# Exam

AI and Robotics

Nov 21, 2013 (4 years and 5 months ago)

125 views

Paper #318

74.414 Cryptography Final Exam (3 hours)

Dec. 12, 2002,1:30pm

Engineering 346 Instructors: Van Rees & Li

Page 1 of 6

Name ___________________________Student Number __________________________

Instructions

a
) Write all answers on the question paper. The back of the question pages may be used
as scrap. Do not separate pages.

b) Non
-
programmable scientific calculators are allowed. No other aids allowed.

c) There are 16 questions for a total of 94 marks. The
re are 6 pages of questions.

e) For full marks, show work.

Q1) [10] The Dead Poet’s Society used a substitution cipher to encrypt their slogan as
follows: “X fyaa si zyaa, S bawsaea.” Decipher their slogan, explaining a
The marks are for the reasoning, not the slogan.

Q2) [3] State three types of Cryptanalytic Attack?

Q3) [3] Give a precise explanation of how a one
-
time pad works. Show the encryption
and decryption formulas.

Q4) [3] Give a
formal

Definition of a Permutation Cipher.

Q5) [2] What property makes a stream cipher
non
-
synchronous (as opposed to
synchronous)?

Paper #318

74.414 Cryptography Final Exam (3 hours)

Dec. 12, 2002,1:30pm

Engineering 3
46 Instructors: Van Rees & Li

Page 2 of 6

Q6) a) [3] The following statistics were calculated from some ciphertext: Four letters
occurred 3 times, Five letters occurred 2 times, Three letters occurred 1 time and the rest
of
the letters did not occur at all. Was the ciphertext monoalphabetically enciphered?

b) [5] Suppose you know that a Vigenere cipher with keyword length 10 was used to
produce the ciphertext you have

intercepted. Explain how you would get the plaintext
using the best method available (i.e. using the frequencies of all the letters).

Q7) a) [1] State Bayes’ Theorem.

b) [1] State a condition for perfect secrecy based
on key equivocation.

c) [2] Give a formula for Unicity distance. Define all symbols used.

d) [1] If
X

is a random variable having probability distribution which takes on
values p
1
. p
2
,…, p
n

where p
i

> 0 for all i, give a mathema
tical formula for the entropy of
X
.

Paper #318

74.414 Cryptography Final Exam (3 hours)

Dec. 12, 2002,1:30pm

Engineering 346 Instructors: Van Rees & Li

Page 3 of 6

Q8) [3] Let P={a,b}, K={k
1
, k
2
,k
3
} and C={1,2,
3} for a cryptosystem with the following
encryption matrix and probabilities.

a b

k
1

1 2 Pr[a] =1/4 Pr[k
1
] = 1/4

k
2

2 1 Pr[b] = 3/4 Pr[k
2
] = 1/2

k
3

3 3 Pr[k
3
] = 1/4

Calculate
Pr[1], Pr[b|1], H(K).

Q9a) [2] Define a product cipher giving the encryption and decryption rules.

9b) [2] The affine cipher is the product of what two ciphers?

9c) [5] Do only
one

of the following two questions.

i)

Define idempotent and then prove if S and T are idempotent and S

T

commutes then S

T is idempotent

ii) Prove that an affine Cipher has perfect Security.

Paper #318

74.414 Cryptography Final E
xam (3 hours)

Dec. 12, 2002,1:30pm

Engineering 346 Instructors: Van Rees & Li

Page 4 of 6

Q10a) [1] Give a formula for the bias of a random variable
X
. Define all terms used.

b) [4] Consider a single S
-
box in
baby
-
baby AES. There are two inputs X
1

and X
2

and two outputs Y
1
and Y
2
. The S
-
box is summarized in the following table:

z 0 1 2 3

S
(Z) 1 3 0 2

What is the bias of X
1

Y
2
? Please show your work. Is this a useful bias in linear
cry
ptanalysis?

c) [6] If we have found that a random variable X
5

X
13

U
1
4

U
2
4

has a bias of

1/32, explain how this can be used to break baby AES, if we had 8000 plaintext
elements along with their corresponding ciphertext elements. R
4 rounds.

Q11a) [5] Give the high level pseudocode for AES encryption (128 bits) i.e. What
subprograms are called and in what order. If you have forgotten their names, make up
some names for subprograms but tell me wha
t the subprograms do. Skip the input and
output and assume that the key schedule is available.

Paper #318

74.414 Cryptography Final Exam (3 hours)

Dec. 12, 2002,1:30pm

Engineering 346 Instructors: Van Rees & Li

Page 5 of 6

Q11 b) [1] What is the irreducible polynomial used in AES?

c) [2] How many rounds are there in DES? How many bits in a block of plaintext
for DES?

d) [4] Suppose we have the following column (in hex)

as input to MixColumns.

What is the new third from the top entry for this column (in hex) that is outputted by

01

04

0a

80

Q12) [8] Name the 4 modes of operation that AES could work under. For each give a
formu
la for y
i

in term of x
i
’s, z
i
’s, e
K
’s and y
i
’s.

Q13) [6] Consider the RSA cryptosystem where N =35 and let the encryption key b=11.
Calculate the decryption key
a

using the extended Euclidean Algorithm. Decipher the
following code:

0 1 5
5

Paper #318

74.414 Cryptography Final Exam (3 hours)

Dec. 12, 2002,1:30pm

Engineering 346 Instructors: Van Rees & Li

Page 6 of 6

Q14) [5] How does one implement exponentiation (using modular arithme
tic) efficiently.
Pseudocode is best.

Q15) [3] Define a yes
-
biased Monte
-
Carlo Algorithm.

Q16) [2] Why are people not going to use the new deterministic polynomial time
algorithm to find primes?