Exercise Sheet Cryptography 1, 2011

Similar documents
The security of RSA (part 1) The security of RSA (part 1)

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Cryptography and Security Midterm Exam

ECS 189A Final Cryptography Spring 2011

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

5199/IOC5063 Theory of Cryptology, 2014 Fall

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Mathematics of Cryptography

Solution of Exercise Sheet 7

10 Modular Arithmetic and Cryptography

Public-Key Encryption: ElGamal, RSA, Rabin

Practice Exam Winter 2018, CS 485/585 Crypto March 14, 2018

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Written examination. Tuesday, August 18, 2015, 08:30 a.m.

Cryptography and Security Final Exam

Question: Total Points: Score:

Notes for Lecture Decision Diffie Hellman and Quadratic Residues

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

Introduction to Modern Cryptography. Benny Chor

Public Key Encryption

Public-Key Cryptosystems CHAPTER 4

Lecture 22: RSA Encryption. RSA Encryption

MATH 158 FINAL EXAM 20 DECEMBER 2016

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018

10 Concrete candidates for public key crypto

CPSC 467b: Cryptography and Computer Security

Computer Science A Cryptography and Data Security. Claude Crépeau

Solutions for week 1, Cryptography Course - TDA 352/DIT 250

Alternative Approaches: Bounded Storage Model

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

Solution to Midterm Examination

RSA RSA public key cryptosystem

CPSC 467: Cryptography and Computer Security

Technische Universität München (I7) Winter 2013/14 Dr. M. Luttenberger / M. Schlund SOLUTION. Cryptography Endterm

CS 355: Topics in Cryptography Spring Problem Set 5.

COMP424 Computer Security

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Solution to Problem Set 3

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Sol: First, calculate the number of integers which are relative prime with = (1 1 7 ) (1 1 3 ) = = 2268

COMP4109 : Applied Cryptography

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

1 Number Theory Basics

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Cryptography IV: Asymmetric Ciphers

5.4 ElGamal - definition

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

An Introduction to Probabilistic Encryption

Cryptanalysis of a Multistage Encryption System

A PUBLIC-KEY THRESHOLD CRYPTOSYSTEM BASED ON RESIDUE RINGS

Implementation Tutorial on RSA

Mathematics of Public Key Cryptography

Chapter 11 : Private-Key Encryption

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Lecture 12: Block ciphers

El Gamal A DDH based encryption scheme. Table of contents

10 Public Key Cryptography : RSA

2 More on Congruences

Lecture Notes, Week 6

Public Key Cryptography

ASYMMETRIC ENCRYPTION

Cryptography and Security Final Exam

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Chapter 2 : Perfectly-Secret Encryption

MATH3302 Cryptography Problem Set 2

Cryptography and Security Midterm Exam

8.1 Principles of Public-Key Cryptosystems

Public Key Cryptography

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

CPSC 467b: Cryptography and Computer Security

Lecture 15 & 16: Trapdoor Permutations, RSA, Signatures

Discrete Mathematics GCD, LCM, RSA Algorithm

Mathematical Foundations of Public-Key Cryptography

Provable Security for Public-Key Schemes. Outline. I Basics. Secrecy of Communications. Outline. David Pointcheval

Historical cryptography. cryptography encryption main applications: military and diplomacy

Akelarre. Akelarre 1

CPA-Security. Definition: A private-key encryption scheme

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Classical Cryptography

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Cryptography and Security Final Exam

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

ECE596C: Handout #11

Cryptography Lecture 4 Block ciphers, DES, breaking DES

EXAM IN. TDA352 (Chalmers) - DIT250 (GU) 18 January 2019, 08:

Cryptography: The Landscape, Fundamental Primitives, and Security. David Brumley Carnegie Mellon University

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

The RSA Cipher and its Algorithmic Foundations

ICS141: Discrete Mathematics for Computer Science I

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019

Cryptography. P. Danziger. Transmit...Bob...

Introduction to Elliptic Curve Cryptography. Anupam Datta

CSc 466/566. Computer Security. 5 : Cryptography Basics

Advanced Cryptography 1st Semester Public Encryption

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Number theory (Chapter 4)

Transcription:

Cryptography 1 http://www.cs.ut.ee/~unruh/crypto1-11/ Exercise Sheet Cryptography 1, 2011 Exercise 1 DES The Data Encryption Standard (DES) is a very famous and widely used block cipher. It maps 64-bit plaintext blocks x = (x 63 x 62...x 0 ) on 64-bit ciphertext blocks y = (y 63 y 62...y 0 ) using a 56-bit secret key k = (k 55 k 54...k 0 ) as a parameter (see Figure 1). (x 63 x 62...x 0 ) 64 56 DES (k 55 k 54...k 0 ) 64 (y 63 y 62...y 0 ) Figure 1: DES, a mapping of 64-bit plaintext blocks on 64-bit ciphertext block, depending on a 56-bit secret key 1. When the secret key k is fixed, DES defines a specific permutation on X = {0,1} 64. Why do you think it is necessary for DES to be a bijection, and not a simple function? 2. How many permutations can you find on X = {0,1} 64? How many different secret keys does DES have? 3. DES internal design involves a 32-bit transformation which is represented in Figure 2. Is this transformation a permutation and/or a transposition? 1

