240 likes | 301 Views
Homework # 3, Problem # 1 Alice : Creates 1M puzzles, encrypts each with a 20 bit key, sends all of them to Bob Bob : Picks one puzzle, decrypts by searching for a key that reveals the plaintext. The decrypted plaintext contains a 64 bit key (a different one in each puzzle),
E N D
Homework # 3, Problem # 1 Alice: Creates 1M puzzles, encrypts each with a 20 bit key, sends all of them to Bob Bob: Picks one puzzle, decrypts by searching for a key that reveals the plaintext. The decrypted plaintext contains a 64 bit key (a different one in each puzzle), encrypts a new message to Alice with the 64 bit key, and sends it to Alice Alice: Decrypts Bob’s response by trying the million 64 bit keys she originally encrypted finding the right one. Bobs initial effort is n where n is 1 million Part a) What is the attackers effort? Bob has to solve one puzzle to reveal the 20 bit key.
Homework # 3, Problem # 1 The adversary is faced with a different problem. He doesn’t know which puzzle Bob selected so he must potentially solve all the puzzles for each of the million keys. That means he must solve n puzzles and each puzzle could require n key (n2 effort) So: Worst case effort = n2 (last key is right one) Average effort = n2/2 (half the keys) Best effort = 1, the adversary was very lucky
Homework # 3, Problem # 1 Homework # 3, Problem # 1 Part b) How long will it take Bob to solve the puzzle if he can test 213 , or 8192 keys/second? 20 bit key = 220 possibilities = 1,048,576 keys 220 keys/213 keys/second = 220-13 seconds = 27 sec = 128 seconds So, max time is 128 seconds, average time is 64 seconds.
Homework # 3, Problem # 1 Part c) How long in seconds does it take Alice to decode Bob’s return message @ 213 keys/second? We know Bob used a 64 bit key, but we know that Alice only created 1 million keys and she knows which ones she created. She will not require as long as Bob since she only has to try 1 million keys. 1,000,000 keys/213 keys/second = 122 seconds max or, 122/2 = 61 seconds on average
Homework # 3, Problem #1 Part d) How long in days, will it take an attacker to determine the key Alice and Bob have agreed on assuming equivalent resources (i.e., 213 keys/ second) First, recognize the attacker has both transmissions. 1 million puzzles from Alice to Bob with 20 bit keys and 1 response from Bob with a 64 bit key.
Homework # 3, Problem # 1 The attacker is after the 64 bit key, but he has two Possible options to get it. Option 1: Ignore Alice’s original messages and go directly after the 64 bit key in Bob’s response. This requires: 264 keys/213 keys/second = 251 seconds 251 seconds x 1 day/86,400 seconds/day = 2.6 x 1010 days Question is whether the other option is better.
Homework # 3, Problem # 1 Option 2: Using Alice’s 1 million messages, break Alice’s keys and recover all the candidate 64 bit keys, then try each 64 bit key on Bob’s return message until the plaintext is revealed. Worst case, the attacker must try all 220keys. ((1 x 106) x 220) keys/213 keys/second = 1 x 1.05 x 1012/8192 seconds (i.e., 220 = 1.048 x 106), or 128 x 106 seconds = 1481 days worst case or 740.5 days average. This is a better option – faster than option 1
Homework # 3, Problem # 1 This problem is known as Merkle’s puzzle - Merkle thought it up as a student at UC Berkeley for a term paper. His prof. didn’t understand it (a long story) and Merkle, after a couple of tries, dropped the class. He did, however, continue to work on the problem. References: Diffie, Whitfield, “The First Ten Years of Public - Key Cryptography,” Proceedings of the IEEE, May 1988, pp. 560-577. Merkle, R., “Secure Communications Over Insecure Channels,” Comm. of ACM, April 1978, pp. 294-299.
Homework # 3, Problem # 2 This problem provides a numerical example of encryption using a 1 round version of DES. We start with the same bit pattern for the key and the plaintext, namely: In hexadecimal = 0 1 2 3 4 5 6 7 8 9 A B C D E F In binary = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
Homework # 3, Problem # 2 The problem: Part a. Derive K1, the first round key Part b. Derive L0, R0 Part c. Expand R0 to get E[R0] Part d. Calculate A = E[R0] EXOR K1 Part e. Group the 48-bit result of (d) into sets of 6 bits and evaluate the corresponding S-box substitutions Part f. Concatenate the results of (e) to get a 32-bit result, B Part g. Apply the Permutation to get P(B) Part h. Calculate R1 = P(B) EXOR L0 Part i. Write down the ciphertext.
