Cryptography Week 3 Quiz Answer
By University Of Maryland
Cryptography Quiz 3
Private-Key Encryption
Q1) Any private-key encryption scheme that is CPA-secure must also be computationally indistinguishable:
- True
- False
Q2) Any private-key encryption scheme that is CCA-secure must also be perfectly secret:
- True
- False
Q3) Any private-key encryption scheme that is CCA-secure must also be
CPA-secure:
- True
- False
Q4) Let F be a block cipher with 128-bit block length. Consider the
following encryption scheme for 256-bit messages: to encrypt message
M=m1∥m2 using key k (where |m1|=|m2|=128), choose random 128-bit r and
compute the ciphertext r∥Fk(r)⊕m1∥Fk(m1)⊕m2. Which strategy would lead to
a valid chosen-plaintext attack?
- Let m1 and m2 be arbitrary but distinct. Using the encryption oracle, obtain an encryption r∥c1∥c2 of m1∥m2. Output messages M0=m1∥m2 and M1=m2∥m1. Output 0 if the third block of the challenge ciphertext is c2.
- There is no attack; this scheme is randomized, so it is CPA-secure.
- Let m; and m2 be arbitrary but distinct. Using the encryption oracle, obtain an encryption rc1 C2 of m2 m2. Output messages Mo = m m , and M = m m2. Output o if the third block of the challenge ciphertext is cz. = mm.
- Choose random r and let m be arbitrary but not equal to r. Output messages Mo = rm and M Output 0 if the second block of the challenge ciphertext is all-Os.
- G(x)=Fx(0…0), where x is a 128-bit input.
- G(x)=Fx(0…0)∥Fx(1…1), where x is a 128-bit input.
- G(x) = Fo...0(2)||F11(2), where r is a 256-bit input.
- G(x) = F.0...0)||F:(1...1), where x is a 128-bit input.
Q6) Define the keyed function F as follows: Fk(x)=k⊕x. Which of the
following distinguishers demonstrates that F is not a pseudorandom
function?
- Given access to an oracle g, query y0=g(0…0) and y1=g(1…1). Then output 1 if and only if y0⊕y1=1…1.
- Given access to an oracle g. query g(0...0). Then output 1 because we now have the key.
- Given access to an oracle g. query y= g(0...0). Then output 1 if and only if the first bit of y is equal to 1.
- Given access to an oracle g. query y = g(0...0) and y' = g(0...0). Then output 1 if and only if y=y.
Q7) Say we use CBC-mode encryption based on a block cipher with 256-bit
key length and 128-bit block length to encrypt a 512-bit message. How
long is the resulting ciphertext?
- 640 bits
- 512 bits
- 768 bits
- Not enough information to determine.
Q8) Assume CTR-mode encryption with PKCS #5 padding and a block cipher
with 8-byte block length. Say a 4-byte message is encrypted, resulting
in ciphertext 0x00 01 02 03 04 05 06 07 00 01 02 03 04 05 06 07. Which
of the following ciphertexts will NOT yield an error upon decryption?
- 0x00 01 02 03 04 05 06 07 00 01 02 04 04 05 06 07
- 0x00 01 02 03 04 05 06 07 00 01 02 03 04 05 07 07
- 0x00 01 02 03 04 05 06 07 00 01 02 03 05 05 06 07
- Ox00 01 02 03 04 05 06 07 00 01 02 03 04 05 06 F7
Q9) Assume an honest user wants to send an 8-bit integer to their bank
indicating how much money should be transferred to the bank account of
an attacker. The user uses CTR-mode encryption based on a block cipher F
with 8-bit block length. (Yes, this is a made-up example.) The attacker
knows that the amount of money the user wants to transfer is exactly
$16, and has compromised a router between the user and the back. The
attacker receives the ciphertext 10111100 01100001 (in binary) from the
user. What ciphertext should the attacker forward to the bank to
initiate a transfer of exactly $32? (Recall that CTR-mode decryption of
a ciphertext c0,c1 using key k is done by outputting c1⊕Fk(c0+1).)
- 01100001 10111100
- 10001100 01100001
- 1011100 00100000
- 10111100 01010001
Q10) Let F be a block cipher with n-bit block length. Consider the
following encryption scheme: to encrypt a message viewed as a sequence
of n-bit blocks m1,m2,…,mt using a key k, choose a random n-bit value r
and then output the ciphertext r,Fk(r+1+m1),Fk(r+2+m2),…,Fk(r+t+mt),
where addition is done modulo 2n. Which of the following attackers
demonstrates that this scheme is not computationally
indistinguishable:
- Let m be an arbitrary n-bit block, and output M0=m,m and M1=m,m−1. Given challenge ciphertext r,c1,c2, output 1 if and only if c1=c2.
- Choose random n-bit blocks m and m', and output Mo = m,m and M T, C1, C2, output 1 if and only if c = 62.
- Choose random n-bit blocks mi, m2, m3, 74, and output Mo = m, m2 and M:=m3, m. Given challenge ciphertext r, C1, C2, output o ifr=0...0, and output 1 otherwise.
- Let m be an arbitrary n-bit block, and output Mo = m and M = m, m. Given a challenge ciphertext, output o if the challenge ciphertext contains 2 blocks, and output 1 otherwise.
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Cryptography
-----------------------------------------------------------------------------------------------------------------------------------------------------------
1 Comments
dude you done a great job.. love you niyander
ReplyDelete