Figure 2: A transformation in DES on 32-bit strings Consider now a random permutation on {0,1} l represented by a random variablec,uniformlydistributedamongallpossiblepermutationsof{0,1} l. 12. Compute Pr[C = c], where c is a fixed permutation on {0,1} l. 13. Let x,y {0,1} l be two fixed l-bit strings. Using the previous question, computepr[c (x) = y]. ComparethisprobabilitywithPr[Y = y] where Y is a random variable uniformly distributed in {0,1} l. 14. Let a,b {0,1} l such that a 0. We define the differential probability of C to be DP C (a,b) = Pr X [C (X a) = C (X) b], where the probability holds over the uniform distribution of X. For b 0, show that E C (DP C (a,b)) = 1 2 l 1. Exercise 2 Weak Keys of DES We say that a DES key k is weak if DES k is an involution. Exhibit four weak keys for DES. Reminder: Let S be a finite set and let f be a bijection from S to S. The function f is an involution if f(f(x)) = x for all x S. Exercise 3 Semi-Weak Keys of DES We say that a DES key k is semi-weak if it is not weak and if there exists a key k such that DES 1 k = DES k. Exhibit four semi-weak keys for DES. 2

Exercise 4 Complementation Property of DES Given a bitstring x we let x denote the bitwise complement, i.e., the bitstring obtained by flipping all bits of x. 1. Prove that for any x and K. DES K (x) = DES K (x) 2. Deduce a brute force attack against DES with average complexity of 2 54 DES encryptions. Hint: Assume that the adversary who is looking for K is given a plaintext block x and the two values corresponding to DES K (x) and DES K (x). Exercise 5 Exhaustive Search on 3DES We consider 3DES with three independent keys. Let P,C {0,1} 64 be k 1 k 2 k 3 P DES DES 1 DES C Figure 3: 3DES with three independent keys a plaintext/ciphertext pair, where C = 3DES k (P) for some unknown key k = (k 1,k 2,k 3 ) (see Figure 3). We want to recover k by an exhaustive search. 1. What is the number of DES encryptions/decryptions of the following algorithm Input: a plaintext/ciphertext couple (P, C) Output: key candidate(s) for k = (k 1,k 2,k 3 ) Processing: 1: for each possible key K = (K 1,K 2,K 3 ) do 2: if C = 3DES K (P) then 3: display K = (K 1,K 2,K 3 ) 4: end if 5: end for 2. Let C : {0,1} 64 {0,1} 64 denote a uniformly distributed random permutation. What is the probability that C (P) = C. 3

3. Assuming that 3DES K roughly behaves like C when K is a uniformly distributed random key, estimate the number of wrong keys (i.e., different from k) displayed by the Algorithm. 4. Assume that an adversary has t distinct plaintext/ciphertext pairs denoted (P i,c i ) for i = 1,...,t, all encrypted under the same (still unknown) key k (so that C i = 3DES k (P i )). Write an algorithm similar to the Algorithm that reduces the number of wrong keys that are displayed(butwhichdoesatleastdisplayk). Whatisthetotalnumber of DES encryptions/decryptions of this algorithm? 5. Express the average number of wrong keys that are displayed by your algorithm in function of t (which is the number of available plaintext/ciphertext couples). Evaluate the necessary number of couples in order to be almost sure that only the good key k = (k 1,k 2,k 3 ) is displayed. Exercise 6 3DES Exhaustive Search 1. What is the average complexity of an exhaustive search against the two-key 3DES? 2. How can an adversary take advantage of the complementation property DES K (x) = DES K (x)? What is the complexity now? Exercise 7 RSA with exponent 3 In this exercise we consider an RSA modulus n = pq where p and q are large prime numbers (here, by large we mean at least equal to 5). We consider a valid RSA exponent e for RSA. 1. Show that neither (p mod 3) nor (q mod 3) can be equal to 0. 2. Under which condition e is a valid exponent for a modulus n? 3. From now on, we will assume that e = 3. Show that neither p 1 nor q 1 can be multiples of 3. 4. Deduce that p mod 3 = q mod 3 = 2. 5. What is the value of n mod 3? 6. For any digits d 0,...,d l 1, show that ( l 1 ) d i 10 i mod 3 = ( l 1 i=0 i=0 ) (d i mod 3) mod 3 4

7. Show that e = 3 is not a valid RSA exponent for the following RSA modulus: n = 777575993 Exercise 8 Congruence Relations 1. Solve the following congruence relations (if possible): (a) 3x 2 mod 11 (b) 5x 11 mod 12 (c) 6x 8 mod 14 (d) 3x 2 mod 18 2. Simplify (without a calculator) (a) 2 23 mod 11 (b) 3 110 mod 53 (c) 4 18 mod 15 Exercise 9 Captain s Age 1. The aim of this exercise is to find the very secret age of the Captain. The only information we know is that one year ago, his age was a multiple of 3, in 2 years it will be a multiple of 5, and in 4 years it will be a multiple of 7. Deduce the Captain s age. Hint: Maybe the Captain is Chinese... 2. Solve the following system of congruence equations: 3x 4 mod 7 2x 10 mod 26 4x 12 mod 20 Exercise 10 Groups, Rings and Fields 1. Do the following form groups? If not, which of the properties do they fail? (a) The even integers under addition. (b) ( a b c d) : a,b,c,d R under matrix multiplication. (c) The real numbers under operator defined by a b = a+b+ab. (d) The set {2, 4, 6, 8} under multiplication modulo 10. 5

(e) Z under operator defined by a b = a+b+1. 2. List all the subgroups of the group {2,4,6,8,10,12} under multiplication modulo 14 and in each case give their order. 3. Find the inverses of: (a) 6 mod 19 (b) 3 mod 10 (c) 11 mod 16 (d) 14 mod 22 4. Do the following form Fields or Rings under normal addition and multiplication? (a) even integers (b) {a+bj} : a,b Z 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback