Constructor University Due: Oct 1, 2023

Dr. Amr Alanwar Assignment 1

Yahya Mansoor (TA)

MCSSE-CYB-01 Cryptography
Fall 2023

Question 1:
Data compression is often used in data storage and transmission. Suppose you want to use
data compression in conjunction with encryption. Does it make more sense to:
a. The order does not matter -- either one is fine.
b. Compress then encrypt.
c. Encrypt then compress.
d. The order does not matter -- neither one will compress the data.

Let G ∶ {0,1} 𝑛→ {0,1} 𝑠 be a secure PRG. Which of the following is a secure PRG (There is
Question 2:

a. G ′(𝑘) = reverse(G(k)), where reverse(x) reverses a string x.

more than one correct answer):

b. G ′(𝑘) = G(k) ∥ G(k), where ∥ denotes concatenation

c. G ′(𝑘) = G(0)
d. G ′(𝑘1,k2) = G(k1) ∥ G(k2)
e. G ′(𝑘) = G(k) ∥ 0
f. G ′(𝑘) = G(k) ⊕ 1𝑛

Let G ∶ K → {0,1} 𝑛 be a secure PRG. Define G ′(𝑘1,k2) = G(k1) ⋀ G(k2) where ⋀ is the
Question 3:

bitwise AND function. Consider the following statistical test A on {0,1} 𝑛: A(x) outputs
LSB(x), the least significant bit of x. What is AdvPRG [A, G′]? You may assume that LSB(G(k))
is 0 for exactly half the seeds k in K.

Note: the advantage is a decimal number between 0 and 1. If the advantage is 3/4, you
should enter it as 0.75.

LSB of G(k) is 0 with 50% chance. That means that the chances of two numbers LSB(G(k1)) and
LSB(G(k2)) being 11 is 0.5*0.5 = 0.25 (AND function will produce 1 only in quarter of all values)

Answer:0.25
 Let (E, D) be a (one-time) semantically secure cipher with key space K = {0,1} 𝑙. A bank
Question 4:

wishes to split a decryption key K ∈ {0,1} 𝑙 into two pieces p1 and p2 so that both are
needed for decryption. The piece p1 can be given to one executive and p2 to another so that
both must contribute their pieces for decryption to proceed.

The bank generates random k1 in {0,1} 𝑙and sets k'1 ← k ⊕ k1. Note that k1 ⊕ k'1 = k. The
bank can give k1to one executive and k'1 to another. Both must be present for decryption to
proceed since, by itself, each piece contains no information about the secret key k (note that
each piece is a one-time pad encryption of k).

Now, suppose the bank wants to split k into three pieces p1, p2, p3 so that any two of the
pieces enable decryption using k. This ensures that even if one executive is out sick,
decryption can still succeed. To do so the bank generates two random pairs (k1, k'1) and (k2,
k'2) as in the previous paragraph so that k1⊕ k'1= k2⊕ k'2= k. How should the bank assign
pieces so that any two pieces enable decryption using k, but no single piece can decrypt?

a. p1= (k1, k2), p2= (k1, k2), p3= (k'2)

b. p1= (k1, k2), p2= (k'1,k2'), p3= (k'2)
c. p1= (k1, k2), p2= (k'1, k2), p3= (k'2)
d. p1= (k1, k2), p2= (k2,k2'), p3= (k'2)
e. p1= (k1, k2), p2= (k'1), p3= (k'2)

Question 5:
Let M = C = K = {0,1, 2,…,255} and consider the following cipher defined over (K,M,C):
E(k,m) = m + k(mod 256); D(k,c) = c; k(mod 256) Does this cipher have perfect
secrecy?
a. No, there is a simple attack on this cipher.
b. Yes
c. No, only the One Time Pad has perfect secrecy.

Question 6:
Suppose you are told that the one-time pad encryption of the message "attack at dawn" is:

6c73d5240a948c86981bc294814d

(The plaintext letters are encoded as 8-bit ASCII and the given ciphertext is written in hex).
What would be the one-time pad encryption of the message "attack at dusk" under the
same OTP key?
ANSWER: 6c73d5240a948c86981bc2808548L

Question 7:
Which parameters and design choices determine the actual algorithm of a Feistel cipher?
(List at least three).

Parameters:
 Block size: When the block size is bigger, block ciphers are thought to be more secure.
However slower execution speeds for encryption and decryption result from higher
block sizes.
 Key size: Similar to the block size, higher key sizes are thought to be more secure but
may slow down the time it takes to complete the decryption and encryption steps.
 The number of rounds: A cipher with more rounds is more difficult to crack,
increasing security. As a result, the total number of rounds relies on the required
degree of information security for an organization.
 Round function: The security of the block cipher is improved with a complicated
round function.
 Subkey generation function: The difficulty of decrypting the cipher for skilled
cryptographers increases with the complexity of a subkey-generating mechanism.

Question 8:
Define the terms Diffusion, Confusion, and The Avalanche Effect in the context of Encryption
algorithms.
1. Diffusion: Ensures that small changes in the plaintext result in extensive changes in
the cipher text, increasing unpredictability.
2. Confusion: Obscures the relationship between the key and the cipher text, making it
hard for attackers to deduce the key from the cipher text.
3. The avalanche effect: is the property of an encryption algorithm that ensures that a
small change in the plaintext or key results in a large change in the cipher text.

Question 9:
Consider a Feistel cipher composed of 16 rounds with block length 128 bits and key length
128 bits. Suppose that, for a given k, the key scheduling algorithm determines values for the
first 8 round keys, k1, k2, ..., k8, and then sets k9 = k8, k10 = k7, k11 = k6, ..., k16 = k1
Suppose you have a ciphertext c. Explain how, with access to an encryption oracle, you can
decrypt c and determine m using just a single oracle query. This shows that such a cipher is
vulnerable to a chosen plaintext attack. (An encryption oracle can be thought of as a device
that, when given a plaintext, returns the corresponding ciphertext. The internal details of
the device are not known to you, and you cannot break open the device. You can only gain
information from the oracle by making queries to it and observing its responses.)

Answer: Because of the key schedule, the round functions used in rounds 9 through 16 are
mirror images of the round functions used in rounds 1 through 8. From this fact we see that
encryption and decryption are identical. We are given a ciphertext $c$. Let $m' = c$. Ask the
encryption oracle to encrypt m'. The ciphertext returned by the oracle will be the decryption
of $c$.
Question 10:
Compute the bits number 1, 16, 33, and 48 at the output of the first round of the DES
decryption, assuming that the ciphertext block is composed of all ones and the external key
is composed of all ones.
Answer:
1. Apply the initial permutation (IP) to the ciphertext.
The IP is a permutation of the 64 bits of the ciphertext. The output of the IP is a 64-bit block
called the left half block (L0) and the right half block (R0).
Since the ciphertext block is composed of all ones, the left and right half blocks will also be
composed of all ones.
L0 = R0 = 1111111111111111111111111111111111111111111111111111111111111111
2. Perform the first round of decryption.
The first round of decryption consists of the following steps:
* Apply the expansion permutation (E) to the right half block (R0).
* XOR the output of the expansion permutation with the subkey (K1).
* Pass the output of the XOR operation through the eight S-boxes.
* Permutate the output of the S-boxes using the permutation P.
* XOR the output of the permutation P with the left half block (L0).
Since the ciphertext block is composed of all ones and the external key is composed of all
ones, the subkey (K1) will also be composed of all ones.
XORing all ones with any value will always result in all ones, so the output of the first round
of decryption will also be all ones.
L1 = R0 = 1111111111111111111111111111111111111111111111111111111111111111
Therefore, the bits number 1, 16, 33, and 48 at the output of the first round of DES
decryption, assuming that the ciphertext block is composed of all ones and the external key
is composed of all ones, are all ones.

Question 11:
Show that DES decryption is, in fact, the inverse of DES encryption.

Answer
DES decryption is the inverse of DES encryption because the decryption algorithm performs
the same steps as the encryption algorithm, but in reverse order.
This is because DES is a Feistel cipher, which means that encryption and decryption are
performed in the same way, but with the order of the keys reversed.
Therefore, if you encrypt a plaintext message using DES with a given key, and then decrypt
the encrypted message using DES with the same key in reverse order, you will get back the
original plaintext message.

example of DES encryption and decryption:

Plaintext: "Hello, world!"
Key: "1234567890abcdef"
Encryption:
1. Apply the initial permutation (IP) to the plaintext.
2. Perform 16 rounds of encryption, using a different subkey for each round.
3. Apply the final permutation (FP) to the ciphertext.
Ciphertext: "4A5F50F9D1B49341"
Decryption:
 1. Apply the inverse final permutation (IFP) to the ciphertext.
2. Perform 16 rounds of decryption, using the subkeys in reverse order.
3. Apply the inverse initial permutation (IIP) to the plaintext.
Plaintext: "Hello, world!"

Question 12:
Show that in DES the first 24 bits of each subkey come from the same subset of 28 bits of the
initial key and that the second 24 bits of each subkey come from a disjoint subset of 28 bits
of the initial key.
Answer: By examining the key choice table, we note that the first 24 bits are chosen from
the first 28 bits and the last 24 bits are chosen from the last 28 bits.