Homework # 3, Problem # 2a Part a. The original key input to Permuted Choice-1 Layout is “Bit Position/Value” (1-64/Value).
Homework # 3, Problem # 2a Permutation PC-1 (Stallings Table 3.4b) After PC-1: In 7-bit groups 1111000 0110011 0010101 0100000 1010101 0110011 0011110 0000000
Homework # 3, Problem # 2a Divide into C0 and D0 for shifting: C0 = 1111000 0110011 0010101 0100000 D0 = 1010101 0110011 0011110 0000000 This is round 1 so perform 1 bit left circular shift. C0 (shifted) = 11100001 10011001 01010100 0001 D0 (shifted)= 0101 01011001 10011110 00000001 This is used as input to Permuted Choice 2 (Table 3.4c)
Homework # 3, Problem # 2a Input to Table 3.4c
Homework # 3, Problem # 2a Output from Permuted Choice 2 (48 bits). Note that this produces a 48 bit output The final output for the first sub-key is: Part a answer: 0000 1011 0000 0010 0110 0111 1001 1011 0100 1001 1010 0101
Homework # 3, Problem # 2b L0 and R0 are derived by passing the 64 bit plaintext through IP (Table 3.2a). Input to IP Permutation: Establishes the input values and positions that can be mapped to the out Initial Permutation.
Homework # 3, Problem # 2b (Table 3.2a) Output of IP Permutation: L0 = 1100 1100 0000 0000 1100 1100 1111 1111 R0 = 1111 0000 1010 1010 1111 0000 1010 1010
Homework # 3, Problem # 2c Table 3.2c expands R0 to 48 bits. Input/Output: E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
Homework # 3, Problem # 2d Part d. Compute E(R0) EXOR K1 R0 = 011110 100001 010101 010101 011110 100001 010101 010101 K1 = 000010 110000 001001 100111 100110 110100 100110 100101 E(R0) = 011100 010001 011100 110010 111000 010101 110011 110000
Homework # 3, Problem # 2e Part e. Compute output of S-boxes from Table 3.3. Using the eight groups of 6 bits address the S-boxes as input. The S-box to use is in order of the E(R0) output. E(R0) = 011100 010001 011100 110010 111000 010101 110011 110000 S-Box = 1 2 3 4 5 6 7 8 The first and last bit in each block are used as the row address and the center 4 bits are the column address. Output is the value from the S-Box. For S-Box 1; input = 011100 – row address 00, column 1110. Note that the S-Boxes row/column addresses are 00-11/0000-1111 (0-3/0-15). The value at this location for S-Box 1 is 0. The output is expressed as a 4 bit value and replaces the 6 bit input.
Homework # 3, Problem # 2e S-Box 1: Row 00, Column 1110 = 0 base 10; 0000 base 2 2: Row 01, Column 1000 = 12 base 10; 1100 base 2 3: Row 00, Column 1110 = 2 base 10; 0010 base 2 4: Row 10, Column 1001 = 1 base 10; 0001 base 2 5: Row 10, Column 1100 = 6 base 10; 0110 base 2 6: Row 01, Column 1010 = 13 base 10; 1101 base 2 7: Row 11, Column 1001 = 5 base 10; 0101 base 2 8: Row 10, Column 1000 = 0 base 10; 0000 base 2
Homework # 3, Problem # 2f Part f. Concatenate the results of (e) to get a 32-bit result, B Taking the S-Box output in order S1…S8: 0000 1100 0010 0001 0110 1101 0101 0000
Homework # 3, Problem # 2g Part g. Apply the Permutation using Table 3.2d to get P(B). Input/Output tables are: P(B) = 1001 0010 0001 1100 0010 0000 1001 1100
Homework # 3, Problem # 2h Part h. Calculate R1 = P(B) EXOR L0 P(B) = 1001 0010 0001 1100 0010 0000 1001 1100 L0 = 1100 1100 0000 0000 1100 1100 1111 1111 P(B)EXORL0 =0101 1110 0001 1100 1110 1100 0110 0011 Part i. Write down the ciphertext. The ciphertext is the concatenation of L1 and R1 and L1 = R0 due to the swap at the end of the round. R0|R1 = 1111 0000 1010 1010 1111 0000 1010 1010 0101 1110 0001 1100 1110 1100 0110 0011 In hex F 0 A A F 0 A A 5 E 1 C E C 6 3