THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018

Similar documents
Outline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael

Outline. CPSC 418/MATH 318 Introduction to Cryptography. Information Theory. Partial Information. Perfect Secrecy, One-Time Pad

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3

Topics. Probability Theory. Perfect Secrecy. Information Theory

MATH3302 Cryptography Problem Set 2

Solution to Midterm Examination

(Solution to Odd-Numbered Problems) Number of rounds. rounds

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Introduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.

Classical Cryptography

Cryptography CS 555. Topic 2: Evolution of Classical Cryptography CS555. Topic 2 1

Cryptography - Session 2

Lecture Notes. Advanced Discrete Structures COT S

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Block ciphers. Block ciphers. Data Encryption Standard (DES) DES: encryption circuit

CPSC 467b: Cryptography and Computer Security

Public-key Cryptography: Theory and Practice

1/16 2/17 3/17 4/7 5/10 6/14 7/19 % Please do not write in the spaces above.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES

A block cipher enciphers each block with the same key.

Math 223, Spring 2009 Final Exam Solutions

Module 2 Advanced Symmetric Ciphers

University of Regina Department of Mathematics & Statistics Final Examination (April 21, 2009)

Solutions to the Midterm Test (March 5, 2011)

ECS 189A Final Cryptography Spring 2011

The Advanced Encryption Standard

Bernoulli variables. Let X be a random variable such that. 1 with probability p X = 0 with probability q = 1 p

The XL and XSL attacks on Baby Rijndael. Elizabeth Kleiman. A thesis submitted to the graduate faculty

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

Introduction to Cryptology. Lecture 2

Extended Criterion for Absence of Fixed Points

Table Of Contents. ! 1. Introduction to AES

Low Complexity Differential Cryptanalysis and Fault Analysis of AES

5199/IOC5063 Theory of Cryptology, 2014 Fall

Introduction. CSC/ECE 574 Computer and Network Security. Outline. Introductory Remarks Feistel Cipher DES AES

Lecture 8 - Cryptography and Information Theory

Data and information security: 2. Classical cryptography

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Lecture Note 3 Date:

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Lecture 12: Block ciphers

1/18 2/16 3/20 4/17 5/6 6/9 7/14 % Please do not write in the spaces above.

Shannon s Theory of Secrecy Systems

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Attempt QUESTIONS 1 and 2, and THREE other questions. penalised if you attempt additional questions.

The Vigenère cipher is a stronger version of the Caesar cipher The encryption key is a word/sentence/random text ( and )

A SIMPLIFIED RIJNDAEL ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES

CSCI3381-Cryptography

Improved Impossible Differential Cryptanalysis of Rijndael and Crypton

PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

A New Algorithm to Construct. Secure Keys for AES

Product Systems, Substitution-Permutation Networks, and Linear and Differential Analysis

A Five-Round Algebraic Property of the Advanced Encryption Standard

Question: Total Points: Score:

Introduction to Cybersecurity Cryptography (Part 4)

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018

Introduction to Cybersecurity Cryptography (Part 5)

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Historical cryptography. cryptography encryption main applications: military and diplomacy

Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography. Stefan Tillich, Johann Großschädl

Cook-Levin Theorem. SAT is NP-complete

Problem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed

Written examination. Tuesday, August 18, 2015, 08:30 a.m.

Computer Science A Cryptography and Data Security. Claude Crépeau

Sol: First, calculate the number of integers which are relative prime with = (1 1 7 ) (1 1 3 ) = = 2268

Introduction to Cybersecurity Cryptography (Part 4)

Cryptography: Key Issues in Security

Symmetric Crypto Systems

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019

ON THE SECURITY OF THE ADVANCED ENCRYPTION STANDARD

Jay Daigle Occidental College Math 401: Cryptology

Menu. Lecture 5: DES Use and Analysis. DES Structure Plaintext Initial Permutation. DES s F. S-Boxes 48 bits Expansion/Permutation

Cryptography Lecture 4 Block ciphers, DES, breaking DES

Innovation and Cryptoventures. Cryptology. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc.

An Analytical Approach to S-Box Generation

Chapter 2 : Perfectly-Secret Encryption

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1

AES side channel attacks protection using random isomorphisms

Modified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration

Attacks on DES , K 2. ) L 3 = R 2 = L 1 f ( R 1, K 2 ) R 4 R 2. f (R 1 = L 1 ) = L 1. ) f ( R 3 , K 4. f (R 3 = L 3

LOOKING INSIDE AES AND BES

Some integral properties of Rijndael, Grøstl-512 and LANE-256

DD2448 Foundations of Cryptography Lecture 1

Stream ciphers. Pawel Wocjan. Department of Electrical Engineering & Computer Science University of Central Florida

CHAPTER 5 A BLOCK CIPHER INVOLVING A KEY APPLIED ON BOTH THE SIDES OF THE PLAINTEXT

Real scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm. David Morgan

Security of the AES with a Secret S-box

Practice Exam Winter 2018, CS 485/585 Crypto March 14, 2018

Design of Low Power Optimized MixColumn/Inverse MixColumn Architecture for AES

Biomedical Security. Overview 9/15/2017. Erwin M. Bakker

3F1: Signals and Systems INFORMATION THEORY Examples Paper Solutions

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

Block Cipher Cryptanalysis: An Overview

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

Introduction. Outline. CSC/ECE 574 Computer and Network Security. Secret Keys or Secret Algorithms? Secrets? (Cont d) Secret Key Cryptography

5.4 ElGamal - definition

Public-Key Cryptosystems CHAPTER 4

Transcription:

THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes NAME: COURSE (circle one): CPSC 418 MATH 318 Please DO NOT write your ID number on this page. Instructions: Answer all questions in the space provided. Show all your work. Use the last two pages to continue answers if you need more space, or as rough paper. No aids are allowed. Total marks: 50

Page II of X Question Score Out Of 1. Multiple Choice Questions 5 2. True/False Questions 6 3. Definitions and Short Answer Questions 11 4. Perfect Secrecy 8 5. Entropy 10 6. Polynomial Arithmetic 4 7. Affine Linear Cipher 6 Total: 50

Page III of X 1. [5 points] Multiple Choice Questions For each question, check exactly one answer. (a) [1 point] Which of the following is not a substitution cipher? Shift cipher Vigenère cipher One-time pad All the above ciphers are substitution ciphers (b) [1 point] Which of the following is an active attack? Ciphertext-only attack Known plaintext attack Chosen plaintext attack None of the above attacks is active. (c) [1 point] Assuming that keys are chosen with equal likelihood, what is the entropy of the key space for triple DES? 56 112 168 none of the above (d) [1 point] Which of the following is not a product cipher? DES AES One-time pad All the above ciphers are product ciphers (e) [1 point] Which component of AES is non-linear? SubBytes ShiftRows MixColumns AddRoundKey

Page IV of X 2. [6 points] True/False Questions Answer every questions with TRUE or FALSE. No explanations are required. (a) [1 point]. The Vigenère cipher is a monoalphabetic substitution cipher. (b) [1 point] The one-time pad provides perfect security if each key is used with equal likelihood. (c) [1 point] Diffusion in a cipher is achieved through S-boxes. (d) [1 point] AES is based on a Feistel network structure, just like DES. (e) [1 point] Linear cryptanalysis is used exclusively to break linear ciphers. (f) [1 point] The number of rounds in the Rijndael algorithm depends on the key length.

Page V of X 3. [11 points] Definitions and Short Answer Questions (a) [2 points] State Kerckhoff s principle. (b) [2 points] Describe what information an adversary is assumed to have when mounting a known plaintext attack? (c) [2 points] Define what it means for an attack on a cryptosystem to be active. (d) [3 points] Define what it means for a cryptosystem to provide perfect secrecy. Explain all your notation. (Note that this question asks for the definition, not equivalent characterizations.) (e) [2 points] What is the worst case computational effort required for a brute-force attack on a block cipher with n-bit keys?

Page VI of X 4. [8 points] Perfect Secrecy Consider a cryptosystem with plaintext space M = {x, y, z}, ciphertext space C = {a, b, c, d} and key space K = {K, L}. Suppose encryption is given by the following table: x y z K a b c L b c d Assume that keys are chosen equiprobably for encryption, i.e. p(k) = p(l), and that the plaintexts x, y, z occur with respective probabilities p(x) = 1/6, p(y) = 1/3, p(z) = 1/2. Recall the formulas for conditional and unconditional probabilities of ciphertexts: p(c M) = K K E K (M)=C (a) [3 points] Compute p(b x). p(k) and p(c) = K K C E K (M) p(k)p(d K (C)) (C C, M M). (b) [3 points] Compute p(b). (c) [2 point] Does this system provide perfect secrecy? Why or why not?

Page VII of X 5. [10 points] Entropy Consider a function on a set X of 5 elements that takes on the 5 respective values 1/2, 1/4, 1/8, 1/16, 1/16. (a) [2 points] Is this a probability distribution? Why or why not? (b) [4 points] What is the entropy H(X)? Compute the actual numerical value as a fraction. (c) [2 points] Is this the maximal value for the entropy of any sample space with 5 outcomes? Why or why not? (d) [2 points] For what probability distribution on a sample space X with 5 outcomes does the entropy H(X) take on its minimal value? What is the value of H(X) in this case?

Page VIII of X 6. [4 points] Polynomial Arithmetic Let f(x) = x 3 + x + 1, g(x) = x 2 + 1 be polynomials with binary coefficients. Compute f(x)g(x) mod (x 4 + 1).

Page IX of X 7. [6 points] Affine Linear Cipher The affine linear cipher is a generalization of the shift cipher as follows. Plaintexts and ciphertexts are elements in Z 26 (the integers modulo 26), and keys are pairs (J, K) with J, K Z 26 and gcd(j, 26) = 1. The encryption of a message M under a key (J, K) is given by C JM + K (mod 26) (0 C 25). (a) [2 points] Find the encryption of the plaintext M = 12 under the affine linear cipher key (J, K) = (3, 4). (b) [4 points] Find the decryption of the ciphertext C = 5 under the affine linear cipher key (J, K) = (3, 4).

Page X of X RS / rs

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback