DUBLIN CITY UNIVERSITY

Similar documents
DUBLIN CITY UNIVERSITY

Data security (Cryptography) exercise book

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Pseudorandom Number Generation and Stream Ciphers

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Random Bit Generation and Stream Ciphers

Cryptography, Number Theory, and RSA

TMA4155 Cryptography, Intro

Algorithmic Number Theory and Cryptography (CS 303)

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Classical Cryptography

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

EE 418 Network Security and Cryptography Lecture #3

o Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Fermat s little theorem. RSA.

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

4. Design Principles of Block Ciphers and Differential Attacks

Network Security: Secret Key Cryptography

Discrete Square Root. Çetin Kaya Koç Winter / 11

Assignment 2. Due: Monday Oct. 15, :59pm

EE 418: Network Security and Cryptography

Diffie-Hellman key-exchange protocol

The Chinese Remainder Theorem

Solutions for the Practice Final

A4M33PAL, ZS , FEL ČVUT

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

The number theory behind cryptography

Sheet 1: Introduction to prime numbers.

The Chinese Remainder Theorem

Public Key Encryption

1 Introduction to Cryptology

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Number Theory and Public Key Cryptography Kathryn Sommers

ElGamal Public-Key Encryption and Signature

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Primitive Roots. Chapter Orders and Primitive Roots

Math 1111 Math Exam Study Guide

Application: Public Key Cryptography. Public Key Cryptography

Implementation / Programming: Random Number Generation

CHAPTER 2. Modular Arithmetic

MA 111, Topic 2: Cryptography

Introduction to Cryptography CS 355

L29&30 - RSA Cryptography

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Math 1111 Math Exam Study Guide

MAT Modular arithmetic and number theory. Modular arithmetic

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Public-key Cryptography: Theory and Practice

Security Enhancement and Speed Monitoring of RSA Algorithm

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Solutions for the 2nd Practice Midterm

Math 319 Problem Set #7 Solution 18 April 2002

NUMBER THEORY AMIN WITNO

EFFICIENT ASIC ARCHITECTURE OF RSA CRYPTOSYSTEM

Algorithmic Number Theory and Cryptography (CS 303)

SHA-3 and permutation-based cryptography

Introduction to Modular Arithmetic

Number Theory/Cryptography (part 1 of CSC 282)

Final exam. Question Points Score. Total: 150

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

Modular Arithmetic. Kieran Cooney - February 18, 2016

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction

RSA hybrid encryption schemes

Problem Set 6 Solutions Math 158, Fall 2016

Stream Ciphers And Pseudorandomness Revisited. Table of contents

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

Automated Analysis and Synthesis of Block-Cipher Modes of Operation

Cryptanalysis on short messages encrypted with M-138 cipher machine

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Chapter 4 MASK Encryption: Results with Image Analysis

CPSC 467: Cryptography and Computer Security

MITOCW watch?v=3v5von-onug

Public Key Cryptography

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Block Ciphers Security of block ciphers. Symmetric Ciphers

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

Wilson s Theorem and Fermat s Theorem

RSA hybrid encryption schemes

Encryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme

Distribution of Primes

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Number Theory and Security in the Digital Age

Generic Attacks on Feistel Schemes

CS1800 Discrete Structures Fall 2016 Profs. Aslam, Gold, Ossowski, Pavlu, & Sprague 7 November, CS1800 Discrete Structures Midterm Version C

A Cryptosystem Based on the Composition of Reversible Cellular Automata

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

Introduction to Cryptography

methods for subliminal channels Kazukuni Kobara and Hideki Imai Institute of Industrial Science, The University of Tokyo

Conditional Cube Attack on Reduced-Round Keccak Sponge Function

Number Theory. Konkreetne Matemaatika

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Transcription:

DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013/2014 MODULE: CA642/A Cryptography and Number Theory PROGRAMME(S): MSSF MCM ECSA ECSAO MSc in Security & Forensic Computing M.Sc. in Computing Study Abroad (Engineering & Computing) Study Abroad (Engineering & Computing) YEAR OF STUDY: 1,2,C,O,X EXAMINERS: Prof. M. O Neill, Dr. B. Lee, Dr. G. Hamilton, Ext no. 5017. TIME ALLOWED: 3 hours INSTRUCTIONS: Please answer ALL questions. All questions carry equal marks. Please do not turn over this page until instructed to do so The use of programmable or text storing calculators is expressly forbidden. PAGE 1 OF 8

