CS551: Security and Privacy on the Internet, Fall 2000
Problem Set 2: Symmetric Encryption Out: 13 September 2000
Due: 27 September 2000, before class
Collaboration PolicyYou may work with up to two other students on this problem set. You must write up your answers independently, and understand completely everything you turn in. Working together means discussing the questions and criticing possible solutions; it does not permit splitting up questions in a group.Problem set answers may be hand-written, but only if your hand writting is neat enough for us to read it.
You may consult any outside resources you wish including books, papers, web sites and people. If you use resources other than the class materials, indicate what you used along with your answer.
For full credit, answers must be clear and concise.
1. Perfect CiphersDogbert invents a cipher based on tossing a coin with probabilities: p(heads) = 1/3, p(tails) = 1/3, p(edge) = 1/3. He creates a one-time pad from the results of an infinite number of coin flips, and gives Ratbert a copy of the pad.
He encodes a binary message using the following scheme:message pad output message pad output ====================== ====================== 0 heads $ 1 heads & 0 tails & 1 tails % 0 edge % 1 edge $a. (10) Is Dogbert's cipher perfect? (Prove or disprove)
b. (10) Ratbert doesn't like writing $ signs, so he modifies Dogbert's cipher to use:message pad output message pad output ====================== ====================== 0 heads 0 1 heads 1 0 tails 1 1 tails 0 0 edge 1 1 edge 0Is Ratbert's cipher perfect? (Prove or disprove)
2. Entropy and UnicityThe Jefferson Wheel (from Problem Set 1) uses 36 wheels each having 26 letters. A legitimate receiver knows the contents and order of the wheels, but must be able to identify the correct plaintext row after aligning the wheels to the ciphertext.
a. (10) In order for the sender to have high confidence the receive will identify the correct row, what is the minimum redundancy of the language of the message?
b. (10) Challenge #1 challenges you to decipher a Jefferson wheel ciphertext 5753 characters long, without knowing the wheels. If you assume the secret message has typical redundancy of English, D = .72, is it (theoretically) possible to obtain the plaintext with good confidence?
3. Fiestel CiphersBen Bitdiddle has invented a Feistel cipher and hired you to check if it is secure. His cipher opreates on 64-bit block and consists of 4 rounds. For each round:L_i = R_i-1 R_i = L_i-1 XOR F (R_i-1, K) F (m, k) = k XOR mThe same 32-bit key, K is used for each round. The final ciphertext is: C = R_4 || L_4.
You are given the plaintext-ciphertext pair:plaintext: 0001100100001101011101001100011101101011010100010011101001100010 ciphertext: 0111001001011100010011101010010101101011010100010011101001100010Ben is stubbornly convinced of his genius and the invincibility of his cipher, and is not disturbed by the odd similarily between the second half of the ciphertext and the second half of the plaintext.
(20) Convince Ben the cipher is insecure by determining the key.
4. DESa. (10) Quadruple DES
Lem E. Tweakit doesn't think Triple DES is secure enough for encoding his secret sauce reciple. So, he adds an additional stage to Triple DES: C = Ek_4 (Ek_3 (Ek_2 (Ek_1 (P))))) where Ek_n means DES encrypt using key k_n.
He uses 4 different 56-bit keys, and believes his cipher has and effective key size of 224 bits.
Is he right? (Estimate the actual key space a brute force attack would need to search.)
b. (20) DES Complement (based on Stallings, question 3.10)
Prove that C = DES (P, K) implies C^ = DES (P^, K^) where M^ is the bitwise complement of M and DES (P, K) is the output of DES encrypting P with key K. (Hint: show (A XOR B)^ = A^ XOR B.)
c. (10) By how much does the property you proved in 4b reduce the amount of work required for a known plaintext brute force attack?
University of Virginia
Department of Computer Science
CS 551: Security and Privacy on the Internet