May 3, Block Ciphers Tutorial (5)

Chapter 9 Public Key Cryptography. WANG YANG

CS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.

Using block ciphers 1

Channel Coding and Cryptography Part II: Introduction to Cryptography

Algorithms (III) Yijia Chen Shanghai Jiaotong University

A Tour of Classical and Modern Cryptography

An overview and Cryptographic Challenges of RSA Bhawana

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Algorithms (III) Yu Yu. Shanghai Jiaotong University

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

CIS 3362 Final Exam 12/4/2013. Name:

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

P2_L6 Symmetric Encryption Page 1

ISA 562: Information Security, Theory and Practice. Lecture 1

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Secure Multiparty Computation

CS669 Network Security

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Some Stuff About Crypto

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

2 What does it mean that a crypto system is secure?

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 07: Private-key Encryption. Private-key Encryption

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Lecture IV : Cryptography, Fundamentals

Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Cryptography Math/CprE/InfAs 533

Kurose & Ross, Chapters (5 th ed.)

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

Lecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes

Introduction to Cryptology. Lecture 2

CS 332 Computer Networks Security

Public Key Algorithms

Security: Cryptography

Lecture 3 Algorithms with numbers (cont.)

Cryptography Introduction to Computer Security. Chapter 8

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017

Lecture 1 Applied Cryptography (Part 1)

Jordan University of Science and Technology

Classical Encryption Techniques. CSS 322 Security and Cryptography

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Fundamentals of Computer Security

Assignment 9 / Cryptography

CHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY. Badran Awad Computer Department Palestine Technical college

Goals of Modern Cryptography

What did we talk about last time? Public key cryptography A little number theory

Encryption à la Mod Name

CS 556 Spring 2017 Project 3 Study of Cryptographic Techniques

Symmetric Key Cryptosystems. Definition

Secret Key Cryptography

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

1 One-Time Pad. 1.1 One-Time Pad Definition

Lecture 2: Secret Key Cryptography

Other Topics in Cryptography. Truong Tuan Anh

Traditional Symmetric-Key Ciphers. A Biswas, IT, BESU Shibpur

Fall 2017 CIS 3362 Final Exam. Last Name: First Name: 1) (10 pts) Decrypt the following ciphertext that was encrypted using the shift cipher:

Public Key Algorithms

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Algorithms (III) Yijia Chen Shanghai Jiaotong University

An IBE Scheme to Exchange Authenticated Secret Keys

Transcription:

EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions Assigned: Tuesday, January 17, 2017, Due: Sunday, January 28, 2017 Instructor: Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle Problem 1 For each of the following pairs of integers (x, y), first determine whether x 1 mod y exists. Then find x 1 (mod y) if it exists. Show all work. (a) x = 5, y = 25 (b) x = 24, y = 35 (c) x = 17, y = 101 Solution: (a) x = 5, y = 25 There does not exist an inverse x 1 (mod y) for a pair x = 5, y = 25, since x = 5 y = 25 = 5 2, hence gcd(x = 5, y = 25) = 5 1 (b) x = 24, y = 35 There does exist an inverse x 1 (mod y) for a pair x = 24, y = 35, since gcd(x = 24, y = 35) = 1. Let s show that by factorizing x and y: x = 2 3 3 y = 5 7 (1) From (1), it follows that x and y do not have any common factors, hence gcd(x = 24, y = 35) = 1. Let s now use the Extended Euclidean Algorithm to find the inverse x 1 (mod y) for a pair x = 24, y = 35: 24 = 0(35) + 24 35 = 1(24) + 11 11 = 35 1(24) 24 = 2(11) + 2 2 = 24 2(11) 11 = 5(2) + 1 1 = 11 5(2) From (2), it follows that: 1 = 11 5(2) = 11 5[(24) 2(11)] = 11(11) 5(24) = 11[(35) (24)] 16(24) = 11(35) 16(24) (2) 24 1 = 16 (mod 35) = 19 (mod 35) x = 17, y = 101 There does exist an inverse x 1 (mod y) for a pair x = 17, y = 101, since both 17 and 101 are prime numbers. Using the Extended Euclidean Algorithm to find the inverse x 1 (mod y) for a pair x = 17, y = 101 we get that 17 1 mod (101) = 6. 1

Problem 2 If an encryption function e K is identical to the decryption function d K, then the key K is said to be an involutory key. Find all the involutory keys in the Shift cipher over Z 26. Solution: In order to find all involutory keys in Shift cipher over Z 26, let s first represent the 5-tuple that defines the cipher: P = C = K = Z 26 y = e K (x) = (x + K) mod 26 By definition, a cryptographic key K is involutory key, if: From equation (4), if follows that: x = d K (y) = (y K) mod 26 (3) x = e K (e K (x)) e K (x) = d K (y) (4) = e K [(x + K) mod 26] = [(x + K) mod 26 + K] mod 26 = (x + 2K) mod 26 (5) From equation (5), the condition for a key to be an involutory key in Shift cipher over Z 26 is given as: 2 K mod 26 = 0 (6) From equation(6), we conclude that there are two involutory keys in Shift cipher over Z 26 : K 1 = 0; K 2 = 13 Problem 3 Suppose K = (5, 21) is a key in an Affine cipher over Z 29. (a) Express the decryption function d K (y) in the form d K = a y + b, where a, b Z 29. (b) Prove that d K (e K (x)) = x for all x Z 29. Solution: An Affine cipher over Z 29 is defined by the following 5-tuple: P = C = Z 29 K = {(a, b) : a Z 29 and gcd(a, 29) = 1, b Z 29 } y = e K (x) = (ax + b) mod 29 x = d K (y) = a 1 (y b) mod 29 (7) 2

Solution: (a) In order to express the decryption rule (equation (7)) in the form: d K (y) = a y + b, where a, b Z 29 (8) let s first find the multiplicative inverse of a = 5 over Z 29 using Extended Euclidean Algorithm: 29 = 5(5) + 4 5 = 1(4) + 1 1 = 5 1(4) 1 = 5 1(29 5(5)) From equation (9), it follows that a 1 = 6. We can now write: 1 = 6(5) 29 (9) d K (x) = a 1 (y b) mod 29 = (a 1 y a 1 b) mod 29 = (6y 126) mod 29 (6y + 19) mod 29 (10) Therefore, decryption rule d K (y) can be expressed as d K (y) = (6y + 19) mod 29 (b)we next prove that d K (e K (x)) = x for all x Z 29. In order to prove that d K (e K (x)) = x, let s express d K (e K (x)) in the following way: Equation (11) completes the proof. d K (e K (x)) = d k [(5x + 21) mod 29] = 6[(5x + 21) mod 29] + 19 (mod 29) = 30x + 126 + 19 (mod 29) = 30x + 145 (mod 29) = 30x + 145 x (mod 29) (11) Problem 4 The following ciphertext was encrypted using an Affine cipher: edsgickxhuklzveqzvkxwkzukcvuh The first two letter of the plaintext are if. Please decrypt. The plaintext is: if you can read this thank a teacher Let s recall that the first two ciphertext letters, ed (4,3) correspond to plaintext if (8,5). We can apply that to the definition of affine decryption, d k (y) = a 1 (y b) mod 26, to get the following system of equations: 8 = a 1 (4 b) 5 = a 1 (3 b) 3

Multiplying both sides with a, we get: 8a = (4 b) mod 26 5a = (3 b) mod 26 3a = 1 mod 26 We observe that a 1 = 3, and substitute that back into 5 = a 1 (3 b), which allows us to solve for b = 10. Using the key (a, b) = (3, 10), we can use any software to increase the decryption speed. Below is an example of Matlab code. ciphertext str = 'edsgickxhuklzveqzvkxwkzukcvuh'; ciphertext = converttonumbers(ciphertext str); a inv = 3; b = 10; plaintext = mod(a inv*(ciphertext b),26); plaintext str = converttostring(plaintext); plaintext str function numarray = converttonumbers(s) a = uint8('a'); s = lower(s); for i=1:length(s) t = uint8(s(i)); if t < a numarray(i) = 1; else numarray(i) = double(t a); end end %numarray = uint8(s) a; numarray = double(numarray); function str = converttostring(x) a = uint8('a'); %x = x + a; str = char(uint8(x)+a); Problem 5 Alice is sending a message to Bob using the Vigenére cryptosystem. At some point, Alice gets bored, and starts sending plaintext that consists of a single letter (known only to her) repeated a few hundred times. Eve knows that the Vigenére cipher is being used, and that the plaintext consists of a single letter, repeated. Show how Eve can deduce the key. 4

Solution: Let s assume that Alice sends some number, and let s denote that number as x. Let s now assume that the key length is equal to m. Now we have the following case. plaintext: x x x x x x x x x x x x... ciphertext: c 1 c 2... c m c 1 c 1... Since Alice is constantly encrypting the same number x, eventually we will observe that the ciphertext is some periodic sequence. The period indicates the length m of the Vigenere cipher. Another feature we can observe is the fixed difference between c i and c i+1, where i = 1... m 1. Therefore, we can represent any c i in term of c 1. As the result, the size of key space is reduced to 26. For any new ciphertext, we can then try at most 26 times to encrypt the message. Problem 6 Evan, an attacker, is on a mission. He is given a (plaintext, ciphertext) pair (relation, ORIENTAL), and his task is to determine the complete cryptographic key (table), if the given pair is generated using: (a) Permutation cipher, (b) Substitution cipher. Please put your black hat on, and show Evan how to accomplish this mission, or show why it is impossible. In doing so, please assume that the set of possible plaintexts is equal to the set of possible ciphertexts, and that it is equal to Z 26. Solution: (a) The mission is possible if the given (plaintext, ciphertext) pair is obtained using the Permutation cipher. To see that, let s recall that with this cipher, the ciphertext is generated by altering the positions of the characters in the plaintext, i.e., rearranging the alphabets using a permutation. The given mission might be slightly harder, if we assume that Evan doesn t know the key length, where the key length determines the number of letters that are considered when determining the permutation. However, even if the key length is unknown, Evan can still proceed, by finding the key length via a trial-and-error method. In doing so, we can make Evan s job significantly simpler by observing that the length of the given plaintext needs to be divisible (without a remainder) with the key length. In Evan s case, the only meaningful key would be those of length 2, 4 and 8, and the actual key length is 8. The obtained permutation table is given below, in Table 1. (b) The mission at hands is impossible if the given (plaintext, ciphertext) pair is obtained using the Substitution cipher. To see that, let s recall that the main idea of the substitution cipher is to replace each letter of the plaintext alphabet with an alphabet at an arbitrary distance. It is important to note that we need to be able to replace every plaintext alphabet. Since our (plaintext, ciphertext) pair is rather short (only eight letters), we can only determine a part of the key (a part of the substitution table), but not the whole table. The partial table looks as follows: j 1 2 3 4 5 6 7 8 π(j) 2 4 8 7 6 3 1 5 Table 1: Permutation table obtained as a solution in Problem 4. x a e i l n o r t π(x) E R T I L A O N Table 2: Partial encryption table for Substitution cipher. 5

