DUBLIN CITY UNIVERSITY

Similar documents
DUBLIN CITY UNIVERSITY

Discrete Square Root. Çetin Kaya Koç Winter / 11

Data security (Cryptography) exercise book

Introduction to Modular Arithmetic

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Algorithmic Number Theory and Cryptography (CS 303)

Chapter 4 The Data Encryption Standard

The Chinese Remainder Theorem

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Cryptography, Number Theory, and RSA

The Chinese Remainder Theorem

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Diffie-Hellman key-exchange protocol

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

EE 418: Network Security and Cryptography

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

Math 319 Problem Set #7 Solution 18 April 2002

L29&30 - RSA Cryptography

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Classical Cryptography

Assignment 2. Due: Monday Oct. 15, :59pm

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

1 Introduction to Cryptology

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

TMA4155 Cryptography, Intro

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

DES Data Encryption standard

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Block Ciphers Security of block ciphers. Symmetric Ciphers

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Security Enhancement and Speed Monitoring of RSA Algorithm

Algorithmic Number Theory and Cryptography (CS 303)

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction

Fermat s little theorem. RSA.

EE 418 Network Security and Cryptography Lecture #3

CHAPTER 2. Modular Arithmetic

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

NUMBER THEORY AMIN WITNO

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Distribution of Primes

Solutions for the Practice Final

Sheet 1: Introduction to prime numbers.

MA 111, Topic 2: Cryptography

Number Theory and Public Key Cryptography Kathryn Sommers

MAT Modular arithmetic and number theory. Modular arithmetic

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Number Theory/Cryptography (part 1 of CSC 282)

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

The number theory behind cryptography

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

University of British Columbia. Math 312, Midterm, 6th of June 2017

Public Key Encryption

Problem Set 6 Solutions Math 158, Fall 2016

Wilson s Theorem and Fermat s Theorem

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Public-key Cryptography: Theory and Practice

Classification of Ciphers

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

Number Theory. Konkreetne Matemaatika

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

High-Speed RSA Crypto-Processor with Radix-4 4 Modular Multiplication and Chinese Remainder Theorem

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

Cryptography Lecture 1: Remainders and Modular Arithmetic Spring 2014 Morgan Schreffler Office: POT 902

Groups, Modular Arithmetic and Geometry

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

A4M33PAL, ZS , FEL ČVUT

Modular Arithmetic. claserken. July 2016

RSA hybrid encryption schemes

4. Design Principles of Block Ciphers and Differential Attacks

Math 127: Equivalence Relations

Application: Public Key Cryptography. Public Key Cryptography

CS1800 Discrete Structures Fall 2016 Profs. Aslam, Gold, Ossowski, Pavlu, & Sprague 7 November, CS1800 Discrete Structures Midterm Version C

Introduction to Cryptography CS 355

Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here

CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER

Foundations of Cryptography

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

V.Sorge/E.Ritter, Handout 2

Dr. V.U.K.Sastry Professor (CSE Dept), Dean (R&D) SreeNidhi Institute of Science & Technology, SNIST Hyderabad, India. P = [ p

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Modular arithmetic Math 2320

Week 3: Block ciphers

Generic Attacks on Feistel Schemes

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Final exam. Question Points Score. Total: 150

Drill Time: Remainders from Long Division

RSA hybrid encryption schemes

High Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive

PT. Primarity Tests Given an natural number n, we want to determine if n is a prime number.

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Network Security: Secret Key Cryptography

To be able to determine the quadratic character of an arbitrary number mod p (p an odd prime), we. The first (and most delicate) case concerns 2

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Transcription:

DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone Nos.) Dr. M. Haahr, Prof. M. O Neill, Dr. G. Hamilton, Ext no. 5017. TIME ALLOWED: 3 hours INSTRUCTIONS: Please answer all questions. All questions carry equal marks. Please do not turn over this page until instructed to do so The use of programmable or text storing calculators is expressly forbidden. PAGE 1 OF 7

QUESTION 1 [TOTAL MARKS: 20] 1(a) Calculate 67 1 (mod 119) and use this to calculate 43/67 (mod 119). We need to use the extended Euclidean GCD algorithm to calculate this: So: 119 = 67 + 52 67 = 52 + 15 52 = (3 15) + 7 15 = (2 7) + 1 52 = 119 67 15 = 67 52 = 67 119 + 67 = (2 67) 119 7 = 52 (3 15) = 119 67 (6 67) + (3 119) = (4 119) (7 67) 1 = 15 (2 7) = (2 67) 119 (8 119) + (14 67) = (16 67) (9 119) So 67 1 (mod 119) = 16 43/67 (mod 119) = 43 16 (mod 119) = 93 1(b) Calculate φ(36), where φ is the Euler Totient function. Use this to calculate 13 788 (mod 36). φ(36) = 12 13 788 (mod 36) = 13 788 (mod φ(36)) (mod 36) = 13 788 (mod 12) (mod 36) = 13 8 (mod 36) = ((13 2 ) 2 ) 2 (mod 36) = (25 2 ) 2 (mod 36) = 13 2 (mod 36) = 25 1(c) Calculate the quadratic residues in Z 17. This can be done by direct calculation. Since the quadratic residues are symmetric, they only need to be calculated for half of the values. In this case the quadratic residues are: 1, 4, 9, 16, 8, 2, 15, 13. 1(d) Derive a formula for finding the square roots of a number modulo prime p, where p 3 (mod 4). If a is a quadratic residue modulo p then: a (p 1)/2 1 (mod p) Multiplying both sides by a: a (p+1)/2 a (mod p) Taking the square roots of both sides: ±a (p+1)/4 a (mod p) If p 3 (mod 4), then (p + 1)/4 is an integer, and this can be used to calculate the square root. PAGE 2 OF 7

QUESTION 2 [TOTAL MARKS: 20] 2(a) Block ciphers are usually designed to provide confusion and diffusion. Explain what is meant by each of these properties, and give examples of the features of block ciphers which are used to provide them. Confusion means that each bit of the ciphertext has a highly non-linear relationship with the plaintext bits and the key bits. Some features of block ciphers which are used to provide this are non-linear S-Boxes, the mixing of operations from different algebraic groups and data-dependent transformations. Diffusion means that the effect of changing plaintext bits or key bits are spread and therefore affect many ciphertext bits. Some features of block ciphers which are used to provide this are P-Boxes, Feistel structures and pseudo-hadamard transformations. 2(b) [10 Marks] Compare and contrast the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) with respect to the following (use diagrams if necessary): Encryption algorithm Decryption algorithm Block size Key size Number of rounds Robustness against attacks This is mostly bookwork, but some thought has to be out in to inverting the encryption algorithm to implement decryption. Block size: DES 64, AES 128. Key size: DES 56, AES 128/192/256. Number of rounds: DES 16, AES 10/12/14. DES is slightly vulnerable to linear and differential cryptanalysis attacks, and to brute force attacks; AES is much more robust against attacks. 2(c) Describe how DES and AES provide confusion and diffusion. DES provides confusion through the S-Boxes, which were designed by hand for this purpose. It provides diffusion through the expansion permutation, P-Boxes and Feistel structure. AES provides confusion through its S-Box, which is generated by determining the multiplicative inverse in GF (2 8 ) = Z 2 [x] (mod x 8 + x 4 + x 3 + x + 1), which is a non-linear function. It provides diffusion through the shift rows and mix columns operations. PAGE 3 OF 7

QUESTION 3 [TOTAL MARKS: 20] Using the diagram below, explain in detail the steps required to launch a successful differential cryptanalysis attack on the FEAL-4 block cipher. This was the subject of a course project, so the students should know this in detail. [20 Marks] PAGE 4 OF 7

QUESTION 4 [TOTAL MARKS: 20] Consider a toy RSA example in which the public key is (N = 33, e = 17). 4(a) Determine the value of the private key. [6 Marks] The private exponent d = e 1 (mod φ(n)) i.e. 17 1 (mod 20). This can be calculated using the extended Euclidean GCD algorithm: So: 20 = 17 1 + 3 17 = 5 3 + 2 3 = (1 2) + 1 3 = 20 (17 1) 2 = 17 (5 3) = 17 (5 20) + (5 17) = (6 17) (5 20) 1 = 3 (1 2) = 20 (17 1) (6 17) + (5 20) = (6 20) (7 17) So 17 1 (mod 20) = 7 = 13 (mod 20) The private key is therefore (N = 33, d = 13). 4(b) [7 Marks] Describe how encryption is done in RSA. Give an efficient algorithm which can be used to implement this encryption, and use this algorithm to encrypt the message 27. Encryption is RSA is done by calculating c = m e (mod N). An efficient algorithm for this modular exponentiation is the square and multiply algorithm; this can be computed bit by bit left-to-right or right-to-left. The left-to-right variant for computing m e (mod N) where e has n bits e n 1... e 0 is as follows: y = 1 for i = n-1 downto 0 do y = (y*y) mod N if e i = 1 then y = (y*m) mod N end end To encrypt 27, we need to compute 27 17 (mod 33). Using the described algorithm, this is computed as follows: So the encrypted value is 3. i x i y 4 1 1 1 27 (mod 33) = 27 3 0 27 27 (mod 33) = 3 2 0 3 3 (mod 33) = 9 1 0 9 9 (mod 33) = 15 0 1 15 15 27 (mod 33) = 3 PAGE 5 OF 7

4(c) [7 Marks] Describe how decryption is done in RSA. Describe a technique which can be used to implement this decryption more efficiently using the prime factors of the modulus, and use this technique to decrypt the ciphertext generated above. We want to calculate c d (mod pq) and can calculate this more efficiently using c d (mod p) and c d (mod q) and the Chinese Remainder Theorem. To calculate 3 13 (mod 33), we calculate 3 13 (mod 3) and 3 13 (mod 11) and combine using the Chinese Remainder Theorem. 3 13 (mod 3) = 0 and 3 13 (mod 11) = 3 3 (mod 11) = 5, so 3 13 (mod 33) = 27 So the decrypted value is 27. QUESTION 5 [TOTAL MARKS: 20] 5(a) Show that the problem of computing modular square roots with a composite modulus is no harder than the problem of integer factorisation. Using an oracle for integer factorisation, we can find the prime factors p i of N. We can then compute x (mod p i ) (can be done in polynomial time), and therefore x (mod N) using the Chinese Remainder Theorem (we have to be a little careful if powers of p i greater than one divide N. So the problem of computing modular square roots is no harder than the problem of integer factorisation. 5(b) [8 Marks] Show how the number 209 might be factored using the Pollard p 1 method using a smoothness bound B = 6. How can we make sure that the product of two large prime numbers is not vulnerable to this particular method of factorisation? Since 209 is odd, we use a = 2. The primes p < B are 2, 3, 5 and the corresponding exponents e s.t. p e B are 2, 1, 1 respectively. We calculate M = 2 2 3 1 5 1 = 60 2 60 (mod 209) = 45 and gcd(44,209)= 11. So 11 is one factor and we can easily determine that 19 is the other. PAGE 6 OF 7

To make sure that the product of two large prime numbers is not vulnerable to this method of factorisation, we need to ensure that for each prime factor p, p 1 is not the product of small prime factors. 5(c) [7 Marks] Describe how square roots modulo a composite pq where p and q are prime can be computed. Use the described method to compute 23 (mod 209). A square root of x modulo a composite pq can be computed by firstly calculating x (mod p) and x (mod q) and then using the Chinese Remainder Theorem to calculate x (mod pq). a (mod p) = ±a (p+1)/4, if p 3 (mod 4) 4 (mod 11) = ±23 3 (mod 11) = ±1 4 (mod 19) = ±23 5 (mod 19) = ±17 Using the CRT we can therefore calculate 23 (mod 209) as ±188, ±131 PAGE 7 OF 7

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback