University of Virginia, Department of Computer ScienceCS588: Cryptology - Principles and Applications, Fall 2001 |

Problem Set 1: Classical CiphersOut: 29 August 2001

Due: 10 September 2001, before class

Collaboration PolicyYou may work with up to two other students on this problem set. You must write up your answers independently, and understand completely everything you turn in. Working together means discussing the questions and criticing possible solutions; it does not permit splitting up questions in a group.Problem set answers may be hand-written, but only if your hand writting is neat enough for us to read it. For full credit, answers must be clear and concise.You may consult any outside resources you wish including books, papers, web sites and people. If you use resources other than the class materials, indicate what you used along with your answer.

Occasionally, we will reuse problems from last year's version of this course. You should

notlook at answers from previous semesters.

## 1. Security Principles

a.(8) Use two examples from the Feynman story,Safecracker Meets Safecrackerto illustrate the tradeoff between security and convenience.

b.(7) What (if anything) should the army have done differently?## 2. Cryptogram

(10) Decrypt this message encrypted using a monoalphabetic cipher.QPIV AUH DKV UA PKEXHE QA ATHU QPKU QPH AQPHE AUH - DIVH CZO## 3. Two-Time Pads

Begining in the 1940s, the Soviet Union communicated with KGB agents using a cryptosystem that involved first encoding the message using a codebook, and then encrypting the result using a one-time pad. This should have been perfectly secure, except they made mistakes in constructing the one-time pad key and reused segments of the key. The VENONA project of the Signal Intelligence Service (later the NSA) successfully decoded many of these messages.

a.(10) Prove that a two-time pad is not a perfect cipher. Assume the key K is perfectly random. The key is used to encrypt two messages M1 and M2, giving the attackerC1 = M1 XOR KandC2 = M2 XOR K.

b.(10) In practice, suppose and attacker has C1 and C2, and knows they were encrypted with the same key using a one-time pad. How could she attempt to determine M1 and M2?Ben Bitdiddle has foolishly used the same one-time pad to encrypt two messages.

It would be safe to assume that the message was converted to 7-bit ASCII (A = 65 =

1000001, Z = 90 =1011010, a = 97, z = 122, space = 32). Since you know the messages are both English quotes, it would be safe to assume they contain mostly lowercase letters, spaces, and a few uppercase letters, and punctuation marks.

c. (up to 20 bonus points)What is the message corresponding to C1?

Note: The original problem set handout had the WRONG ciphertexts.The correct ciphertexts were (and are) in the text files.You can download these ciphertexts from

http://www.cs.virginia.edu/~evans/cs588/problem-sets/c1.txtandhttp://www.cs.virginia.edu/~evans/cs588/problem-sets/c2.txt.## 4. Letter Probabilities

Text error:The frequency table on p. 33 of the text should bee 11.67 t 9.53 o 8.22on the top left.Natives of Pluto speak a rather unusual language with four letters (we will write at

A B C Dsince my fonts do not support Plutan). Suppose the letter frequencies in typical Plutan are:A 1/2 B 1/4 C 1/8 D 1/8a.(2) What is the probability there are no A's in a 10-letter excerpt of typical Plutan?

b.(3) What is the probability that there are exactly 2 D's in a 10-leter excerpt of typical Plutan?

c.(5) What is the probability that a 10-leter excerpt of typical Plutan hasat least7 A's?

d.(5) Given an excerpt of typical English containing 3 letters, estimate the probability that a letter other than "e" will be themostcommon letter (that is, there will be strictly more occurances of some other letter than there are of "e"). Assume the probability that a random letter is "e" is .1167 as in the frequency table.

e. (up to 20 bonus points)Given a excerpt of typical English containing 100 letters, estimate the probability that a letter other than "e" will be the most common letter.## 5. Enigma

Consider a simplified Enigma machine with no plugboard:As in the Enigma machine, after each letter is transmitted the 3

- Three wheels each containing scrambled 26 letters are selected in order from a collection of five wheels
- Each wheel is oriented to one of 26 starting positions
^{rd}wheel rotates one letter. After the 3^{rd}wheel completes a rotation, the 2^{nd}wheel rotates one letter. After the 2^{nd}where completes a rotation, the 1^{st}wheel rotates one letter.

a.(5) If we believe an attacker has captured a machine and knows the letter arrangements on the five wheels, what is the effective keyspace for our Enigma machine?

b.(5) If the attacker does not know the letter arrangments on the five wheels, what is the effective keyspace?

c.(5) Suppose the modified Enigma machine is used to transmit messages in a language with an actual rate,r = .28letters/letter (similar to English). How many letters of ciphertext does an attacker who knows the letter arrangements on the five wheels need to have a good chance of determining the message using only a brute-force attack?

## 6. Padding Cakes

Maury Bond, Secret Agent 000, wants to give the directions to the super ray gun to his colleagues Sly McCraken, Cript O'Hacker and Trey Tor. The messageMisn-bits long. He suspects one of them may be a double agent, so he divides the message as follows:

- Sly gets
K_1ann-bit random sequence.- Cript gets
K_2ann-bit random sequence.- Trey gets
C=K_1XORK_2XORM.a.(5) How can Sly, Cript and Trey determineM?

b.(10) Is the scheme secure? Argue convincingly that either (1) it is secure - no two people can determine any bit ofMwith probability greater than 1/2; or (2) is it insecure - two peoople can conspire to determine a bit ofMwith probability greater than 1/2.

c.(10) Sly, Cript and Trey gather in Borneo to combine their messages and track down the super ray gun. Sly revealsK_1, Cript revealsK_2, and Trey reveals an-bit random sequence. They combine the keys to determineM, but a meaningless bit sequence results. Sly and Cript leave the island befuddled, while Trey usesK_1,K_2andC(which he kept to himself) to constructMand locate the super ray gun for himself. What could be done to prevent this?

## 7. Feedback

Your answers to these questions are optional and will not effect your grade in any way, but may help the course staff improve future problem sets.

a.How long did you spend on this problem set?

b.Did any problem seem unfairly hard?

c.Did any problem seem like too much tedious work?

University of Virginia Department of Computer Science CS 588: Cryptology - Principles and Applications |
David Evansevans@cs.virginia.edu |