Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography.

Published byJob Terry Modified over 8 years ago

Similar presentations

Presentation on theme: "Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography."— Presentation transcript:

1 Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography

2 Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI2 Problem 203 In DES: For a bit M, Let M' be the bitwise complement of M. Prove that : If Y = DES K (X) Then Y' = DES K' (X' ) Hint : Begin by showing that for any two bit strings of equal length, A and B, (A  B)' = A'  B (A’  B’) = A  B

3 Answer 203: DES Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI3

4 Answer 203: DES Single round L i = R i-1 R i = L i-1  F(R i-1,K i ) F(R i-1,K i ) a complex function: –Input R i-1 –Permutation/expansion (32 bit  48 bits) Using ”E Tables” –XOR with K i (48 bits) –Substitution/choice (48 bits  32 bits) Using 8 ”S boxs”, each 6 bits  4 bits –Permutation P Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI4

5 Answer 203 First show (A  B)' = A'  B, (A  B) = A’  B’, Now Consider 1 st round of DES K' (X' ) All bits in RE 0 are complemented. Then we call F. F has all kinds of permutations and expansions, and a XOR, with complemented K. Hence the result up to this point is the same as in DES K (X) Then The result is XORed again with complemented K. The result of 1 st round is complemented relative to the result of DES K (X). Similarly for all rounds 5

6 Problem 205 Consider a CFB mode, with 1 character data and 8 characters register. If a bit error occurs in the transmission of a ciphertext character, how far, in the decryption process, does the error propagate? Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI6

7 Answer 205: Cipher Feedback Mode - Decryption C 1 = P 1  MSB s (E K (R 1 ))  P 1 = C 1  MSB s (E K ( R 1 )) C 2 = P 2  MSB s (E K (R 2 ))  P 2 = C 2  MSB s (E K ( R 2 )) C n = P n  MSB s (E K (R n ))  P n = C n  MSB s (E K ( R n )) Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI7

8 Answer 205 Each character (8 bits) is a block The register R has 8 chars (64 bits) Suppose There was an error in C1 (cipher of char 1) P 1 = C 1  MSB s (E K (R 1 )). P1 is obviously affected –Register R2 now has 8 bits with possible error P 2 = C 2  MSB s (E K (R 2 )) is possibly affected The 8 bits with possible errors will not completely removed from the register until the next eight plaintext characters are calculated. Nine plaintext characters are affected. 8

9 Problem 207 Suppose that someone suggested the following way to confirm that the two of you are both in possession of the same secret key. You create a random bit string the length of the key, XOR it with the key, and send the results over the channel. Your partner XORs the incoming block with the key he knows, sends the result back to you. You check and if what you receive is your original random string, you have verified that your partner has the same secret key, yet neither of you has ever transmitted the key. Is there a flaw in this scheme? Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI9

10 Answer 207 The algorithm indeed proves that your partner and you are using the same key. But an attacker can get be in the middle, and get the two messages sent. The first message is an XOR of the original random string, with the Key. The second string is the original random string (if your partner indeed knows the key). Thus all the attacker has to do is to XOR the two messages to get the Key. Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI10

11 Problem 211 What RC4 key K will leave S unchanged during initialization? That is. After the initial permutation of S, the entries of S will be equal to the values from 0 to through 255 in ascending order? Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI11

12 Answer 211 The initial permutation of S is calculated by assigning to each index i to another index j(i) by j(i) = (j(i-1) +S[i] + T[i]) mod 256, then swap S[i] and S[j]. Initial value of j is 0. Since all values of S[i] are different, a permutation that leaves S unchanged requires j(i) = i for all i. We need to find the key K that will do that: The temporary vector T has the values of K (if K is smaller than T, then K repeats in T) i= 0: we have: j(0) = (0 + S[0] + T[0]) mod 256 = = T[0]mod 256 = K[0]mod256 We require j(0) = i = 0; hence K[0]mode 256 = 0; K[0] = 0

13 i = 1: j(1) = (j(0) + S[1] + K[1]) mod 256 = (K[1] + 1)mode 256; We require j(1) = i = 1;hence ( K[1] +1)mod256 = 1; K[1] = 0 i = 2: j(2) = (j(1) +S[2] +K[2])mod 256 = (3 + K[2])mod 256. We require j(2) = i = 2; hence (K[2] +3)mod256 = 2; K[2] = 255 i = 3: j(3) = (j(2) + S[3] + K[3])mod256 = (5 + K[3])mod256. We require j(3) = i = 3; hence (K[3] + 5) mode256 = 3; K[3] = 254 Similarly for the rest of the Bytes of the key. 13

14 Problem 308 Suppose we are attackers. We have a set of blocks encoded with the RSA algorithm and but we obviously don’t know the private key. We know the public key, {n = pq, e}. Suppose also someone tells us they know one of the plaintext blocks (we call it the special block, but we don't know which one) has a common factor with n. Does this helps us in any way to find p and q? Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI14

15 Answer 308 The encoded special block will also have a common factor with n. Since n = pq, & both p and q are primes, the common factor is either p or q. The plaintext (and the ciphertext) of the special block is a multiple of either p or q. Test each ciphertext for primality. If it is a prime, it’s either p or q. divide it into n to find the other If the cipher is not prime, factor it and check if either of the factors is also a factor of n. If none of them is a factor, go to the next cipher. Eventually we find p and q. 15

16 Problem 311 Assume the hash of a 2-block message (B1,B2) is RSAH(B1,B2) = RSA(RSA(B1)  B2) After calculating the hash of the message, it is attached to the (un-encrypted) message and sent to a receiver. An opponent catches a two block message (B1,B2) and its hash RSAH(B1,B2). The opponent picks an arbitrary block C1. Show that the opponent can easily construct another block C2 so that the hash of the 2-block message (C1,C2) is equal to the hash of the original 2-block message (B1,B2). 16

17 Answer 311 The opponent has the 2-block message (B1, B2) and its hash RSAH(B1, B2). The opponent picks an arbitrary block C1 and then constructed a second block C2 by: C2 = RSA(C1)  RSA(B1)  B2 Then: RSA(C1)  C2 = RSA(C1)  [RSA(C1)  RSA(B1)  B2] = RSA(B1)  B2 So RSAH(C1, C2) = RSA[RSA(C1)  C2] = RSA[RSA(B1)  B2] = RSAH(B1, B2) 17

18 Problem 318 Suppose Alice sends a message to Bob by representing each alphabetic character by as an integer between 0 and 25 (A  0, B  1, … Z  25), and then encrypting each number separately using RSA with large e and large n. Is this method secure? If not explain why. Describe the most efficient attack against this encryption method. Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI18

19 Answer 318 A plaintext M is a set of blocks, each one is an element of the set {0, 1, 2, …, 25}. Very few different blocks Similarly, a ciphertext C is a set of blocks, each is an element of the set = {0 e mod n, 1 e mod n, …, 25 e mod n}. Very few different ciphers. These can be computed by everybody with the knowledge of the public key of Bob, e, and n. Thus, a man in the middle computes M e mod n for all possible values of M, then create a lookup table with a ciphertext as an index and the corresponding plaintext as a value of the appropriate location in the table. Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI19

Download ppt "Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Computer Security Set of slides 4 Dr Alexei Vernitski.

Computer Security Set of slides 4 Dr Alexei Vernitski.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.

1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.

Similar presentations

Ads by Google