Cryptography Reference
In-Depth Information
Input
: two encryption schemes
C
and
C
with two corresponding sets
of possible keys
K
and
K
,an(
x
C
K
2
(
C
K
1
(
x
))
,
y
) pair with
y
=
1:
for
all
k
1
∈
K
do
2:
C
k
1
(
x
)
compute
z
=
insert (
z
,
k
1
) in a hash table (indexed with the first entry)
3:
4:
end for
5:
for
all
k
2
∈
K
do
6:
C
−
1
k
2
compute
z
=
(
y
)
for
all (
z
,
k
1
) in the hash table
do
7:
yield (
k
1
,
k
2
)
8:
9:
end for
10:
end for
Figure 2.43.
Meet-in-the-middle attack.
Deduce a brute force attack against DES with average complexity
2
54
DES encryp-
tions.
13
Exercise 2.2.
We say that a DES key K is weak if DES
K
is an involution. Exhibit four
weak keys for DES.
Exercise 2.3.
We say that a DES key K is semi-weak if it is not weak and if there exists
K
such that
DES
−
1
K
=
DES
K
.
Exhibit four semi-weak keys for DES.
14
Exercise 2.4.
In CBC Mode, show that an opponent can replace one ciphertext block
so that the decryption will let all plaintext blocks but x
i
and x
i
+
1
unchanged.
Exercise 2.5.
Describe how the OFB decryption is performed.
Describe how the CFB decryption is performed.
Exercise 2.6.
Prove that the multiplication over nonzero residues modulo
2
16
+
1
de-
fines a group operation over a set of
2
16
elements.
1
with their modulo
2
16
reduction.
(This means that “1” represents 1, “2” represents 2, etc., and “0” represents
2
16
.)
We represent nonzero residues modulo
2
16
+
Explain how to efficiently implement this operation in software from regular CPU
operations. (This operation is used in IDEA.)
(45
x
Exercise 2.7.
Show that x
→
mod 257) mod 256
is a permutation over
{
0
,...,
255
}
. (This permutation is used as a substitution box in SAFER K-64.)
13
This exercise was inspired by Ref. [89].
14
This exercise was inspired by Ref. [89].
Search WWH ::
Custom Search