Cryptography Exercises

Transcription

1 Cryptography Exercises 1

2 Contents 1 source coding 3 2 Caesar Cipher 4 3 Ciphertext-only Attack 5 4 Classification of Cryptosystems-Network Nodes 6 5 Properties of modulo Operation 10 6 Vernam Cipher 11 7 Public-Key Algorithms 14 8 Double Encryption 15 9 Vigenere Cipher and Transposition Permutation Cipher Substitution Cipher Substitution + Transposition Affine Cipher Perfect Secrecy Feistel Cipher Block Cipher Digital Encryption Standard (DES) Primitive Element Diffie-Hellman Key Exchange Pohlig-Hellman a-symmetric Encryption 58 2

3 21 ElGamal RSA System Euclid s algorithm Protocol Failure Complexity Authentication Protocols Hash Functions Cipher Modes Pseudo Random Number Generators Linear Feedback Shift Register Challenge Response Application of error correcting codes in biometric authentication General Problems 91 3

4 1 source coding Problem 1.1. We consider 64 squares on a chess board. (a) How many bits do you need to represent each square? (b) In a game on a chessboard one player has to guess where his opponent has placed the Queen. You are allowed to ask six questions which must be answered truthfully by a yes/no reply. Design a strategy by which you can always find the Queen. Show that you can not ensure the exact position when you are allowed to ask five questions. (c) How do you interpret your result in (b) together with your result in (a)? Problem 1.2. A language has an alphabet of five letters x i, i = 1, 2,..., 5, each occurring with probability 1. Find the number of bits needed of a 5 fixed-length binary code in which: (a) Each letter is encoded separately into a binary sequence. (b) Two letters at a time are encoded into a binary sequence. (c) Three letters at a time are encoded into a binary sequence. Which method is efficient in the sense of bit per letter? Problem 1.3. A language has an alphabet of eight letters x i, i = 1, 2,..., 8, with probabilities 0.25, 0.20, 0.15, 0.12, 0.10, 0.08, 0.05 and (a) Determine an efficient binary code for the source output. (b) Determine the average number of binary digits per source letter. Problem 1.4. Suppose a source outputs the symbols {a, b, c, d, e, f, g} with probability {0.4, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05}. (a) Give a binary representation for these symbols and calculate the average representation length. (b) How do you know that your representation has minimum average length? 4

5 2 Caesar Cipher Problem 2.1. We consider a Caesar cipher and assume that the plaintext message is in English. Decrypt the following ciphertext by giving a brief explanation: KNXMNSLKW JXMBF Y JW GJSIXF IRNY XB T W IKNXMW F SIT AJW MJQRNSLF SDIF D Note: Use the following frequency distribution of the letters in the English language for the cryptanalysis: Table 1: a b c d e f g h i j k l m 8, 05 1, 62 3, 2 3, 65 12, 31 2, 28 1, 61 5, 14 7, 18 0, 1 0, 52 4, 03 2, 25 n o p q r s t u v w x y z 7, 19 7, 94 2, 29 0, 20 6, 03 6, 59 9, 59 3, 1 0, 93 2, 03 0, 2 1, 88 0, 09 (a) What can be the main drawback of the substitution cipher given above? (b) Caesar cipher is an example of classical cryptosystem. Is this statement true? Why or why not? (c) Steganography is the art and science of hiding information by embedding messages within other, seemingly harmless messages. Take the third letter in each word of the encrypted message above and find the emerging message. 5

6 3 Ciphertext-only Attack Problem 3.1. We consider a ciphertext-only attack on a substitution cipher and assume that the plaintext message is in English. Decrypt the following ciphertext by giving a brief explanation: XT HQT XJST RF Y Y JW MT BKF W What can be the main drawback of the substitution cipher given above? Problem 3.2. We consider a ciphertext-only attack on a substitution cipher and assume that the plaintext is in English. Decrypt the following ciphertext: ynyqj Hint: Use the frequency distributions of the letters in English language in table 1 for the analysis. 6

