Chapter 31 Problems

Use the additive cipher with k = 10 to encrypt the plaintext "book". Then decrypt the message to get the original plaintext.

b = 1, o = 14, k = 10 b = (1 + 10)mod26 = 11 o = (14 + 10)mod26 = 24 k = (10 + 10)mod26 = 20 => LYYU

In RSA, given p = 107, q = 113, e = 13, and d = 3653, encrypt the message "THIS IS TOUGH" using 00 to 26 (A: 00 and space: 26) as the encoding scheme. Decrypt the ciphertext to find the original message.

n = p x q = 12091 19070818260818261914200607 Encrypt: P1 = 1907, 1907^13mod(12091) = 10614 Decrypt: C1 = 10614, 10614^3653mod12091 = 1907

Assume Bob, using the RSA cryptosystem, selects p = 11, q = 13, and d = 7, which of the following can be the value of public key e? a. 11 b. 103 c. 19

phi = (p - 1)(q - 1) = 10(12) = 120 (e x d)mod(phi) = (e x 7)mod120 a.) 77mod120 = 77 != 1 b.) (103 x 7)mod120 = 1 => e = 103 c.) 133mod120 = 13 != 1

The key in DES is 56 bits. Assume Eve, the intruder, tries to find the key using a brute-force attack (tries all of the keys one by one). If she can try one million keys (almost 220) in each second (using a powerful computer), how long does it take to break the code?

2^56 keys, has to try 2^55 keys => 2^55 / 2^20 = 2^35 seconds = 1092 years

Atbash was a popular cipher among Biblical writers. In Atbash, "A" is encrypted as "Z", "B" is encrypted as "Y", and so on. Similarly, "Z" is encrypted as "A", "Y" is encrypted as "B", and so on. Suppose that the alphabet is divided into halves and the letters in the first half are encrypted as the letters in the second and vice versa. Find the type of cipher and key. Encipher the plaintext "an exercise" using the Atbash cipher.

A B C D E F G H I J K L M Z Y X W V U T S R Q P O N "an exercise" = ZMVCVIXRHV

Figure 31.22 shows a unidirectional authentication that authenticates Alice for Bob. Change this figure to provide bidirectional authentication: to authenticate Alice for Bob and then Bob for Alice.

In notebook

In Figure 31.9, we have two straight permutation operations: initial permutation and final permutation. Experts believe these operations are useless and do not help to make the cipher stronger. Can you find the reason for this statement?

Could potentially permute back to the original text?

Assume we have a very simple message digest. Our unrealistic message digest is just one number between 0 and 25. The digest is initially set to 0. The cryptographic hash function adds the current value of the digest to the value of the current character (between 0 and 25). Addition is in modulo 26. What is the value of the digest if the message is "HELLO"? Why is this digest not secure?

H = 7, E = 4, L = 11, O = 14 Init: d = 0 d = (0 + 7)mod26 = 7 d = (7 + 4)mod26 = 11 d = (11 + 11)mod26 = 22 d = (22 + 11)mod26 = 7 d = (7 + 14)mod26 = 21 HLWHV Insecure b/c each of the digest values is between 0 and 25

Another method used in a ciphertext attack (see previous problem) is called the statistical approach, in which the intruder intercepts a long ciphertext and tries to analyze the statistics of the characters in the ciphertext. A simple cipher like the additive cipher does not change the statistics of the characters because encryption is one-to-one. Assume the intruder has intercepted the following ciphertext and the most common character in an English plaintext is the character "e". Use this knowledge to find the key of the cipher and decrypt the ciphertext. XLILSYWIMWRSAJSVWEPIJSVJSYVQMPPMSRHSPPEVWMXMWASVXLQSVILYVVCFIJSVIXLIWIPPIVVIGIMZIWQSVISJJIVW

I is most common => if I = e, k = 4

A cryptographic hash function needs to be second preimage resistant, which means that given the message M and the message digest d, we should not be able to find any other message, M′, whose digest is d. In other words, two different messages cannot have the same digest. Based on this requirement, show that a traditional checksum in the Internet cannot be used as a hash function.

In notebook

Assume you want to write a program to simulate the permutation boxes in Figure 31.8 in the text. a. Show how you represent each box as a table. b. Show the inversion of each box as a table

In notebook

Change Figure 31.23 to allow bidirectional authentication. Alice needs to be authenticated for Bob and Bob for Alice.

In notebook

Change Figure 31.24 to allow bidirectional authentication. Alice needs to be authenticated for Bob and Bob for Alice.

In notebook

Each round in a block cipher should be invertible to make the whole block invertible. Modern block ciphers use two approaches to achieve this. In the first approach, each component is invertible; in the second approach some components are not invertible but the whole round is invertible using what is called a Feistel cipher. This approach is used in DES, described in the text. The trick in the Feistel cipher is to use the XOR operation as one of the components. To see the point, assume that a round is made of a noninvertible component, NI, and an XOR operation, as shown in Figure 31.29. Prove that the whole round is invertible, which means that the plaintext can be recovered from the ciphertext. Hint: use XOR properties (x ⊕ x = 0 and x ⊕ 0 = x).

In notebook

Explain why encryption is used in the second message (from Bob to Alice) in Figure 31.23, but signing is done in the third message (from Alice to Bob) in Figure 31.24.

In notebook

In a transposition cipher the encryption and decryption keys are often represented as two one-dimension tables (arrays) and the cipher is represented as a piece of software (a program). a. Show the array for the encryption key in Figure 31.6 in the text. Hint: the value of each element can show the input-column number; the index can show the output-column number. b. Show the array for the decryption key in Figure 31.6 in the text. c. Explain, given the encryption key, how we can find the decryption key.

In notebook

The nonce in Figure 31.22 is to prevent a replay of the third message. Eve cannot replay the third message and pretend that it is a new request from Alice, because when Bob receives the response, the value of RB is not valid anymore. This means that we can eliminate the first and the second message if we add a timestamp to the diagram. Show a new version of Figure 31.22 using a timestamp.

In notebook

You may have noticed that there is a flaw in Figure 31.26. Eve, the intruder, can replay the third message and, if she can somehow get access to the session key, can pretend to be Alice and exchange messages with Bob. The problem can be avoided if both Alice and Bob use two nonces. Remember that nonces have a lifetime and their main purpose is to prevent replaying. Modify Figure 31.26 to add two nonces.

In notebook

In Figure 31.9 we have a swapper in each round. What is the use of this swapper?

Increased security

Assume we have a keyless substitution box (S-box) with three inputs (x1, x2, and x3) and two outputs (y1 and y2). The relation between the inputs and outputs is defined as follows (⊕ means XOR): y1 = x1 ⊕ x2 ⊕ x3, y2 = x1 What is the output if the input is (110)? What is the output if the input is (001)?

Input = 110, output = y1 y2 => 01 y1 = 1 XOR 1 XOR 0 = 0 XOR 0 = 0 y2 = 1 Input = 001, output = y1 y2 => 10 y1 = 0 XOR 0 XOR 1 = 0 XOR 1 = 1 y2 = 0

Encrypt the message "this is an exercise" using additive cipher with key = 20. Ignore the space between words. Decrypt the message to get the original plaintext.

Same process as previous question but with (x + 20)mod26

Explain why private-public keys cannot be used in creating a MAC.

Too easy to decrypt

One of the attacks an intruder can apply to a simple cipher like an additive cipher is called the ciphertext attack. In this type of attack, the intruder intercepts the cipher and tries to find the key and eventually the plaintext. One of the methods used in a ciphertext attack is called the brute-force approach, in which the intruder tries several keys and decrypts the message until the message makes sense. Assume the intruder has intercepted the ciphertext "UVACLYZLJBYL". Try to decrypt the message by using keys beginning with 1 and continuing until a plaintext appears that makes sense.

UVACLYZLJBL U = 20 V = 21 A = 0 C = 2 L = 11 Y = 24 Z = 25 L = 11 J = 9 B = 1 L = 11 (20 - 7)mod26 = 13 = n (21 - 7)mod26 = 14 = o (0 - 7)mod26 = t ... => notverysecure, k = 7

Alice can use only the additive cipher on her computer to send a message to a friend. She thinks that the message is more secure if she encrypts the message two times, each time with a different key. Is she right? Defend your answer.

Using two keys is like using one key with the value of the two keys added together

A substitution cipher does not have to be a character-to-character transformation. In a Polybius cipher, each letter in the plaintext is encrypted as two integers. The key is a 5 × 5 matrix of characters. The plaintext is the character in the matrix, the ciphertext is the two integers (each between 1 and 5) representing row and column numbers. Encipher the message "An exercise" using the Polybius cipher with the following key:

a = 55 n = 33 e = 15 x = 31 r = 22 c = 35 i = 44 s = 32 55331531152235443215

To understand the concept of secret-key distribution, assume a small private club has only 100 members (excluding the president). Answer the following questions: a. How many secret keys are needed if all members of the club need to send secret messages to each other? b. How many secret keys are needed if everyone trusts the president of the club? If a member needs to send a message to another member, she first sends it to the president; the president then sends the message to the other member. c. How many secret keys are needed if the president decides that the two members who need to communicate should contact him first. The president then creates a temporary key to be used between the two. The temporary key is encrypted and sent to both members.

a.) ((101 - 1) x 100) = 10000 secret keys required b.) 200, 100 to president, 100 from president c.) 50, one for every pair

A very common operation in block ciphers is the XOR operation. Find the results of the following operations. Interpret the results. a. (01001101) ⊕ (01001101) b. (01001101) ⊕ (00000000)

a.) 00000000 b.) 01001101

The swap operation is one of the components of the modern block ciphers. a. Swap the word (10011011)2. b. Swap the word resulting from part a. c. Compare the results of part a and part b to show that swapping is a selfinvertible operation

a.) 10111001 b.) 10011011 c.) Same same

The circular shift operation is one of the components of the modern block ciphers a. Show the result of a 3-bit circular left shift on the word (10011011)2. b. Show the result of a 3-bit circular right shift on the result of part a. c. Compare the result of part b with the original word in part a to show that shift right and shift left operations are inverses of each other.

a.) 11011100 b.) 10011011 c.) Obviously the answer from part b is the same as the question from part a

Define the type of attack in each of the following cases: a. A student breaks into a professor's office to obtain a copy of the next test. b. A student gives a check for $10 to buy a used book. Later the student finds out that the check was cashed for $100. c. A student sends hundreds of e-mails per day to the school using a phony return e-mail address.

a.) Confidentiality b.) Integrity c.) Availability