Download Solutions to the practice questions for midterm

Solutions to the practice questions for midterm
(sketches)
1. Describe how you would conduct a chosen plaintext attack against an affine
cipher. I recall you that the goal of the attack is to find the e-key, which is the pair
of numbers (, ).
We can choose the plaintexts a (=0, in the numerical translation) and
b(=1). The corresponding ciphertexts will be * 0 +  =  and
respectively  * 1 +  =  + . We obtain two easy equations with two
unknowns, we solve it and we find  and .
2. How many keys are possible in the affine crypto system? ( I remind you that in this
system x is encoded by x +  (mod 26).) Justify your answer.
There are 12 possibilities for  (because there are 12 numbers between 0
and 25 that are relatively prime with 26; note that this is  (26), i.e., the
Euler used in Euler Theorem) and 26 possibilities for . So, the number of
keys is 12 * 26 = 312.
3. Alice and Bob are using the one-time pad cryptosystem. Suppose that the plaintext
is 1011 0101 110 and the ciphertext is 0001 0110 111. What is the key
If P, K, and C are respectively the plaintext, the key and the ciphertext,
then P + K = C, where + is bitwise XOR. From here, we deduce that
K = P + C.
So K = 1011 0101 110 + 0001 0110 111 = 1010 0011 001
4. One reasonable idea for enhancing the security of a cryptosystem is to use double
encryption. Thus Alice first encrypts the message m getting c_1 and then she
encrypts c_1 obtaining c_2 which she sends to Bob. Suppose Alice is doing this
using the Hill cipher. Is double encryption (with the Hill cipher) any safer than
simple encryption? Say ‘yes’ or ‘no’ and justify your answer.
No, it wouldn’t be any safer. If K1 and K2 are the two matrix keys, then
double encryption means that given the plaintext x, the ciphertext Y is
obtained as Y = K2 (K1 x) = (K2 K1 ) x, so it is the same as single
encryption with the key K2 K1.
5. Suppose that in the “Baby DES” cryptosystem we have been able to determine that
the first 4 bits of K_3 are either 1100 or 0101 and the last 4 bits of K_3 are 1110.
List all the possibilities for K.
There are 2 possibilities for K_3, namely 11001110 and 01011110. These
are the bits b_3 b_4 b_5 b_6 b_7 b_8 b_9 b_1 of K. We still miss bit b_2
which can of course be either 0 or 1. Thus in total there are 4
possibilities for K: 001100111, 011100111, 000101111, 01 0101111.
6. We are analyzing the security of the substitution cryptosystem, denoted as usual EK. (K is
the key which in the case of the substitution cryptosystem is a substitution table). Suppose
the message space M consists of all possible combinations of two letters from the English
alphabet, in other words M = {aa, ab, ac, …, zz}, and each message from M is equally
likely to be sent by Alice.
(a) What is Prob (M= ‘aa’)? (here M is a randomly chosen message from M).
It is equal to 1/(26)2, because there are 262 possible 2-letters words that are equally
likely, and ‘aa’ is just one of them.
(b) What is Prob (M = ‘aa’| EK(M) = ‘bc’)? (Here M is a randomly chosen message
from M, and K is a randomly chosen key).
This probability is 0, because the ciphertext has two different letters and thus, since
substitution is used, it is not possible that the plaintext consists of the same letter
repeated twice.
(c) What do (a) and (b) say about the security of the substitution cryptosystem? More
precisely, is it perfectly secure?
Since the two probabilities are different, the definition of perfect security
is violated. So the substitution cipher is not perfectly secure.
7. The alphabet of a certain language has only the 5 letters (0,1,2,3,4). Suppose the
message `42’ is encrypted with an affine cipher and the ciphertext is `12’. (a) Find
the key. (b) The ciphertext 3124 has been obtained using the key from (a). Find the
corresponding plaintext.
Solution. (a) Let the unknown key be (x,y). Since 4 1 and 2 2, we can form the
equations 4x + y = 1 and 2x + y = 2 (the arithmetic is modulo 5). By solving the
system of equations, we obtain x=2 and y = 3, so the key is (2,3).
(b) Let the plaintext be x_1 x_2 x_3 x_4. We have the equations 2x_1 + 3 = 3,
2x_2 + 3 = 1, 2x_3 + 3 = 2, 2x_4 + 3 = 4, from which we obtain x_1 = 0, x_2 =
4, x_3 = 2, x_4 = 3. So the plaintext is `0423’.
8.
We encrypt with double Vigenere using for the first encryption the key k_1 =
(1,3,5,7) and for the second encryption the key k_2 = (2,4). Show that this is
equivalent to simple Vigenere encryption, and find the key for the single Vigenere
encryption that is equivalent with double Vigenere encryption with the above keys
k_1 and k_2.
Solution. One can see that if we split the plaintext into groups of 4 letters, each such
group of 4 letters p_1 p_2 p_3 p_4 is encrypted to p_1 + 1 +2, p_2+3+4, p_3+5 +2,
p_4+7+4. Thus, the equivalent key is (3,7,7,11).
9. The plaintext `friday’ is encrypted using the Hill cipher with m=2 to give the
ciphertext `PQCFKU’. Find the key K. (It is acceptable to write the key K as a
product of two matrices without performing the multiplication or taking the inverse.)
Solution. From the first 2 blocks of 2 letters, we derive (5 17) * K = (15 16) and
(8 3) * K = (2 5) (everything is modulo 26).
This can be rewritten as
(5 17 } * K = (15 16 )
( 8 3)
(2 5)
It follows that K = (5 17 }-1
(8 3)
* (15 16 )
(2 5).
10. Suppose that you are informed that the plaintext `abccab’ has been encrypted with the
Vigenere cipher and the corresponding ciphertext is `bbccab’. What is the key
length?
Solution. Since the length of the plaintext is 6, the key length can be 1,2, 3, 4, 5 or 6. It
cannot be 1, because if it were the two occurrences of `a’ would be encrypted as the same
letter. It cannot be 2, because if it were, the two occurrences of `ab’ would be encrypted
as the same group of 2 letters, which is not the case. It cannot be 3 for the following
reason: if key length =3, since `cab’ is encrypted as `cab’, it would follow that the key is
(0 0 0). But in this case the first group of 3 letters, `abc’, would be encrypted as `abc’. It
cannot be 4, because if it were, the two occurrences of ‘a’ would be encrypted by the
same letter. And it cannot be 5, because if it were the first ‘a’ and the last ‘b’ would be
shifted by the same amount and thus their encryption would not both be ‘b’. So key length
= 6.
11.
The alphabet is {0,1,2,3,4}. The Hill cipher is used with m=2, and the key is the 2-by-2
matrix
K = (4 1)
(3 1)
Encrypt the message `1 2 3 4’.
Solution: ( 1 2) * K = (0 3) and (3 4) * K = (4 2). The ciphertext is 0 3 4 2.
12. Apply one round of the Feistel structure to the string P = 1111 1010 and the key K = 0110, where the
function f is defined by f (R,K) = R + K (+ is bitwise XOR).
Solution: L_0 = 1111 and R_0 = 1010. The Feistel structure means that L_1 = R_0 = 1010 and R_1 = L_0
+ f(R_0, K) = L_0 + R_0 + K = 0011. So after one round 11111010 is transformed into 1010 0011.