7 4 Classification of Cryptosystems-Network Nodes Problem 4.1. Suppose that we have the following network nodes A, B, C and D (Figure 1): Figure 1: A C B D (a) How many keys do we have to generate such that A, B and C can communicate with D in a bidirectional secure way using a symmetric encryption algorithm? (b) We replace the symmetric encryption algorithm with a public key system. How many public keys do we have to generate in this case such that A, B and C can communicate with D in a bi-directional secure way? (c) Suppose that we have 8 nodes in a network. How many symmetric keys do we need such that every pair of nodes can communicate in a safe way? Problem 4.2. (a) Suppose that we have a network with 10 nodes. How many different keys do we have to generate such that every pair of nodes can communicate in a bi-directional secure way using classical cryptosystem? (b) We replace classical system with a public key system. How many different keys do we have to generate such that every pair of nodes can communicate in a bi-directional secure way? (c) Suppose that we extend the network with one more node. How many new extra keys do we need to generate such that every pair of nodes 7

8 can communicate in a bi-directional secure way? (Calculate for classical and public cryptosystems). (d) What is your short conclusion or the interpretation of the results found above? Problem 4.3. (a) Suppose that we have a network with 6 nodes. How many keys do we have to generate such that every pair of nodes can communicate in a bi-directional secure way using the DES encryption algorithm? (b) Suppose that we extend the network with one more node. How many new DES keys do we need such that every pair of nodes can now communicate in a safe way? (c) Instead of DES, we want to use RSA. How many Public keys do we need such that every pair of nodes can now communicate in a safe way? Problem 4.4. (a) Suppose that we have a network with 6 nodes. How many keys do we have to generate such that every pair of nodes can communicate in a bi-directional secure way using the RSA encryption algorithm. (b) Suppose that we extend the network with one more node. How many new Public keys do we need such that every pair of nodes can now communicate in a safe way? (c) Instead of RSA, we want to use DES. How many keys do we need such that every pair of 7 nodes can communicate in a bi-directional safe way? Problem 4.5. Suppose that we have the following network nodes: A, B, C, D. Nodes can communicate over the links shown below (Figure 2). Q1: How many keys do we have to generate such that nodes can communicate over the given links in a bi-directional secure way using the DES encryption algorithm with node A and without node A? Q2: Instead of DES, we want to use ElGamal public key scheme. How many public keys do we have to generate such that nodes can communicate over the given links in a bi-directional secure way with node A and without 8

9 Figure 2: A B C D node A? Answer the above questions for the following network nodes (Figure 3): Figure 3: A B C D Problem 4.6. Consider the figure 4 of a network with nodes A, B, C, D and E. Arrows represent the communication in a bidirectional secure way. 9

10 Figure 4: A B E C D Q A ) How many keys do we have to generate such that the nodes can communicate over the arrows in a bidirectional secure way using a symmetric encryption algorithm? Q B ) We replace the symmetric encryption algorithm with a public key system. How many public keys do we have to generate in this case? 10

11 5 Properties of modulo Operation Problem 5.1. Calculate the modulo operations given below: mod 17 = 7 5 mod 15 = 12 8 mod 7 = 7559 mod 63 = 7559 mod 63 = mod 63 = mod 151 = mod 197 = mod 323 = mod 73 = 7 73 mod 71 = mod 167 = 2 32 mod 5 = 8 64 mod 9 = mod 25 = mod 23 = 4 15 mod 17 = 11

12 6 Vernam Cipher Problem 6.1. Consider a Vernam Cipher with the following encryption scheme (Figure 5): Figure 5: Key sequence K (random) Binary message M C=M K (xor operation) Assume that a language has only three letters A, B and C. Their binary representations are as follows: A = 000, B = 1111, C = Two words in the language are encrypted with the same key sequence: Determine the possible message pair. W 1 = W 2 = Problem 6.2. The Vernam cipher is an example of a perfect stream cipher (Figure 6): For the probability P (k i = 0) = 0.5 and P (x i = 0) = 0.25 calculate P (y i = 0) and P (y i = 1). For the probability P (k i = 0) = 0.4 and P (x i = 0) = 0.3 calculate P (y i = 0) and P (y i = 1). For the probability P (k i = 0) = 0.5 and P (y i = 0) = 0.25 calculate P (x i = 0) and P (x i = 1). For the probability P (k i = 0) = 0.4 and P (y i = 0) = 0.3 calculate P (x i = 0) and P (x i = 1). For the probability P (k i = 0) = 0.5 and P (x i = 0) = 0.4 calculate P (y i = 0) and P (y i = 1). For the probability P (k i = 0) = 0.4 and P (x i = 0) = 0.4 calculate P (y i = 0) 12

13 Figure 6: Binary key k i Binary message x i y i = x i K i and P (y i = 1). For the probability P (k i = 0) = 0.6 and P (x i = 0) = 0.6 calculate P (y i = 0) and P (y i = 1). Problem 6.3. Suppose that we use the following simple encryption (Figure 7): Random bit stream R Figure 7: C= M R Binary message M A language has only two words: A = 111 and B = Two sentences in the language are encrypted with the same random binary sequence R. The first sentence S 1 is encrypted as and the second sentence S 2 is encrypted as Find good candidates for the original sentences. Problem 6.4. a) Consider the following letter encodings: 13

14 letter A E I M O R T V encoding A message M = M ARIO is Vernam encrypted into ciphertext C = AOAMV ; C = M K where shows modulo 2 XOR operation. Find the corresponding encryption key. Provide details of your cryptanalaysis. b) Consider the following two ciphertexts C 1 = IEEIA and C 2 = ORV RO that are obtained from messages M 1 and M 2 respectively under the vernam encryption and the same encryption key. Encrypted messages are two names. Let us denote with m i,k the kth letter in message M i. The following is known about messages (names): m 1,1 = R and m 2,4 = T. Using this information, try to recover messages M 1 and M 2, as well as the encryption key. Provide details of your cryptanalysis. 14

15 7 Public-Key Algorithms Problem 7.1. Encrypt the message encoding using the double Transposition. Choose Key1 and Key2 as exam and study. Problem 7.2. A double transposition cipher uses as first keyword exam and as second keyword topic. Find the plaintext corresponding to the ciphertext C = isthastties. Problem 7.3. Decrypt the ciphertext: HRDY MIP UUNEOBP Y EAMT P OAK using Double Transposition with keys K 1 = CRY P T O and K 2 = MONEY. 15

16 8 Double Encryption Problem 8.1. We consider double encryption of a private-key algorithm in order to increase the security, such that: y = e 2 (e 1 (M)). Assume two ciphers are given as: e 1 (x) = a 1.x + b 1 e 2 (z) = a 2.z + b 2 where x and z represent the input message, a {1,2} and b {1,2} are the coefficients. Show that there is a single cipher e 3 (M) = a 3.M + b 3 which performs exactly the same encryption (and decryption) as the combination e 2 (e 1 (M)). 16

17 9 Vigenere Cipher and Transposition Problem 9.1. (a) For a transposition cipher the letter frequency remains unchanged. (yes/no)? (b) The number of different transposition ciphers for a binary word of length 4 is (c) A transposition cipher destroys dependency between letters. Problem 9.2. Encrypt the message below using the following methods. Assume the English alphabet. Supplieswillarrivetonight 1. Vigenere with key=system. 2. Double Transposition with key1=make, key2=stand. What is the main advantage of Vigenere cipher over Caesar cipher? What is the main goal of the transposition? Why is it stronger to apply double transposition instead of single transposition? Problem 9.3. A Vigenere type of cipher is given as follows: Plaintext space X = {0,..., 25}. Ciphertext space Y = {0,..., 25}. Key space K = {0,..., 25}. Encryption function is defined by: E(X, K) = (X + K) mod n. The following alphabet X = {A, B,..., Z} are identified with the natural numbers. (a) Determine the decryption function. (b) Encrypt the following text by using the key hello and assuming (as usual) that n = 26. Write your answer with a block of length 5 and ignore spaces, dots and commas. (Show your steps briefly!) Mr. P resident, I am delighted to accept your offer. 17

18 Figure 8: modulo 26 Ciphertext Plaintext D D Delay elements Problem 9.4. Consider a Vigenere type of cipher with the encryption scheme given in Figure 8. (a) D represents the delay elements in time where C i and P i are the ciphertext and plaintext with the time index i. Write the encryption function from the figure 8. (b) Determine the decryption function. (c) Draw the equivalent decryption implementation. Problem 9.5. Suppose the message SSDT T RRNNRICNAW COILOAT HKIUSGY IT AT OAAEUN was encrypted using double transposition. Find the keys as well as the plaintext message. Hint: The keys belong to the set {SY ST EMS, ENGINEERING, UNIV ERSIT Y, ESSEN, DUISBURG, CRY P T OGRAP HY }. Problem 9.6. A vigenere type of cipher is given by the rule: C i = P i + P i 2 modulo 26 where C i and P i are ciphertext and plaintext symbols at time i, respectively. It is implemented with two delay elements as shown in figure 9. Give the rule for deciphering and draw the equivalent implementation to decipher the ciphertext. 18

19 Figure 9: modulo 26 Ciphertext Plaintext D D Delay elements Problem 9.7. Decrypt the cipher text ICP EY DRCT EP DRHIEA using the following methods, and the given keys. The alphabet is given by A = 1, B = 2,..., Z = 26. (Note: The plain text may not be a readable message). (a) Vigenere (Key = CRY P T O). (b) Double Transposition (Key1 = CRY P T O, Key2 = ESSEN). Problem 9.8. We consider a Vigenere type block cipher system. You must choose your key according to the last 4 letters of your surname. (Ex: Name: Mengi, Key: engi) Encrypt the following given messages: 1. spyincountry 2. exam Hint: A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z. (A=0,.., Z=25). Problem 9.9. A Vigenere type of cipher is given by the rule: C i = (P i + C i 1 +C i 2 ) modulo 26, where C i and P i are ciphertext and plaintext symbols at time i, respectively. It is implemented with 2 delay elements as shown in figure 10: 19

20 Plaintext Figure 10: + modulo 26 Ciphertext Delay elements Give the rule for deciphering and draw the equivalent implementation to decipher the cipher text. 20

21 10 Permutation Cipher Problem Encrypt the message spyarrivesonthursday using the double Transposition. Choose Key1 and Key2 as your first and second name. (Ex.: anil mengi, then the Key1=anil and Key2=mengi). 21

22 11 Substitution Cipher Problem (a) A substitution cipher destroys dependency between letters. (yes/no?) (b) The number of different substitution ciphers for binary words of length 4 is Problem In a substitution cipher we replace symbols by other symbols. Suppose that message symbols are elements from the set {0, 1, 2, 3, 4}. As an example the symbols {0, 1, 2, 3, 4} are replaced by {0, 4, 1, 2, 3}. Note: we assume that substitution from a set {0, 1, 2, 3, 4} to a set {0, 1, 2, 3, 4} is also valid. (a) How many different substitutions are possible for the alphabet with letters {0, 1, 2, 3, 4}. (b) Suppose that we implement a substitution system in a double encryption mode as given in figure 11. All the additions are modulo 5 addition. Figure 11: Message + Modulo 5 + Modulo 5 Cipher Key 1 Key 2 Given the message 2 and the corresponding cipher 4, what are the possible different keys? Problem In a substitution cipher we replace symbols by other symbols. As an example the symbols {00, 01, 10, 11} are replaced by {01, 10, 00, 11}. (a) How many different substitution ciphers are possible for binary words of length 2? 22

23 (b) The simple substitution ciphers can be realized with a table lookup, where rows correspond to messages and columns to keys. The entries in the table are the ciphers. What is the size of your table? (c) Suppose that we implement the substitution in simple way (Figure 12): Figure 12: binary message (a,b) cipher (a j,b k) is modulo 2 binary key K= (j,k) How many different substitutions are possible for this simple encryption? (d) We use this simple substitution cipher in a double encryption mode (Figure 13): Figure 13: Message substitution substitution Cipher Key K 1 Key K 2 Given the message (0, 1) the corresponding cipher is (1, 1). How many different solutions are possible for the key pair (K 1, K 2 )? Give an example. 23

24 Problem In a substitution cipher we replace symbols by other symbols. Suppose that message symbols are elements from the set {0, 1, 2, 3}. As an example the symbols {0, 1, 2, 3} are replaced by {1, 0, 3, 2}. (a) How many different substitutions are possible for the alphabet with letters {0, 1, 2, 3}? Suppose that we implement the substitution in a simple way using key symbols from the set {0, 1, 2, 3}. (b) We use the substitution cipher in a double encryption mode as shown in figure 14: Figure 14: Message substitution + substitution + Cipher Key K Key K 1 = ( j, k ) 2 = ( k, j ) Given the message (1, 2) and the corresponding cipher (3, 0), what is the number of possible keys? Give an example of a key K 1 = (j, k). Problem Given is the following string of ciphertext which was encrypted with substitution cipher: The encryption rule is given as asvphgyt C = (M + K) mod 26 where C is the ciphertext, M is the plaintext and K is the key. We assume that the plaintext is in English. You know that the first plaintext letter is a W. Find the key and decrypt the message. Problem In substitution cipher, we replace symbols by other symbols. The message and the key symbols are elements from the set {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}. As an example the symbols {0, 6, 5, 2, 4, 0} are replaced by {1, 2, 3, 4, 5, 1}. 24

25 (Q1) How many different substitutions are possible for the alphabet with letters {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}. Suppose that we implement the substitution in a simple way as given in figure 15. Key is given as {8, 5, 4, 6, 8, 2}. Assume that the message is the last 6 numbers of your matriculation number. (Ex.: m.n.= , then the message={4, 5, 7, 6, 5, 2}). (Q2) Calculate the cipher. Figure 15: message (a,b,c,..) + modulo 10 addition cipher=(a+j,b+k,c+l,...) modulo 10 key K=(j,k,l...) 25

26 12 Substitution + Transposition Problem Suppose that we have a binary-to-octal and octal-to-binary substitution followed by a binary transposition scheme as shown in figure 16: Figure 16: (a) How many different schemes can we construct by changing the mapping of the substitutions and transpositions? Hint: the order should be the same, i.e. Binary-to-octal and octal-tobinary substitution followed by a binary transposition scheme. (b) Assume a language with 8 letters: A, B, D, K, M, O, S, T where the decimal representation is A = 0, B = 1,..., T = 7. In order to encrypt a letter in this language, we convert the letter in binary form, apply the scheme above and convert them back into the corresponding letter. Encrypt the given word: BOST AK. Problem Suppose that we have the binary-to-octal and octal-tobinary substitutions followed by a binary transposition scheme shown in figure 17: Q1: How many different schemes can we construct by changing the substitutions and transpositions? (The order should be the same: Binary-to-octal and octal-to-binary substitutions followed by a binary transposition.) 26

27 Figure 17: Q2: Assume a language with 8 letters: A, B, C, K, L, O, T, Y. In order to encrypt a word in this language, we convert the letters into binary form, apply the scheme above and convert them back to corresponding letters. Encrypt the word: KAL. Hint: A=0, B=1, C=2, K=3, L=4, O=5, T=6, Y=7. 27

28 13 Affine Cipher Problem We consider the affine code that transforms a message M into ciphertext C as C = (19.M + 6) mod 31. In other words, M is multiplied with 19, 6 is added to the sum and modulo 31 is taken over the result. (Q 1 ) Encrypt M=29. (Q 2 ) The message can be recovered by an affine transformation of the form M = (a.c + b) mod 31. Determine the constants a and b. Problem The encryption for 128 different symbols is given by the following equation: C = (K 1 M + K 2 ) modulo 128; where C and M represent the cipher and the message, respectively. Q1: For K 1 = 11 and K 2 = 17, encrypt M = 70. Q2: Find the corresponding decryption function. Q3: Give the message that follows from C = 20 for the same K 1 and K 2 values. 28

29 14 Perfect Secrecy Problem Consider the cryptosystem with probability measures given in figure 18: Figure 18: Key K Message M + modulo 4 Cipher C where: (i) K {0, 1, 2, 3} and P (K = 0) = 1/3, P (K = 1) = P (K = 2) = 1/6. (ii) M {0, 1, 2, 3} and P (M = 0) = 1/7, P (M = 1) = 3/7 and P (M = 2) = 2/7. (iii) C = (M + K) modulo 4. (a) Calculate the corresponding probabilities: P (M = 3), P (K = 3), P (C = 0), P (C = 2), P (C = 2 M = 0), P (C = 0 M = 0). (b) What is the condition for perfect secrecy? (c) Does this cryptosystem provide perfect secrecy? mathematically. Prove your answer Problem Consider the cryptosystem with probability measures given as follows: Plaintext space X = {a, b, c}. Ciphertext space Y = {1, 2, 3, 4} 29

30 Key space K = {K 1, K 2 } Encryption functions are defined by: a b c K K Plaintext and key distributions are defined by: a b c 1/4 1/4 1/2 K 1 K 2 1/4 3/4 (a) What is the condition for perfect secrecy? (b) Compute the corresponding probability measures on ciphertext (P (Y = i), i = 1, 2, 3, 4). (c) Check and prove whether this cryptosystem is secure. Problem A ternary source generates symbols M = {0, 1, 2} with probability P (M = 0) = 1, P (M = 1) = P (M = 2) = 1. Consider two 2 4 substitution ciphers given in A and B. Figure 19: K M + mod 3 C (A) We use a substitution cipher with an encryption rule C = (M + K) mod 3 (Figure 19), where K {0, 1} is the key with the probability P (K = 0) = P (K = 1) = 1/2 and C {0, 1, 2} is the ciphertext. Answer the following questions: (a) Calculate P (M = 0 C = 0) and P (C = 2). 30

31 (b) Does this scheme provide perfect secrecy? Motivate your answer mathematically! (B) Another substitution cipher calculates C = M + K (Figure 20), where now C {0, 1, 2, 3} and K {0, 1} with the probability P (K = 0) = P (K = 1) = 1. Answer the following questions: 2 Figure 20: K M + C (c) Calculate P (M = 0 C = 0) and P (C = 2). (d) Which scheme A or B gives better security? Why? Problem Consider the cryptosystem given in figure 21: Figure 21: Key K Message M Cipher C Where: 31

32 M {0, 1}, K {0, 1} : P (K = 0) = P (K = 1) = 1 2, C = M K (a) For a given probability P (M = 0) = 1 3 and P (M = 1) = 2 3, calculate the following probabilities: P (C = 0) =......, P (M = 0 C = 0) = (b) Does this cryptosystem provide perfect secrecy? mathematically! Prove your answer Problem Suppose that a sender and receiver use the encryption table in figure 22: Message x = 0 x = 1 Figure 22: key cipher We assume further that the keys are selected with equal probability and P (X = 0) = 1 P (X = 1) = 1 3. (a) A passive attacker observes the cipher 3. What is the probability that the transmitted message is 1, given the observed cipher is 3? (b) An active attacker changes an observed cipher 3 with 1. What is the probability that this cipher is accepted as valid by the receiver? (c) An active attacker injects the cipher 3. What is the probability that this cipher is accepted as valid by the receiver? Problem Suppose that we have the encryption scheme in figure 23: where (i) M {0, 1, 2} and P (M = 0) = P (M = 1) = P (M = 2) = 1 3, 32

33 Figure 23: Key K Message M + Cipher C (ii) K {0, 1} : P (K = 0) = P (K = 1) = 1 2, (iii) C = M + K modulo 3 Calculate the following probabilities: (a) P (C = 0) = (b) P (M = 0 C = 0) = Problem Consider the cryptosystem with probability measures given as follows: P (K 1 ) P (K 2 ) P (K 3 ) P (a) P (b) 1/4 1/2 1/4 1/4 3/4 Encryption function is given as: Answer the following questions: P (1) = P (2) = P (3) = P (4) = a b K K K Write down the condition for perfect secrecy. 33

34 Is this cryptosystem secure? Why or why not? Problem Consider the cryptosystem with probability measures given in figure 24: Figure 24: Key K Message M + modulo 3 Cipher C K {0, 1, 2} : P (K = 0) = 1/5, P (K = 1) = P (K = 2) = 2/5. M {0, 1, 2} : P (M = 0) = 1/7, P (M = 1) = 4/7. C = (M + K) modulo 3 Q1: Calculate the following probabilities: P (M = 2) = P (C = 0) = Q2: Write down the condition for perfect secrecy. Q3: Does this cryptosystem provide perfect secrecy? Prove your answer mathematically! Problem Suppose that a sender and receiver use the following encryption table: M 1 M 2 K K K K K

35 where M and K represent the message and the key, respectively. Let the keys be selected with equal probability. Probability distribution of the messages is not known. For each transmission the ciphertext is valid for the particular key which is known by both sides. Assume that an attacker knows the encryption table. (Q 1 ) Show mathematically that whether this system does provide perfect secrecy or not. (Q 2 ) An attacker changes an observed cipher 2 by the value 1. The probability that this cipher is accepted as valid by the receiver. (Q 3 ) An attacker changes an observed cipher 3 by the value 2. The probability that this cipher is accepted as valid by the receiver. Problem Suppose that a sender and receiver use the following encryption table: M 1 M 2 K K K K where M and K represent the message and the key respectively. We assume further that the keys and the messages are selected with probability P (M 1 ) = 1/4, P (M 2 ) = 3/4, P (K 1 ) = 1/2 and P (K 2 ) = P (K 3 ) = 1/6. (Q 1 ) Show mathematically that the given system does not provide perfect secrecy. (Q 2 ) Modify plaintext and/or key distribution in such a way that perfect secrecy is obtained. Explain your choice. Problem Consider the cryptosystem in figure 25 with probability measures given as follows: Key K {0, 1, 2} : P (K = 0) = 3/5, P (K = 1) = P (K = 2) = 1/5, Message M {0, 1, 2} : P (M = 0) = 3/7, P (M = 1) = 2/7, 35

36 Figure 25: K M + mod 3 C Cipher C = (M + K) modulo 3. Q1: Calculate the following probabilities. P (M = 2) =... P (C = 0) =... Q2: Write down the condition for perfect secrecy. Q3: Does this cryptosystem provide perfect secrecy? Prove your answer mathematically! Problem Suppose that a sender and receiver use the following encryption table: K 1 K 2 K 3 K 4 K 5 M M where M and K represent the message and the key, respectively. Let the keys be selected with equal probability. The probability distribution of the message is not known. The key and the message determine the ciphertext. Assume that the particular key and the encryption table are known by both sides. (Q 1 ) Show mathematically whether this system provides perfect secrecy or not. (Q 2 ) An attacker changes an observed cipher 4 by the value 1. Give the probability that this cipher is accepted as valid by the receiver. 36

37 (Q 3 ) An attacker changes an observed cipher 3 by the value 1. Give the probability that this cipher is accepted as valid by the receiver. Problem Consider the last 3 numbers of your matriculation number. For the simplicity, the last 3 numbers will be denoted as {mat 1, mat 2, mat 3 }. (Ex.: m.n.= , then the message={mat 1 = 6, mat 2 = 5, mat 3 = 2}). Figure 26: Key K Message M + modulo 12 Cipher C Consider the cryptosystem given in figure 26 where the message and the key are the elements from a set {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}. The probability distribution of the message is given as follows, M p(m) 3/10 1/10 1/10 3/20 1/20 1/40 1/10 1/10 1/20 1/40 Keys are equally distributed. Cipher C is calculated as follows, (Q 1 ) Calculate the following probabilities: C = (M + K) modulo 12. (1) P (C = mat 3 ) = P (C = mat 2 M = 2) = P (M = 5 C = mat 1 ) = (Q 2 ) What is the condition for perfect secrecy? (Q 3 ) Prove mathematically whether this system provides perfect secrecy or not? 37

38 Problem The encryption/decryption of a sequence of letters from the alphabet {A, B} into a cipher with letters {a, b, c} is done according to the following table. Key A B 1 a b 2 b c 3 b a 4 c b The key letters {1, 2, 3, 4} have equal probability. An unauthorized person knows the table and can observe and modify the ciphertext. A modification is successful if the receiver accepts the modified cipher symbol, i.e. the ciphertext is valid for the particular key. Example: at time i: plaintext P i = B and K i = 3 gives C i = a. A modification may change a into b for a given K i = 3. Q1: Does the cipher provide perfect secrecy? YES/ NO? Q2: What is the probability of successful modification for an observed cipher b? P (success observed cipher= b) = Q3: What is the probability of successful modification for an observed cipher a? P (success observed cipher = a) = 38

39 15 Feistel Cipher Problem Consider the Feistel network structure in figure 27: Figure 27: Data L 8 bits K x Data R 8 bits bitwise XOR operator e(r,k x ) K y e(*,k y ) bitwise XOR operator Cipher L 8 bits * represents the incoming data Cipher R 8 bits (a) Write down the general mathematical expression for the outputs; cipher- L and cipher-r. (b) Linear feedback shift registers are used to generate random binary sequences. Consider the two LFSRs in figure 28 where D represents the delay elements. For an initial content (seed) of 1 and 0 for both LFSR s, write down the output sequences. (at least 8 bits.) Hint: first output should be the first bit of the sequence. (c) Consider again the Feistel Cipher. Encryption is done by simple XOR operation. We use LFSR-X to generate key sequence Kx (8 bits) and LFSR-Y to generate key sequence Ky (8 bits). Use the first 8 bits 39