Problem 7 Consider the DES cryptosystem. Suppose that the key scheduling algorithm (the algorithm used to compute the round keys) is as follows. For a given key K, the algorithm first computes round keys K 1,..., K 8 for the first eight rounds. The algorithm then sets K 9 = K 8, K 10 = K 7,..., K 16 = K 1, so that K i = K 16 i+1 for all i = 1,..., 16. (Note that the DES key scheduling algorithm does not actually work this way.) Suppose that you are given a ciphertext Y. Show how to determine the plaintext x using a chosen plaintext attack. Recall that in a chosen plaintext attack, an attacker is given a ciphertext Y. The attacker is allowed to choose a plaintext x x and receives the ciphertext Y = E K (x ). The attacker then attempts to compute the plaintext x satisfying Y = E K (x). Solution: The approach is to choose the plaintext (L 0, R 0) equal to (R 16, L 16 ), i.e., to reverse the blocks of the ciphertext. Consider the first round of the encryption. By definition of the DES encryption, L 1 = R 0 and R 1 = f(k 1, R 0) L 0. Substituting the values of L 0 and R 0 gives L 1 = L 16 R 1 = f(k 1, L 16 ) R 16 On the other hand, consider the DES decryption of the original ciphertext (L 16, R 16 ). By definition, we have R 15 = L 16 L 15 = R 16 f(l 16, K 16 ) = R 16 f(l 16, K 1 ) Hence L 1 = R 15 and R 1 = L 15. Proceeding inductively, we have that L i = R 16 i and R i = L 16 i. In particular, L 0 = R 16 and R 0 = L 16. The original plaintext is therefore given by (R 16, L 16), where (L 16, R 16) is the output from inputting (R 16, L 16 ) to the encryption box. Problem 8 In the CBC mode of encryption, suppose that there is a bit error in one block of ciphertext. If the error occurs in the first block of ciphertext Y 1, which blocks of the plaintext will be decrypted incorrectly? Solution: Let Ŷ1 denote the ciphertext with the bit error. The first block of plaintext (x 1 ) will be decrypted incorrectly, while the remaining blocks will be decrypted correctly. This is because all subsequent blocks will be encrypted and decrypted using the same block Ŷ1. To see that, the corrupted ciphertext is used for xor operation, so as long as current blocks xor the same ciphertext, the result does not depend on the ciphertext content itself, since x x = 0, and y 0 = y. Since D K (Ŷ1) x 1, however, the first block will be decrypted incorrectly. so only the first block has an error. Problem 9 In this exercise, we will see how a cryptosystem can fail if the encryption function is a linear function of the plaintext. Consider a cryptosystem that encrypts a 128-bit plaintext x with a 128-bit key K to get a 128-bit ciphertext Y. Let E K (x) denote the encryption function, and suppose that E K (x 1 x 2 ) = E K (x 1 ) E K (x 2 ) for all keys K and plaintexts x 1 and x 2. Consider an attacker mounting a chosen ciphertext attack, in which the attacker chooses 128 ciphertexts Y 1,..., Y 128 and receives the plaintexts x 1,..., x 128 with Y i = E K (x i ) for i = 1,..., 128. Show how the attacker can choose Y 1,..., Y 128 so that (s)he can decrypt any message Y without knowledge of the secret key. 6

Solution: Suppose that the attacker chooses ciphertexts Y 1,..., Y 128, where Y i has i-th bit equal to 1 and all other bits equal to 0, and obtains the plaintexts x 1 = D K (Y 1 ),..., x 128 = D K (Y 128 ). Given a ciphertext Y, let {i 1,..., i k } denote the indices of Y that have bit 1. Hence Y = Y i1 Y i2 Y ik. Letting x denote the plaintext satisfying y = E K (x), we then have E K (x) = Y = Y i1 Y ik = E K (x i1 ) E K (x ik ) = E K (x i1 x ik ) (12) where (12) follows from linearity of E K. Since E K (x) = E K (x i1 x ik ) and the encryption operation is one-to-one, we must have x = x i1 x ik. Since x i1,..., x ik are known to the attacker, the plaintext x can then be obtained. Note that a chosen plaintext attack using plaintexts x 1,..., x 128, where x i is the i-th unit vector, will also enable the decryption of any message under this cryptosystem. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback