University of Virginia, Department of Computer Science CS588: Cryptology - Principles and Applications, Fall 2001

 Problem Set 1: Classical Ciphers Out: 29 August 2001 Due: 10 September 2001, before class

Collaboration Policy

You may work with up to two other students on this problem set. You must write up your answers independently, and understand completely everything you turn in. Working together means discussing the questions and criticing possible solutions; it does not permit splitting up questions in a group.

You may consult any outside resources you wish including books, papers, web sites and people. If you use resources other than the class materials, indicate what you used along with your answer.

Occasionally, we will reuse problems from last year's version of this course. You should not look at answers from previous semesters.

Problem set answers may be hand-written, but only if your hand writting is neat enough for us to read it. For full credit, answers must be clear and concise.

### 1. Security Principles

a. (8) Use two examples from the Feynman story, Safecracker Meets Safecracker to illustrate the tradeoff between security and convenience.

b. (7) What (if anything) should the army have done differently?

### 2. Cryptogram

(10) Decrypt this message encrypted using a monoalphabetic cipher.
```    QPIV AUH DKV UA PKEXHE QA ATHU QPKU QPH AQPHE AUH - DIVH CZO
```

Begining in the 1940s, the Soviet Union communicated with KGB agents using a cryptosystem that involved first encoding the message using a codebook, and then encrypting the result using a one-time pad. This should have been perfectly secure, except they made mistakes in constructing the one-time pad key and reused segments of the key. The VENONA project of the Signal Intelligence Service (later the NSA) successfully decoded many of these messages.

a. (10) Prove that a two-time pad is not a perfect cipher. Assume the key K is perfectly random. The key is used to encrypt two messages M1 and M2, giving the attacker C1 = M1 XOR K and C2 = M2 XOR K.

b. (10) In practice, suppose and attacker has C1 and C2, and knows they were encrypted with the same key using a one-time pad. How could she attempt to determine M1 and M2?

Ben Bitdiddle has foolishly used the same one-time pad to encrypt two messages.

It would be safe to assume that the message was converted to 7-bit ASCII (A = 65 = 1000001, Z = 90 = 1011010, a = 97, z = 122, space = 32). Since you know the messages are both English quotes, it would be safe to assume they contain mostly lowercase letters, spaces, and a few uppercase letters, and punctuation marks.

c. (up to 20 bonus points) What is the message corresponding to C1?

Note: The original problem set handout had the WRONG ciphertexts. The correct ciphertexts were (and are) in the text files.

### 4. Letter Probabilities

Text error: The frequency table on p. 33 of the text should be e 11.67 t 9.53 o 8.22 on the top left.

Natives of Pluto speak a rather unusual language with four letters (we will write at A B C D since my fonts do not support Plutan). Suppose the letter frequencies in typical Plutan are:

```           A      1/2
B      1/4
C      1/8
D      1/8
```
a. (2) What is the probability there are no A's in a 10-letter excerpt of typical Plutan?

b. (3) What is the probability that there are exactly 2 D's in a 10-leter excerpt of typical Plutan?

c. (5) What is the probability that a 10-leter excerpt of typical Plutan has at least 7 A's?

d. (5) Given an excerpt of typical English containing 3 letters, estimate the probability that a letter other than "e" will be the most common letter (that is, there will be strictly more occurances of some other letter than there are of "e"). Assume the probability that a random letter is "e" is .1167 as in the frequency table.

e. (up to 20 bonus points) Given a excerpt of typical English containing 100 letters, estimate the probability that a letter other than "e" will be the most common letter.

### 5. Enigma

Consider a simplified Enigma machine with no plugboard:
• Three wheels each containing scrambled 26 letters are selected in order from a collection of five wheels
• Each wheel is oriented to one of 26 starting positions
As in the Enigma machine, after each letter is transmitted the 3rd wheel rotates one letter. After the 3rd wheel completes a rotation, the 2nd wheel rotates one letter. After the 2nd where completes a rotation, the 1st wheel rotates one letter.

a. (5) If we believe an attacker has captured a machine and knows the letter arrangements on the five wheels, what is the effective keyspace for our Enigma machine?

b. (5) If the attacker does not know the letter arrangments on the five wheels, what is the effective keyspace?

c. (5) Suppose the modified Enigma machine is used to transmit messages in a language with an actual rate, r = .28 letters/letter (similar to English). How many letters of ciphertext does an attacker who knows the letter arrangements on the five wheels need to have a good chance of determining the message using only a brute-force attack?

Maury Bond, Secret Agent 000, wants to give the directions to the super ray gun to his colleagues Sly McCraken, Cript O'Hacker and Trey Tor. The message M is n-bits long. He suspects one of them may be a double agent, so he divides the message as follows:
• Sly gets K_1 an n-bit random sequence.
• Cript gets K_2 an n-bit random sequence.
• Trey gets C = K_1 XOR K_2 XOR M.
a. (5) How can Sly, Cript and Trey determine M?

b. (10) Is the scheme secure? Argue convincingly that either (1) it is secure - no two people can determine any bit of M with probability greater than 1/2; or (2) is it insecure - two peoople can conspire to determine a bit of M with probability greater than 1/2.

c. (10) Sly, Cript and Trey gather in Borneo to combine their messages and track down the super ray gun. Sly reveals K_1, Cript reveals K_2, and Trey reveals a n-bit random sequence. They combine the keys to determine M, but a meaningless bit sequence results. Sly and Cript leave the island befuddled, while Trey uses K_1, K_2 and C (which he kept to himself) to construct M and locate the super ray gun for himself. What could be done to prevent this?

### 7. Feedback

Your answers to these questions are optional and will not effect your grade in any way, but may help the course staff improve future problem sets.

a. How long did you spend on this problem set?
b. Did any problem seem unfairly hard?
c. Did any problem seem like too much tedious work?