Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Exercise on Complementarity Property of DES and Group Theory, Exercises of Cryptography and System Security

St. Luke's College - UnityPoint HealthCryptography and System Security

An exercise from the 'introduction to modern cryptography' course at the university of amsterdam, master of logic. The exercise focuses on the complementarity property of des and the use of a chosen-plaintext attack. Additionally, the document includes optional group theory exercises to prepare students for the study of public-key cryptography. The exercises are self-contained and can be solved without external sources.

Typology: Exercises

2021/2022

Uploaded on 02/11/2022

agrima
agrima 🇺🇸

4.8

(10)

257 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Introduction to Modern Cryptography, Exercise # 7
University of Amsterdam, Master of Logic
Lecturer: Christian Schaffner
TA: Joachim Schipper
18 October 2011, updated: 20 October 2011
(to be handed in by Tuesday, 1 November 2011, 9:00)
Complementarity Property of DES
In this exercise, we show that DES has the complementarity property, i.e., that DESk(x) =
DESk(x) for every key kand input x(where zdenotes the bitwise complement of z) and how
we can exploit that property.
1. Let fbe the DES mangler function. Show that for every subkey kand message x, it holds
that f(k, x) = f(k, x).
2. Use the above property to conclude that after every round iin the Feistel network, Li(x, k) =
Li(x, k) and Ri(x, k) = Ri(x, k ). Conclude that DE Sk(x) = DE Sk(x) for every key kand
input x. (Note that for all “permutations” Pin DES, P(x) = P(x).)
3. Use a chosen-plaintext attack with two messages xand xto argue that it is possible to find
the secret key in DES (with probability 1) using 255 local computations of DES.
Feistel Network and mangler function of DES
Image credit: wikimedia.org.
pf3

Partial preview of the text

Download Exercise on Complementarity Property of DES and Group Theory and more Exercises Cryptography and System Security in PDF only on Docsity!

Introduction to Modern Cryptography, Exercise # 7

University of Amsterdam, Master of Logic

Lecturer: Christian Schaffner

TA: Joachim Schipper

18 October 2011, updated: 20 October 2011

(to be handed in by Tuesday, 1 November 2011, 9:00)

Complementarity Property of DES

In this exercise, we show that DES has the complementarity property, i.e., that DESk(x) = DESk(x) for every key k and input x (where z denotes the bitwise complement of z) and how we can exploit that property.

  1. Let f be the DES mangler function. Show that for every subkey k and message x, it holds that f (k, x) = f (k, x).
  2. Use the above property to conclude that after every round i in the Feistel network, Li(x, k) = Li(x, k) and Ri(x, k) = Ri(x, k). Conclude that DESk(x) = DESk(x) for every key k and input x. (Note that for all “permutations” P in DES, P (x) = P (x).)
  3. Use a chosen-plaintext attack with two messages x and x to argue that it is possible to find the secret key in DES (with probability 1) using 2^55 local computations of DES.

Feistel Network and mangler function of DES Image credit: wikimedia.org.

Group and Number Theory

[Thanks to Boaz Barak for his kind permission to use his exercises.] The following exercises in- troduce some group and number theory in order to prepare you for the treatment of public-key cryptography after the break.

As mathematicians, we expect you to be able to solve the group theory exercises 1.-4. with ease. Exercises 1.-4. are optional: we will correct them (if you decide to hand in solutions), but not grade them. Anyone who is not completely confident in his/her abilities should do them, though. Exercises 5. and 6. are not optional and will be graded.

The exercises are self-contained, so you can solve them without reading outside sources. If you want to brush up your knowledge, the following are recommended references: (1) [KL], Chapter 7 and Appendix B, (2) Victor Shoup’s book “A Computational Introduction to Number Theory and Algebra” (also available online at http://www.shoup.net/ntb/) and (3) The mathematical background appendix of the “Computational Complexity” book by Sanjeev Arora and Boaz Barak also contains some basic number theory background.

A group (S, ◦) is a set S with a binary operation ◦ defined on S for which the following properties hold:

  1. Closure: For all a, b ∈ S it holds that a ◦ b ∈ S.
  2. Identity: There is an element e ∈ S such that e ◦ a = a ◦ e = a for all a ∈ S.
  3. Associativity: (a ◦ b) ◦ c = a ◦ (b ◦ c) for all a, b, c ∈ S.
  4. Inverses: For each a ∈ S there exists an element b ∈ S such that a ◦ b = b ◦ a = e.

The order of a group, denoted by |S|, is the number of elements in S. If the order of a group is a finite number, the group is said to be a finite group. If a group (S, ◦) satisfies the commutative law a ◦ b = b ◦ a for all a, b ∈ S then it is called an Abelian group.

  1. (Optional) Let +n denote addition modulo n (e.g., 5 + 3 6 = [5 + 6 mod 3] = 2). Let Zn = { 0 , 1 , 2 ,... , n − 1 }. Prove that (Zn, +n) is a finite Abelian group for every natural number n.
  2. (Optional) Prove that for every group: (a) The identity element e in the group is unique. (b) Every element a has a single inverse.
  3. (Optional) Let a be an element in a group and let a−^1 denote the (unique) inverse of a. Then, for every integer k we define:

ak^ :=

a︸ ◦ a ◦︷︷... ◦ a︸ k

if k > 0;

e if k = 0; (a−^1 )−k^ if k < 0. Prove that for any integers m, n (not necessarily positive) it holds that: