Block Cipher with Solution | Cryptography and Network Security | CS 549, Assignments of Cryptography and System Security

Material Type: Assignment; Class: Cryptography and Network Security; Subject: Computer Science; University: Illinois Institute of Technology; Term: Unknown 1989;

Typology: Assignments

Pre 2010

Uploaded on 08/16/2009

koofers-user-j78-1
koofers-user-j78-1 🇺🇸

10 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1. (10 points) Assume that there is a block cipher, named XXX, that always encrypts
block of b = 72 bits using key of k = 60 bits. Assume that we know that XXX will be
broken even using simple brute-force attacking by guessing the encryption key. To
enhance the security level, assume that someone proposes to use 2XXX by use of 2
encryptions of XXX with 2 different independently and randomly chosen keys. Prove
that 2XXX does not provide a much stronger security than XXX. Prove in detail why this
statement is true (you have to analyze in detail a method attacking 2XXX using time that
is not much longer than the brute force attacking on XXX).
Answer:
Assume it costs time T for XXX to encrypt a Plaintext or decrypt a Ciphertext, and
it costs time T1 to compare two large numbers. Note that here T1 << T.
For XXX, given a (Plaintext, Ciphertext) pair, the attacker only needs to encrypt
the Plaintext using all the 2 possible keys and compare the 2 possible results with the
Ciphertext. So the time complexity for attacking XXX is 2 * (T + T1).
 

com
mbers in the
two me w
*
. (10 points) Continue from preceding question. Assume now that someone wants to use
s a
irst encrypts the Plaintext twice
 
he
with one from the first sorting set and one from the second sorting set. With similar
For 2XXX, given a (Plaintext;Ciphertext) pair, the attacker first encrypts the
Plaintext using all the 2 possible keys and reaches 2 intermediate results, then
decrypts the Ciphertext using all the 2 possible keys and also reaches 2 intermediate
results. Finally, the attacker compares the first 2 intermediate results with the second
2 possible intermediate results. Note that for encryption/decyption part, each has time
plexity of 2 * T. For comparing, the attacker can sort the first and second 2
intermediate results individually by quicksort, each with time complexity of
2 * ln2 * T1 = 60 * 2 *T1. Then attacker can compare the sorted nu
inter diate result set ith complexity of 2 * 2 * T1. So the total time complexity
for attacking 2XXX is 2 * T * 2 + 2 * 60 * 2 T1 + 2 * 2 * T1 = 2 * (2T +
122T1).
Since T1 << T, we know the method attacking 2XXX using time that is not much
longer than the brute force attacking on XXX.
2
3XXX to enhance the security by using 3 rounds of encryptions of XXX with 3 different
and independent keys. Design a method that can attack 3XXX whose time complexity is
with order of 2 = 2 instead of navie complexity of 2. In your method, how many
pairs of plaintexts and ciphertexts do you need? What is the space complexity your
method will need? Given this many pairs of plaintext nd ciphertexts, what is the
probability that you will find the correct encryption key?
Answer:
Given a (Plaintext, Ciphertext) pair, the attacker f
using all the possible 2 key pairs (k1, k2) and reaches 2 intermediate results, then
decrypts the Ciphertext using all the possible 2 keys and reaches 2 intermediate
results. Then the attacker can do the matching by sorting t first 2 and second 2
intermediate results individually by quicksort and comparing the result pairs increasingly
pf3
pf4
pf5

Partial preview of the text

Download Block Cipher with Solution | Cryptography and Network Security | CS 549 and more Assignments Cryptography and System Security in PDF only on Docsity!

  1. (10 points) Assume that there is a block cipher, named XXX, that always encrypts block of b = 72 bits using key of k = 60 bits. Assume that we know that XXX will be broken even using simple brute-force attacking by guessing the encryption key. To enhance the security level, assume that someone proposes to use 2XXX by use of 2 encryptions of XXX with 2 different independently and randomly chosen keys. Prove that 2XXX does not provide a much stronger security than XXX. Prove in detail why this statement is true (you have to analyze in detail a method attacking 2XXX using time that is not much longer than the brute force attacking on XXX). Answer: Assume it costs time T for XXX to encrypt a Plaintext or decrypt a Ciphertext, and it costs time T1 to compare two large numbers. Note that here T1 << T. For XXX, given a (Plaintext, Ciphertext) pair, the attacker only needs to encrypt the Plaintext using all the 2 possible keys and compare the 2 possible results with the Ciphertext. So the time complexity for attacking XXX is 2 * (T + T1).