QUESTION 1 [TOTAL MARKS: 20] 1(a) Calculate 117 1 (mod 191) and use this to calculate 77/117 (mod 191). We need to use the extended Euclidean GCD algorithm to calculate this: So: 191 = 117 + 74 117 = 74 + 43 74 = 43 + 31 43 = 31 + 12 31 = (12 2) + 7 12 = 7 + 5 7 = 5 + 2 5 = (2 2) + 1 74 = 191 117 43 = 117 74 = 117 (191 117) = (2 117) 191 31 = 74 43 = 191 117 (2 117) + 191 = (2 191) (3 117) 12 = 43 31 = (2 117) 191 (2 191) + (3 117) = (5 117) (3 191) 7 = 31 (12 2) = (2 191) (3 117) (10 117) + (6 191) = (8 191) (13 117) 5 = 12 7 = (5 117) (3 191) (8 191) + (13 117) = (18 117) (11 191) 2 = 7 5 = (8 191) (13 117) (18 117) + (11 191) = (19 191) (31 117) 1 = 5 (2 2) = (18 117) (11 191) (38 191) + (62 117) = (80 117) (49 191) So 117 1 (mod 191) = 80 77/117 (mod 191) = 77 80 (mod 191) = 48 1(b) Calculate φ(20), where φ is the Euler Totient function. Use this to calculate 23 615 (mod 20). φ(20) = 8 23 615 (mod 20) = 3 615 (mod φ(20)) (mod 20) = 3 615 (mod 8) (mod 20) = 3 7 (mod 20) = 7 1(c) Calculate the least significant decimal digit of 77737 5373. This is 77737 5373 (mod 10) = 7 1 = 7 1(d) Find all the square roots of 11 mod 35. Since 7 3 (mod 4), 11 (mod 7) = ±11 2 (mod 7) = ±2 (mod 7) PAGE 2 OF 8

Since 5 5 (mod 8), 11 (mod 5) = ±1 (mod 5) Using the Chinese Remainder Theorem, we can calculate the square roots as: ±9, ±16. QUESTION 2 [TOTAL MARKS: 20] 2(a) Compare and contrast stream ciphers and block ciphers. Block ciphers encrypt one block of data at at time, while stream ciphers encrypt an arbitrary stream of data. Stream ciphers use simpler arithmetic, so tend to be more efficient, but block ciphers are more versatile and can also be used to implement stream ciphers. 2(b) [8 Marks] Describe the Cipher Block Chaining (CBC) mode of operation for block ciphers (use diagrams if necessary). What is the role of the Initialisation Vector (IV)? What are the dangers if an IV is: tampered with known to an attacker reused with the same key The IV is used to give an initial value for the first block; this should be different for different messages to hide patterns and repetitions. Someone tampering with the IV could tamper with the resulting plaintext on decryption. There is no problem if the IV is known to an attacker, but if an IV is reused with the same key, patterns and repetitions within the underlying messages can be revealed. 2(c) [7 Marks] Compare and contrast the Output Feed Back (OFB) and Cipher Feed Back (CFB) modes of operation for block ciphers with respect to the following (use diagrams if necessary): Encryption Decryption Error propagation In OFB mode, the keystream is generated by first encrypting the IV, selecting some bits of this for the keystream, and then feeding back the output of the encryption for further processing in the PAGE 3 OF 8

same way. The ciphertext is obtained from the exclusive-or of the keystream with the plaintext, and the plaintext can be recovered from the ciphertext by exclusive-or with the keystream. In CFB mode, the keystream is generated by first encrypting the IV, selecting some bits of this for the keystream, obtaining the corresponding ciphertext from the exclusive-or of this keystream with the plaintext, and then feeding back this ciphertext for further processing in the same way. The plaintext is also recovered from the ciphertext by exclusive-or with the keystream. In OFB mode, errors are only copied and none are propagated. In CFB mode, errors are propagated over n/j + 1 blocks where n is the input block size and j is the output block size. QUESTION 3 [TOTAL MARKS: 20] Consider the following graphical representation of the FEAL-4 cipher: 3(a) What weakness in its design leaves FEAL-4 open to linear cryptanalysis? PAGE 4 OF 8

The existence of linear relationships between the inputs and outputs of the round function leaves FEAL-4 open to linear cryptanalysis. 3(b) [10 Marks] Describe in detail how you would go about launching a linear cryptanalysis attack on FEAL-4. This was the subject of a major course project, so the students should know this in detail. 3(c) Is there any small change to the design of FEAL-4 that you can suggest that could strengthen it? The addition of any non-linear component such as a non-linear S-Box would suffice. QUESTION 4 [TOTAL MARKS: 20] 4(a) [7 Marks] Describe the Merkle Damgård construction which is often used in the implementation of hash functions. What properties are required for a hash function to be considered to be cryptographically secure and why? The Merkle Damgård construction divides the message M into fixed-length blocks M 1, M 2, etc., pads the last block and appends the message length to the last block. We denote the resultant last block (after all paddings) by M n. Then, the hash function applies a collision-free function H on each of the blocks sequentially. The function H takes as input the result of the application of H on the previous block (or a fixed initial value IV in the first block), and the block itself, and outputs a hash value. This hash value is an input to the application of H on the next block. To be considered cryptographically secure, a hash function should be pre-image resistant and collision-free. A hash function is pre-image resistant if it is computationally infeasible to recover data from its digest. This is important because the original data may need to be kept secret. A hash function is weakly collision-free or second pre-image resistant if, given M, it is computationally infeasible to find a different M such that H(M) = H(M ). It is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ). A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ). These are important because being able to find collisions relatively easily allows an attacker to replace one message with another which they have found to have the same digest. 4(b) [8 Marks] What properties are required for a cryptographically secure pseudorandom number generator? Describe the Blum Blum Shub pseudorandom number generator, and explain why it is cryptographically secure. PAGE 5 OF 8

