Cryptography & Network Security CSIT5710: Cryptography and Security 2011 Fall Written Assignment No.

1 Solution

Student # 20006139

Problem 1) a) As per the given poly-alphabetic cipher, the key space K is composed of all pairs (f1, f2) of permutations f1 and f2 of the English alphabet. Then, for both f1 and f2 there can be 26! permutations of the English alphabets. Thus the total key space becomes 26! * 26!. b) No. With respect to ciphertext-only attack, this scheme is not very secure as the encryption keys uses f1 and f2 repetitively until all the plaintext characters are encrypted. So, if the same character or letter in the plain text, it will get encoded with the same character or will get the same shift as many times as the character gets repeated in that frequency. Although this substitution cipher uses two permutations f1 and f2, it also can be broken by frequency distribution analysis. Divide the ciphertext C into two groups. One has the odd elements and another has the even elements which are respectively using f1 and f2. For each of the groups, we compute the frequency distribution of characters and use brute-force method to try to determine the key (f1, f2). Then we combine the two groups together to determine the final result.

e.g. Suppose following is our standard English alphabet; Letters -----------> abcdefghijklmnopqrstuvwxyz

And we take two out of the 26! * 26! Permutations of f1 and f2, f1 ------------------> f2 ------------------> ghijklmnabcdeftuvwxyzopqrs opqrstuvwxyzabcdefghijklmn

then the plaintext if I kill you is encrypted as, Ek(if I kill you) = f1(i) f2(f) f1(i) f2(k) f1(i) f2(l) f1(l) f2(y) f1(o) f2(u) = ATAYADZRCZ In this plaintext message, the letter I appears alternately 3 times i.e at a distance of 2 which is the same as the frequency of the key functions applied i.e. f1 and

Cryptography & Network Security

Student # 20006139

f2 get repeated after every alternately. Thus, i gets encoded with the same substitution or shift always, which makes the frequency of some letters like I visible. The above situation may not be frequent but still it provides some scope for a statistical attack in case of ciphertext only attacks. But the scheme is secure to brute force attack due to its large key space.

Problem 2) a) For any number x to have a multiplicative inverse in Z1025 , the gcd(x, 1025) = 1 is an essential condition. We can factor 1025 as following; 1025 = 5 * 205 = 5 * 5 * 41 Thus for all n Zn = {0,, 1024}, 1024/5 = 204 -> means, we have 204 numbers with gcd = 5 with 1025 1024/41 = 24 -> means, we have 24 numbers with gcd = 41 with 1025 1024/ 205 = 4 -> means, we have 4 numbers with gcd = 205 with 1025 And we do not count 0 here. So the total numbers with gcd != 1 do not have multiplicative inverse in Z1025. Thus, 1024 (204 + 24 - 4) 1 = 800

Answer: There are 800 numbers in Z1025 that have a multiplicative inverse.

Cryptography & Network Security

Student # 20006139

b) We calculate the inverse of 13 modulo 205 using Extended Euclidean Algorithm as follows; Given, r1 = 205, r2 = 13 Q 15 1 3 3 R1 205 13 10 3 1 R2 13 10 3 1 0 R 10 3 1 0 T1 0 1 -15 16 -63 T2 1 -15 16 -63 205 T -15 16 -63 205

Thus the inverse of 13 modulo 205 = -63 mod 205 = 142

Answer: 142
Problem 3) a) If an error is transmitted in block C1, then it will affect the decryption of m1 and m2 at the destination. In general, if an error is transmitted in block Ci then it affects the decryption of plaintext blocks Mi and Mi+1 (if this is the only error). Answer: No blocks beyond m2 are affected. b) If there is a bit error in the source version of m1, then this bit error will result in incorrect calculation of corresponding ciphertext block c1 also with the same bit error. As all the cipher text blocks depend on the preceding cipher blocks, this bit error will propagates through all the successive ciphertext blocks. At the receiver end, a bit error in M1 may affect most bits in the same plaintext block M1 during decryption. But it toggles only 1 bit in plaintext block M2 for the bit at the same location which has the error as in source version of M1. But the plaintext blocks M3 to Mn are not affected by this single bit error at the receivers end.

Cryptography & Network Security

Student # 20006139

Problem 4) Yes. Modifying the 5th step in the key exchange protocol will surely compromise the security of the system. Reasons: a) The function f is known only to sender A. So using f(N2), which is a secret function of A clearly and undoubtedly authenticates the sender to receiver B. Because even if the session key is compromised, the eavesdropper/ attacker doesnt know the private function f and hence cannot impersonate sender A and hence compromise the system. b) If instead A uses Ek(N2) only, it means it is simply encrypting the nonce N2 using the session key and sending back to the receiver B. Note that, in the 4th step, B sends Ek(N2 || IDb) i.e. encrypted version of N2 appended to the encrypted version of Bs identity. So if the attacker only has the knowledge of the message format sent in step 4th.

Thus, using the secret function f prevents the Replay attack which is possible if we simply use Ek(N2) instead of actual step 5 which uses the secret function over N2 and then encrypts it.
Problem 5) In Diffie-Hellman Key Exchange Protocol, only , Y , p and will be sent through the channel. XA and XB are kept secret by A and B. So the passive attacker can only intercept , Y , p and trough channel. But if the attacker wants to know the Key, he should compute = X mod p and = mod p to get X and X . To make this protocol secure, larger value of X , X , and p would be needed because it is easy to try all the possible values of mod p. If p is a prime of at least 300 digits, and X and X are at least 100 digits long, then this discrete logarithm problem will be very difficult to solve even by computer power. Hence the Diffie-Hellman Protocol is considered secure with respect to passive attacks if p, , and are large.

Cryptography & Network Security

Student # 20006139