଺଴ ଺଴ ଺଴

com

mbers in the two me w

. (10 points) Continue from preceding question. Assume now that someone wants to use

s a

irst encrypts the Plaintext twice ଵଶ଴ ଵଶ଴

he

with one from the first sorting set and one from the second sorting set. With similar

For 2XXX, given a (Plaintext;Ciphertext) pair, the attacker first encrypts the Plaintext using all the 2 ଺଴^ possible keys and reaches 2 ଺଴^ intermediate results, then decrypts the Ciphertext using all the 2 ଺଴^ possible keys and also reaches 2 ଺଴^ intermediate results. Finally, the attacker compares the first 2 ଺଴^ intermediate results with the second 2 ଺଴^ possible intermediate results. Note that for encryption/decyption part, each has time plexity of 2 ଺଴^ * T. For comparing, the attacker can sort the first and second 2 ଺଴ intermediate results individually by quicksort, each with time complexity of 2 ଺଴^ * ln 2 ଺଴^ * T1 = 60 * 2 ଺଴^ *T1. Then attacker can compare the sorted nu inter diate result set ith complexity of 2 * 2 ଺଴^ * T1. So the total time complexity for attacking 2XXX is 2 ଺଴^ * T * 2 + 2 * 60 * 2 ଺଴^ T1 + 2 * 2 ଺଴^ * T1 = 2 ଺଴^ * (2T + 122T1). Since T1 << T, we know the method attacking 2XXX using time that is not much longer than the brute force attacking on XXX.

3 XXX to enhance the security by using 3 rounds of encryptions of XXX with 3 different and independent keys. Design a method that can attack 3XXX whose time complexity is with order of 2 ଶ௞^ = 2 ଵଶ଴^ instead of navie complexity of 2 ଷ௞. In your method, how many pairs of plaintexts and ciphertexts do you need? What is the space complexity your method will need? Given this many pairs of plaintext nd ciphertexts, what is the probability that you will find the correct encryption key? Answer: Given a (Plaintext, Ciphertext) pair, the attacker f using all the possible 2 key pairs (k1, k2) and reaches 2 intermediate results, then decrypts the Ciphertext using all the possible 2 ଺଴^ keys and reaches 2 ଺଴^ intermediate results. Then the attacker can do the matching by sorting t first 2 ଵଶ଴^ and second 2 ଵଶ଴ intermediate results individually by quicksort and comparing the result pairs increasingly

analysis in Question 1, the total time complexity for attacking 3XXX is 2 ଵଶ଴^ * T + 2 T + 120 * 2 ଵଶ଴^ * T1 + 60 * 2 ଺଴^ *T1 + ( 2 ଵଶ଴^ + 2 ଺଴) * T1 = O( 2 ଵଶ଴T), with T is the time for XXX to encrypt a Plaintext or decrypt a Ciphertext, and T1 is the time to compare two large numbers. For a Plaintext, there are 2 ଺଴כଷ^ ke tri s for encryp n, thus we can produc ଺଴כଷ ଻ଶ

y ple tio e

Then proba

ଵ଼଴ (^) ey le m

her xt) pa 2 ଵ^ e

G pai כ ܥ

2 Ciphertext results; however, there are only 2 Ciphertext alternatives for the Ciphertext is only 72 bit long. According to pigeonhole principle, for every (Plaintext, Ciphertext) pair, we can find 2 ଵ଼଴^ = 2 ଵଵଶ^ key triples matching with high probability. given a (Plaintext, Ciphertext) pair, for each key triple, it is a matching with bility of 2 ଵ଴଼^ / 2 ଵ଼଴^. Therefore given n (Plaintext, Ciphertext) pairs, for each key triple, it is a matching with probability of ( 2 ଵ଴଼^ / 2 ଵ଼଴^ ሻ௡. Since we have 2 ଵ଼଴^ key triples, we can reach ( 2 ଵ଴଼^ / 2 ଵ଼଴^ ሻ௡^ * 2 k trip atching. If we want to find the correct key triple, which means that there is only one key triple that matches all the n(Plaintex, Ciphertext) pairs, then we need ( 2 ଵ଴଼^ / 2 ଵ଼଴^ ሻ௡^ * 2 ଵ଼଴^ ≤ 1, we get n ≥ 3, thus n = 3. In our method, for a (Plaintext, Cip te ir, we need 72 * ଶ଴^ to store th first 2 ଵଶ଴^ intermediate results and 72 * 2 ଺଴^ to store the second 260 intermediate results. So the total space complexity is ߠ( 2 ଵଶ଴^ * 72). Since the space for current (Plaintext, Ciphertext) pair can be used for the next (Plaintext, Ciphertext) pair in our method except saving all the old key triple matchings, the total space complexity; thus, is still ߠ( 2 ଵଶ଴^ * 72). iven 3 (Plaintext, Ciphertext) rs, the probability that we will the correct

encryption key is 1 – (( 2 ଵ଴଼^ / 2 ଵ଼଴^ ሻଷ^ ሻଶ^ ଶଶ భఴబ^ = 1 -

ଵ ଶ ళయ

  1. (10 points) This problem is about Hill cipher system. Assume that in a Hill cipher system, the input alphab x ov r ܼ ଶ଺. Fo any = ݔଵ, ݔଶ, …, ݔ௠ ሻ் , we compute the ncryption as y = K. x mod 26. scar has learned that a plaintext

ted by Alice using the same key, spondin

et is {0, 1, 2, …, 24, 25}. Assume that each time it encrypts m characters. The key K is then a m × n matri e r input x ( e Suppose that O 1, 2, 3, 4, 5, 6, 0, 3, 7 is encrypted by Alice as 16, 7, 3, 11, 6, 25, 23, 2, 24 and also Oscar knows that m = 3 (a) What is the key K used by Alice? (b) If Oscar intercepts another ciphertext (2, 5, 7) encryp what is the plaintext corre g to this ciphertext? Answer: (a) From the definition of Hill 16 1 11

cipher,

൭ 7 ൱ ؠ K * ൭2൱, ൭ 6 ൱ ؠ K * 3 3 25

൱ ؠ K * ൭

Therefore,

Since ed ؠ 1mod (n) and ߶(n) = (p – 1)(q – 1), then ed )(q – 1) +

1.gcd(M, p) = 1(k is a random integer), from Euler Theorem, ܯ థሺ௣ሻ^ ؠ l t we know ܯ ௘ௗ^ ؠ ܯ ௜ሺ௣ିଵ^ ሻሺ௤ିଵ^ ሻା ଵ^ ௘ௗ

= k(p – 1 ାଵ (^) M mod p, e

߶(p) = p – 1, ؠ M, thus p|ܯሺ - M).

ut R A g e that Bob uses RSA and selects an q How m also b uses a public encryption key e = 91. Alice sends Bob a message M = 2008 l

    1. = 7200, ߶(߶(n) ½)(1 – 1/3)(1 – 1/5) = 1920; erefore, there are totally 1920 e that meets gcd(e, ߶(n)) = 1. Since, e > 1, therefore there e 1919 possible public keys.

2 91) = g (11, 3) = gcd(3, 2) = gcd(2, 1) = 1

ቀ^2 1

ቁ*ቀ^7200

ቁ = ቀ^25 െ

ቁ*ቀ^7200

Thus, -33*7 91ି ଵ^ = 2611 mod 7200. Since 0<2611<7200, d= 2611 ܯ ᇱ^ = ܥ 295 100011 2957 ଶ^ = 6844 m 2957 ସ^844 ଶ 2957଼ 040 ଶ = 294 7373 1935 mod 7373

295 = 611 = 7259 mod 7373 295 ଶ^ = 725 = 5623 mod 7373 3 29 ଴ସ^2705 ଶ^ = Thus, 8443228193556233009 = 2008 mod 7373

  1. (10 points) This question is abo S a ain. Assum two "large" prime numbers p = 101 d = 73. any possible public keys Bob from which Bob can choose? Assume that Bo . What wi l be the ciphertext received by Bob? Show the detailed procedure that Bob decrypts the received ciphertext. Answer: ߶(n) = (p – 1)(q ) = 7200(1 – h r

t a C = ܯ ௘^ = 2008 ଽଵ, 91 = 1011011 2008 ଶ^ = 6406 mod 7373 2008 ସ^ = 6406 ଶ^ = 6091 mod 7373 2008଼ = 6091 ଶ^ = 6718 mod 7373 2008 ଵ଺^ = 6718 ଶ^ = 1391 mod 7373 2008 ଷ^ ଶ^ = 1391 ଶ^ = 3155 mod 7373 ସ (^) = 3155 = 475 mod 7373

Thus, 2008 ଽଵ^ = 2008 * 6406 * 6718 * 1391 * 475 = 2957 mod 7373. So, the ciphertext received by Bob is C = 2957. Since (n) = 7200

gcd(7 00, cd(91, 11) = gcd

ቀ^0 1 ቁ*ቀ^0 1 ቁ 1 1 െ

od 7373 = 6 = 7040 mod 7373 = 7 = 294 mod 7373 2957 ଵ଺^ ଶ^ = 5333 mod 7373 2957 ଷଶ^ = 5333 ଶ^ = 3228 mod 2957 ଺ସ^ = 3228 ଶ^ = 2957 ଵଶ଼^ = 1935 ଶ^ = 6114 mod 7373 7 ଶହ଺^4 ଶ 7 ହଵ^9 ଶ 2957 ଵ଴ଶସ^ = 2623 ଶ^ = 2705 mod 737 57 ଶ଼^ = 3009 mod 7373 2957 ଶ଺ଵଵ^ = 2957*

  1. (10 nts) T t the Knapsack encryption system. Consider a super- increasing set s ) and a "large" prime number p = 97 that is larger than the sum tion x = 13 be the secret key selected by a user Alice. What is the public key Alice should publish? If a user Bob wants to send a message with 10 bits 10010 encrypted message Bob should send to Alice? How Alice d pt the from Bob? Answer In Knapsack System, s = (3, 5, 10, 21, 43), a = 13, p = 97. Then n = 5, t = (aݏଵ, aݏଶ, …, aݏ௡) = (39, 65, 130, 273, 559) ؠ (39, 65, 33, 79, 74)mod 97. Then the public key Alic uld p , 79, 74). ܥଵ = E(ݔଵ , …, ∑ ݔ௜ݐ௜ = 139 + 179 ؠ 21 mod 97. ܥ = E(ݔ଺ ଻, …, = ∑ ݔ ݐ = 139 + 165 + 174 ؠ 81 mod 97 S the enc

t = t - ݏ

olution

ro or , 1, p

inese emai want to decrypt of a ciphertext y and the ecryp odular n = p. q , where p and q are two large prime numbers (p – 1) and ݀ ௤ = d mod (q – 1); and let ܯ௣= ିݍ ଵ^ mod p and

mod q. Let x = ܯ௣. q. ݔ௣ + ܯ௤. p. ݔ௤ mod n. deed the original plaintext, i.e., x = ݕ ௗ^ mod n. 2003 and y = 152702, use the above method to decrypt the p n d

= m 1 m o pq|(x - ሻ ݕ, n|(x - ሻ ݕ. Thus x ؠ ݕ mod n.

poi his question is abou = (3, 5, 10, 21, 43 ma of all numbers in s. Let

as 11001, what is the ecry ciphertext received :

e sho ublish is (39, 65, 33 , ݔଶ ݔହ) = (1, 0, 0, 1, 0) = ଶ ,^ ݔ^ ݔ^ ଵ଴ ) = (1, 1, 0, 0, 1) ௜ ௜ rypted message Bob should send to Alice is (21, 81). When Alice gets the message, she gets ିܽ ଵ^ = 15, ିܽ ଵ^ ܥଵ = 1521 = 24, ିܽ ଵ^ ܥଶ = 1581 = 51 mod 97. Then she solves subset problem (T) using following algorithm. Algorithm for subset problem (T) t = T For i = n downto 1 do If t ≥ ݏ௜ then ଵ set ݔ௜ = 1 Else ݔ௜ = 0 If ∑ ݔ௜*ݐ௜ = T then (ݔଵ, ݔଶ, …, ݔ௡) is the s Else, there is no solution F m the alg ithm, when Alice uses T = 24, she gets (ݔଵ, ݔଶ, …, ݔ௡) = (1, 0, 0 0). When T = 51, she gets (ݔଵ, ݔଶ, …, ݔ௡) = (1, 1, 0, 0, 1). So the decry ted message got by Alice is (1001011001)

  1. (10 points) A common way to speed up the RSA decryption is to use the Ch R nder Theorem. Suppose that we d tion key is d and the m used by RSA. Let ݀ ௣= d mod

ܯ௤ = ି݌ ଵ^ mod q.

Let ݔ ௣ = ݕ ௗ^ ೛^ mod p and ݔ௤ = ݕ ௗ^ ೜

Prove that the computed x is in Given p = 1511 and q = ciphertext y when the decry tio key is = 153. Answer: x ؠ ܯ௣ * q * ݔ௣ ؠ ିݍ ଵ^ qݕ ௗ^ ೛^ ؠ ݕ ௗ^ ೛^ mod p. Since ݀ ௤ d od (p – 1), we let ݀ ௤

= k(p – 1) + d. From ݕ ௣ିଵ^ ؠ od n, we get ݕ ௗ^ ೛^ ؠ ݕ ௞ሺ௣ିଵ^ ሻାௗ^ ؠ ݕ ௗ^ mod p. Then p|(x - ݕ ௗ^ ሻ, similarly q|(x - ݕ ௗ^ ሻ, s ௗ^ ௗ^ ௗ