Jeremiah Pierce

1. a) Given a single plaintext character p and ciphertext character c, the key is

simply k = (c p) mod 26. The encryption of only a single plaintext character
thus suffices to recover the key.
b) The frequency of used letters remains the same, even when shifted.
c) For shift cipher, 1 pair is needed.
d) 1/3 mod 10 = 7. Proof 3 * 7 mod 10 = 1. This is the inverse.
e)
f) The thread model helps us understand the way to approach the security of
an application. With the notion of threat model we can identify, quantify, and
address security risks associated with an application.
2. a) Bob and Alice share a private key, somehow, used to encrypt and decrypt
messages
b) SKES = (KeyGen, ENC, DEC)
c) IND-CPA and IND-CCA means that no adversary can distinguish between
encryptions of different messages, even when allowed to make encryption
and decryptions of its choice.
e) If the key generation is random, then a private key encryption scheme has
an indistinguishable encryption in the presence of an eavesdropper.
f) ECB, or electronic code book, messages are encrypted into identical
ciphertext blocks. This method does not hide patterns very well.
CBC, or cipher block chaning, each block of plaintext is XORed with the
previous ciphertext block before being encrypted.
3. Encrypting the same long message M using ECB always produces the same
ciphertext. By encrypting the same M twice in a row, you will get two equal
ciphertext blocks. No point in doing it.
4. A hacker randomly selects r and sends that to Bob, who would assume it
comes from Alice. Bob sends back r XOR Kb. The attacker can XOR his
random r value with Bobs message and get Kb. Or the attacker could
intercept X and Y and then get Kb = X XOR Y.
The attacker could make Alice and Bob believe they do not share the same
key. So, the attacker intercepts Bobs response Y and sends anything where r
=/= y to Alice. Alice will make the comparison and think that Bob and her do
not have the same key.
5. a) The local computer would hash the password and store it on the local
machine. Then, when the user tries to login, it will hash the password and
check it against the hashed password stored. If the two match, the user can
use the computer. A vulnerability here is keeping the hashed password in a
secure location on the computer, out of the reach of an attacker. Also keeping
someone from attempting an unlimited amount of passwords, in hopes of
bruteforcing the real password.
b) The local computer would use a key to encrypt the plaintext password, and
validate that password with the password stored on the server. If the two
password hash matches, the user can login. A vulnerability would be keeping

the central server safe, as it will store everyones hashed password.

Protection against a bruteforce method of guessing passwords would also
need to be checked. Given unlimited computational power, if an attacker was
allowed to try as many passwords as they want, they could maybe eventually
get the password.
6. a) CRYPTOGRAPHYROCKS!
b)