1. COSC /MATH 314 SPRING 2010
Solutions to the practice questions for midterm
(sketches)
1. Describe how you would conduct a chosen plaintext attack against an
affine cipher. I recall you that the goal of the attack is to find the e-key,
which is the pair of numbers (α, β).
We can choose the plaintexts a (=0, in the numerical translation) and
b(=1). The corresponding ciphertexts will be α* 0 + β = β and
respectively α * 1 + β = α+ β. From here we immediately find α and β.
2. How many keys are possible in the affine crypto system? ( I remind you
that in this system x is encoded by αx + β (mod 26).) Justify your
answer.
There are 12 possibilities for α (because there are 12 numbers between 0
and 25 that are relatively prime with 26; note that this is ϕ (26), i.e., the
Euler function that was introduced when we discussed Euler Theorem)
and 26 possibilities for β. So, the number of keys is 12 * 26 = 312.
3. Alice and Bob are using the one-time pad cryptosystem. Suppose that
the plaintext is 1011 0101 110 and the ciphertext is 0001 0110 111.
What is the key
If P, K, and C are respectively the plaintext, the key and the ciphertext,
then P + K = C, where + is bitwise XOR. From here, we deduce that
K = P + C.
So K = 1011 0101 110 + 0001 0110 111 = 1010 0011 001
4. One reasonable idea for enhancing the security of a cryptosystem is to
use double encryption. Thus Alice first encrypts the message m getting
c_1 and then she encrypts c_1 obtaining c_2 which she sends to Bob.
Suppose Alice is doing this using the Hill cipher. Is double encryption
(with the Hill cipher) any safer than simple encryption? Say ‘yes’ or ‘no’
and justify your answer.
No, it wouldn’t be any safer. If K1 and K2 are the two matrix keys, then
double encryption means that given the plaintext x, the ciphertext Y is
obtained as Y = K2 (K1 x) = (K2 K1 ) x, so it is the same as single
encryption with the key K2 K1.
2. 5. Suppose that in the “Baby DES” cryptosystem we have been able to
determine that the first 4 bits of K_3 are either 1100 or 0101 and the last
4 bits of K_3 are 1110. List all the possibilities for K.
There are 2 possibilities for K_3. We still miss one bit of K. For the
missing bit there are of course 2 possibilities. Thus in total there are 4
possibilities for K. Just follow the rules for determining K_3 from K. You
will get the 4 possibilities for K.
6. Alice is sending a DES encrypted message to Bob, and one bit in block
C15 is corrupted during the transfer over the network (all the other
ciphertext blocks are correct). What blocks of the plaintext will be
garbled when Bob is doing the decryption if
a. Alice is using the ECB mode.
From the equations for ECB, we see that just P15 (having 64 bits)
is garbled).
b. Alice is using CBC.
P15 and P16 (in total 128 bits).
c. Alice is using CFB.
P15 and the next 8 blocks (in total 9 * 8 = 72 bits, remember that in
CFB a block has 8 bits).
7. Alice wants to use quad-DES by doing four DES encryptions with two
keys K1 and K2 using the formula C = E K1 (E K1 (E K2 (E K2 (P)))).
Describe briefly how Eve can mount an efficient attack of the type
“known plaintext.” Suppose Eve can do 256 simple DES
encryptions/decryptions in about 20 minutes and also assume that doing
double DES encryptions/decryptions takes two times the time for single
DES encryption/decryption. How long it will take to Eve to break the
new scheme proposed by Alice (ignoring the time for all other
operations except DES encryptions/decryptions)? Justify briefly.
We have D K1 (D K1 (C)) = E K2 (E K2 (P)). Using the method in the meet-
in-the-middle-attack, we build 2 tables, the first one with
D K1 (D K1 (C)) for all possible K1, and the second one with E K2 (E K2 (P))
for all possible K2 and look for equal entries (matches) in the 2 tables.
Building each table requires 40 minutes, because we need to do 256 double
DES encryptions). To reduce the number of matches, we probably need to
repeat this for another pair (P’, C’). So in total, we need to construct 4
tables, each requiring 40 minutes, which means that total time is about
160 minutes.
3. 8. We are analyzing the security of the substitution cryptosystem, denoted as
usual EK. (K is the key which in the case of the substitution cryptosystem is a
substitution table). Suppose the message space M consists of all possible
combinations of two letters from the English alphabet, in other words M = {aa,
ab, ac, …, zz}, and each message from M is equally likely to be sent by Alice.
(a) What is Prob (M= ‘aa’)? (here M is a randomly chosen message from M).
It is equal to 1/(26)2, because there are 262 possible 2-letters words that are equally
likely, and ‘aa’ is just one of them.
(b) What is Prob (M = ‘aa’| EK(M) = ‘bc’)? (Here M is a randomly chosen message
from M, and K is a randomly chosen key).
This probability is 0, because the ciphertext has two different letters and thus, since
substitution is used, it is not possible that the plaintext consists of the same letter
repeated twice.
(c) What do (a) and (b) say about the security of the substitution cryptosystem? More
precisely, is it perfectly secure?
Since the two probabilities are different, the definition of perfect
security is violated. So the substitution cipher is not perfectly secure.
9. The alphabet of a certain language has only the 5 letters (0,1,2,3,4).
Suppose the message `42’ is encrypted with an affine cipher and the
ciphertext is `12’. (a) Find the key. (b) The ciphertext 3124 has been
obtained using the key from (a). Find the corresponding plaintext.
Solution. (a) Let the unknown key be (x,y). Since 4 1 and 2 2, we can form
the equations 4x + y = 1 and 2x + y = 2 (the arithmetic is modulo 5). By solving
the system of equations, we obtain x=2 and y = 3, so the key is (2,3).
(b) Let the plaintext be x_1 x_2 x_3 x_4. We have the equations 2x_1 + 3 = 3,
2x_2 + 3 = 1, 2x_3 + 3 = 2, 2x_4 + 3 = 4, from which we obtain x_1 = 0, x_2 =
4, x_3 = 2, x_4 = 3. So the plaintext is `0423’.
10. We encrypt with double Vigenere using for the first encryption the key
k_1 = (1,3,5,7) and for the second encryption the key k_2 = (2,4). Show
that this is equivalent to simple Vigenere encryption, and find the key
for the single Vigenere encryption that is equivalent with double
Vigenere encryption with the above keys k_1 and k_2.
4. Solution. One can see that if we split the plaintext into groups of 4 letters, each such
group of 4 letters p_1 p_2 p_3 p_4 is encrypted to p_1 + 1 +2, p_2+3+4, p_3+5 +2,
p_4+7+4. Thus, the equivalent key is (3,7,7,11).
11. The plaintext `friday’ is encrypted using the Hill cipher with m=2 to give the
ciphertext `PQCFKU’. Find the key K. (It is acceptable to write the key K as a
product of two matrices without performing the multiplication or taking the inverse.)
Solution. From the first 2 blocks of 2 letters, we derive (5 17) * K = (15 16) and
(8 3) * K = (2 5) (everything is modulo 26).
This can be rewritten as
(5 17 } * K = (15 16 )
( 8 3) (2 5)
It follows that K = (5 17 }-1 * (15 16 )
(8 3) (2 5).
12. Suppose that you are informed that the plaintext `abccab’ has been encrypted with the
Vigenere cipher and the corresponding ciphertext is `bbccab’. What is the key
length?
Solution. Since the length of the plaintext is 6, the key length can be 1,2, 3, 4, 5 or 6. It
cannot be 1, because if it were the two occurrences of `a’ would be encrypted as the
same letter. It cannot be 2, because if it were, the two occurrences of `ab’ would be
encrypted as the same group of 2 letters, which is not the case. It cannot be 3 for the
following reason: if key length =3, since `cab’ is encrypted as `cab’, it would follow that
the key is (0 0 0). But in this case the first group of 3 letters, `abc’, would be encrypted as
`abc’. It cannot be 4, because if it were, the two occurrences of ‘a’ would be encrypted
by the same letter. Ant it cannot be 5, because if it were the first ‘a’ and the last ‘b’
would be shifted by the same amount and thus their encryption would not both be ‘b’. So
key length = 6.
13. The alphabet is {0,1,2,3,4}. The Hill cipher is used with m=2, and the key is the 2-by-2
matrix
K = (4 1)
(3 1)
Encrypt the message `1 2 3 4’.
Solution: ( 1 2) * K = (0 3) and (3 4) * K = (4 2). The ciphertext is 0 3 4 2.
Be the first to comment