Some properties required for a cryptographically secure pseudorandom number generator are as follows: Randomness Uniformity, scalability, consistency Unpredictability Cannot determine what next bit will be despite knowledge of the algorithm and all previous bits. Unreproducable Cannot be reliably reproduced without knowing the seed. Characteristics of the seed: Must be kept secret If known, adversary can determine output Must be random or pseudorandom number The Blum Blum Shub pseudorandom number generator works as follows: Find two large primes p, q congruent to 3 (mod 4) where m = p q Calculate the seed as: X 0 = k 2 mod m (k relatively prime to m) Use the least significant bit from the iterative equation: X n+1 = X 2 n mod m This is cryptographically secure because to be able to determine the seed we would need to determine square roots on a composite modulus. If we were able to do this, then we would be able to factor the modulus (which is a known hard problem) so this problem is at least as hard. 4(c) Describe how a hash function can be used to implement a cryptographically secure pseudorandom number generator. Hash functions can be used to implement a cryptographically secure pseudorandom number generator (PRNG) as follows: First seed the PRNG with some random data S. This is then hashed to produce the first internal state S 0 = H(S). By repeatedly calling H we can generate a sequence of internal states S 1, S 2,..., using S i = H(S i 1 ). From each state S i we can extract bits to produce a random number N i. This PRNG is secure if the sequence of values S, S 0, S 1,... is kept secret and the number of bits of S i used to compute N i is relatively small. PAGE 6 OF 8

QUESTION 5 [TOTAL MARKS: 20] 5(a) [6 Marks] Describe in detail how the Rabin cryptosystem works. Your description should include how public and private key pairs are generated, how encryption and decryption are performed, and the level of security provided. The Rabin cryptosystem works as follows: Generate two large primes p and q of roughly the same size and compute N = pq. Public key is N and private key = (p, q). To encrypt a message represent it as an integer m {0, 1,..., N 1} and calculate ciphertext c = m 2 (mod N) To recover a message m from a ciphertext c calculate m = c (mod N) Breaking the Rabin cryptosystem can be shown to be no harder than integer factorisation, and is as hard if appropriate values are selected for the keys. 5(b) [6 Marks] Show how the Pollard p 1 method for integer factorisation works. Use it to find the factors of 209 using a smoothness bound B = 6. The Pollard p 1 method for the factorisation of integer N works as follows: 1. Select a value a s.t. gcd(a,n) = 1 2. Find all the primes p 1... p n < B and the corresponding exponents e i s.t. p ei i 3. Calculate M = n i=1 pei i. This computes the least common multiple of all positive integers up to B. The intention is that M is a multiple of p 1, where p is one of the prime factors of N; this will be the case if p 1 is B-powersmooth. If (p 1) M then a M 1 (mod p) by Fermat s little theorem, so p gcd(a M 1, N). 4. Calculate gcd(a M 1,N) and if this is neither 1 nor N, then it is a factor of N. Since 209 is odd, we use a = 2. The primes p i < B are 2, 3, 5 and the corresponding exponents e i s.t. p ei i B are 2, 1, 1 respectively. We calculate M = 2 2 3 1 5 1 = 60 2 60 (mod 209) = 45 and gcd(44,209)= 11. So 11 is one factor and we can easily determine that 19 is the other. B 5(c) [8 Marks] Describe how decryption in the Rabin cryptosystem can be performed with knowledge of the prime factors of the modulus. Use the described method to determine the four plaintexts which are possible decrypts of the ciphertext 130 when the PAGE 7 OF 8

public key N = 209. How can we determine which one of these plaintexts is the correct one? We need to compute 130 (mod 209). Since we know the factors of 209 are 11 and 19, we can compute: 130 (mod 11) = ±9 3 (mod 11) = ±729 (mod 11) = ±3 130 (mod 19) = ±16 5 (mod 19) = ±1048576 (mod 19) = ±4 Combining these values using the Chinese Remainder Theorem, we obtain the four possible square roots ±80 and ±91. The four possible messages are therefore 80, 129, 91 and 118. To determine which one of these plaintexts is the correct one, we need to have added redundancy to the original plaintext, and check for this same redundancy in the decrypts. [END OF EXAM] PAGE 8 OF 8

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback