** INFA 640 | Cryptology and Data Protection **

**Fall 2013**

**Exam Questions**

** **

**Part 1: Short Answer. Answers should be no longer than a few sentences. “Bulletized” lists or small tables may be used for the sake of brevity. The 20 questions are worth four points each. Partial credit may be given if work is clearly shown.**

- A 2,000-bit message is used to generate a 256-bit hash. One the average, how many other messages could be expected to generate the same hash value? What does this tell us about the length of a hash as compared to the length of the message?

- Using the English alphabet (i.e., mod 26 arithmetic) let plaintext = {p
_{1}, p_{2},… , p_{n}} and corresponding ciphertext = {c_{1}, c_{2},… , c_{n}}. Suppose the encryption function is c_{i}= p_{i}+ 5 (mod 26). If you receive the ciphertext message**RNQJDHDWZX**, decrypt to recover the plaintext. What is the decryption function, and the recovered plaintext? What type of cipher is this? What are some weaknesses of this cipher?

- Substantiate or refute the following statement: The cryptographic basis of the Enigma machine is the use of a trapdoor function.

- Consider the following plaintext message:
**THE BOILING POINT OF WATER IS 212 DEGREES FAHRENHEIT.**- If this message is sent unencrypted and successfully received, what is its entropy?
- If this message is encrypted with DES using a random 56-bit key, what is the encrypted message’s entropy?
- If this message is encrypted with 3DES (using an optimal set of keys) what is the encrypted message’s entropy?

- A particular cipher is implemented by combining the ASCII representation of plaintext characters with pseudorandom bytes (eight-bit binary strings of 1s and 0s) using the XOR function. In the process of encrypting a message, a character in the plaintext, a capital
**R**, is XORed with the pseudorandom byte 10010101.- What is the ciphertext (in binary form) generated by the encryption of the character
**R**? (Please show your work.) - How is the plaintext for this encrypted
**R**recovered? (Please show your work.)

- What is the ciphertext (in binary form) generated by the encryption of the character

- The following ciphertext is a monoalphabetic ciper
**:**

ROXBOOG TOSOXUXUVG WGP NVTMOXXUGM, UX UE W HWTCOI XLWX W GOB XLVDMLX OCOT EXTDMMIOE UGXV OAUEXOGQO. HWEVG QVVIOZ

Decrypt this message, and briefly describe your cryptanalysis methodology. In particular, list features of the ciphertext that hindered or helped your decryption process.

- An organization has 2000 members. It is desired that each member of the organization be able to communicate securely with any other member, without any other member being able to decrypt their messages. How many unique keys are required if:
- The organization uses a symmetric cipher.
- The organization uses an asymmetric cipher.

- The following questions are worth 2 points each:
- Bob picked N=77 for use in a RSA-encrypted message. Since N is part of the public key, Alice was able to crack Bob’s message by determining the values of p and q that Bob used. What are the values of p and q did she determined?
- Is 89,201,768 a prime number? Why or why not?

- Acme Inc. is developing the next generation financial tracking program, and Alice has been given the task of writing the encryption component, which will encrypt each user’s data in a file on the hard drive. Alice has decided to use RSA as her encryption algorithm. As the cryptographic consultant for the project, do you think this is a good choice or not? You should state the reasons for your answer, and suggest an alternative if you do not think she made a good choice.

- Modular arithmetic is used in public key ciphers. What is the value of X for each of the following:

- X = 1,233 mod 16
- X = 6 mod 50
- X = 60 mod 5
- X = 50 mod 6

- Briefly compare and contrast how asymmetric cryptography is used to provide encryption as opposed to how it can be used to provide a digital signature.

- Using RSA, let p = 19, q = 13 and e = 5. Which of these is the complete private key:
- (169, 247)
- (173, 247)
- (169, 216)
- (173, 216)
- None of the above.

(For full credit, please show your reasoning.)

- Encrypt-It-Rite, a vendor of encryption software, sells a symmetric cipher that uses a 56-bit key. The company decides to conduct a “challenge” to crack an encrypted message using a brute-force approach. The average time to crack the message is found to be 12 hrs. How many more bits would they need to add to the key to increase the average cracking time to 3072 hrs?

- Roberta, the daughter of Bob and Alice, is a summer intern at Encrypt-It-Rite, Inc. For her summer project, Roberta would like to implement a stream cipher using public key encryption. Is this a viable idea? Why, or why not.

- You are Alice. You have agreed with your friend Bob that you will use the Diffie-Hellman public-key algorithm to exchange secret keys. You and Bob have agreed to use the public base g = 19 and public modulus p = 29. You have secretly picked the value S
_{A}= 23.You begin the session by sending Bob your calculated value of T_{A}. Bob responds by sending you the value T_{B}= 17. What is the value of your shared secret key?

- Bob is concerned about the possibility of having his 100k byte file modified without his knowledge, so he calculates a 128 bit hash. Alice, unbeknownst to Bob, changes a single character in Bob’s file. Assuming that Bob used a strong hash function, what would the hash value of the modified file look like, as compared with the original hash value?

- Suppose that Alice and Bob need to communicate, and have decided to use asymmetric (public key) encryption. Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that can only be read by Bob, and that Bob could be confident was sent by Alice. You should include any steps taken by Bob to read the message, or to determine whether Alice actually sent the message.

- Bob believes that he has come up with a nifty hash function. He assigns a numeric value V
_{Char}to each letter in the alphabet equal to the letter’s position in the alphabet, i.e., V_{A}= 1, V_{B}= 2, …, V_{Z}= 26. For a message, he calculates the hash value H = (V_{Char 1 }x V_{Char 2 }x V_{Char 3 …}x V_{Char N}) mod(26). Bob uses this function to send a one-word message,**PLANE**, to his banker Bill, along with his calculated hash value for the message. Alice is able to intercept the message, and generates an alternative message that has a hash value that collides with Bob’s original hash value. Show a message that Alice may have spoofed, and demonstrate that its hash value collides with Bob’s original hash.

- Do symmetric and asymmetric ciphers protect the integrity of the messages that they encrypt? If not, how could that service be provided?

- Bob receives an important signed message that was sent by Alice using a public key encryption system. Are there any circumstances or events that would allow Alice to successfully repudiate that she had sent the message?

**Part 2: Essay Question. Maximum length: three (3) pages (double spaced). Use APA format for in-line citations and references. (20 pts)**

Compare and contrast symmetric and asymmetric encryption algorithms. Your response should include a brief overview of the cryptographic basis for each type of algorithm, and a comparison of their relative strengths and vulnerabilities. Describe how a hacker might go about cracking a message encrypted with each type of algorithm. Suggest a specific application for each type of algorithm where the advantages clearly outweigh the disadvantages.