Midterm
Instructions
Please answer the following questions as well as you can. You are free to use any resources to help you answer the problems. You are free to write code to help you answer problems.
Please do not collaborate.
Please put all answers in this document.
You can use Markdown (I will show how in class) or upload a legible image of work done on paper.
To make a cell a Markdown cell, put
%md
as the first line.To enter a cell press
SHIFT-ENTER
while the cursor is in the cell.This is due in one week, on Tuesday 10/31.
An updated schedule is on Piazza if you have concerns about scheduling.
Question 1
Suppose we define an encryption scheme as follows. The key will be four elements and in . The message space will be sequences of elements of of length 6. The ciphertext space will be the same as the message space.
The encryption algorithm is the following. Given a key and and a message , the corresponding ciphertext is , where:
Suppose you know that the message SIXWIG (thought of as a sequence of numbers in ) corresponds to the ciphertext IGPXUY.
Q1, Part
Write down the system of equations in the unknowns and that you must solve to recover the key from the known plaintext-ciphertext pair.
Q1, Part
What numbers in have multiplicative inverses mod 26?
Q1, Part
Use your answer to Part to solve for one of the key variables.
Q1, Part (BONUS)
Recover the key used to produce the known plaintext pair.
Question 2
You may know that the cipher described in Question 1 is the Hill Cipher and that the key elements and . However let us ignore this fact and suppose that any four elements in can be a key.
Question 2, part
How many keys are there in the Hill Cipher described above?
Question 2, part
Suppose we regard the Hill Cipher as described in Question 1 as a block cipher. The blocks are elements of (i.e. sequences of letters of length 6). How many distinct blocks are there?
Question 2, part
The expected number of false keys that exist for a brute force attack on a block cipher with a single known plaintext pair is given by the formula
What is the expected number of false keys for a brute force attack on the Hill Cipher as described in Question 1 with a single known plaintext pair?
Question 2, part
Suppose your answer to Question 2, part was . If , then what is ? (Hint: use log base 2)
Question 2, part
Suppose you changed one of the plaintext characters in the plaintext SIXWIG from Question 1. How many ciphertext characters would be affected?
Question 2, part
Suppose you changed one of the key characters or used when encrypting SIXWIG. How many ciphertext characters would be affected?
Question 2, part
A chosen plaintext attack is a threat model in which the attacker is allowed to use the encryption algorithm with key to encrypt plaintext of his or her choice. The attacker does not learn , she is only allowed to use the encryption algorithm as a black box. Give an example of a plaintext that would reveal the key to the Hill Cipher from Question 1, if you had access to as in a chosen plaintext attack.
Question 3
Compute the 3rd power of the polynomial thought of as an element of GF() with irreducible polynomial .
Question 4
The following describes a toy block cipher. The block size is 8 bits and the key size is 16 bits. A round will consist of the following.
The input is XORed with the first 8 bits of the round subkey
The input, considered as an element of ) with irreducible , is squared.
The left 4 bits of the block are swapped with the right 4 bits of the block. For example 0x4A becomes 0xA4.
There are two rounds. The key schedule is the following:
During the first round, the subkey is the first 8 bits of the key.
During the second round, the subkey is the second 8 bits of the key.
Question 4 part
Use the above cipher with key 0x1111
to encrypt the block 0x88
.
Question 5 part
Use this block cipher to encrypt the plaintext 0x4A01
in OFB mode with 0x22
and key 0x4444
. Please show all intermediate steps.
Question 6
Suppose a plaintext message is exactly one block long and consists of all 0's. You produce a MAC tag using CBC-MAC with DES and an all-zero IV, and the key consisting of all zeros. A padding block will be appended to the plaintext which is 0x8
followed by enough 0's to fill out a second block, as per the CBC algorithm. What is the CBC-MAC tag?