Cryptography Reference
In-Depth Information
1. Draw a block diagram of the scheme.
2. Why is this scheme weak if we encrypt moderately large blocks of plaintext, say
100 kByte? What is the maximum number of known plaintexts an attacker needs
to completely break the scheme?
3. Let the feedback byte be denoted by
FB
. Does the scheme become cryptograph-
ically stronger if we feedback the 128-bit value
FB
,
FB
,...,
FB
to the input (i.e.,
we copy the feedback byte 16 times and use it as AES input)?
5.8.
In the text, a variant of the CFB mode is proposed which encrypts individual
bytes. Draw a block diagram for this mode when using AES as block cipher. Indicate
the width (in bit) of each line in your diagram.
5.9.
We are using AES in counter mode for encrypting a hard disk with 1 TB of
capacity. What is the maximum length of the IV?
5.10.
Sometimes error propagation is an issue when choosing a mode of operation
in practice. In order to analyze the propagation of errors, let us assume a bit error
(i.e., a substitution of a “0” bit by a “1” bit or vice versa) in a ciphertext block
y
i
.
1. Assume an error occurs during the transmission in one block of ciphertext, let's
say
y
i
. Which cleartext blocks are affected on Bob's side when using the ECB
mode?
2. Again, assume block
y
i
contains an error introduced during transmission. Which
cleartext blocks are affected on Bob's side when using the CBC mode?
3. Suppose there is an error in the cleartext
x
i
on Alice's side. Which cleartext
blocks are affected on Bob's side when using the CBC mode?
4. Assume a single bit error occurs in the transmission of a ciphertext character in
8-bit CFB mode. How far does the error propagate? Describe exactly
how
each
block is affected.
5. Prepare an overview of the effect of bit errors in a ciphertext block for the modes
ECB, CBC, CFB, OFB and CTR. Differentiate between random bit errors and
specific bit errors when decrypting
y
i
.
5.11.
Besides simple bit errors, the deletion or insertion of a bit yields even more
severe effects since the synchronization of blocks is disrupted. In most cases, the
decryption of subsequent blocks will be incorrect. A special case is the CFB mode
with a feedback width of 1 bit. Show that the synchronization is automatically re-
stored after
κ
+ 1 steps, where
κ
is the block size of the block cipher.
5.12.
We now analyze the security of DES double encryption (2DES) by doing a
cost-estimate:
2
DES
(
x
)=
DES
K
2
(
DES
K
1
(
x
))
1. First, let us assume a pure key search without any memory usage. For this pur-
pose, the whole key space spanned by
K
1
and
K
2
has to be searched. How much
does a key-search machine for breaking 2DES (worst case) in 1 week cost?
In this case, assume ASICs which can perform 10
7
keys per second at a cost of
$5 per IC. Furthermore, assume an overhead of 50% for building the key search
machine.
