Paper #318
74.414 Cryptography Final Exam (3 hours)
Dec. 12, 2002,1:30pm
Engineering 346 Instructors: Van Rees & Li
Page 1 of 6
Name ___________________________Student Number __________________________
Instructions
a
) Write all answers on the question paper. The back of the question pages may be used
as scrap. Do not separate pages.
b) Non

programmable scientific calculators are allowed. No other aids allowed.
c) There are 16 questions for a total of 94 marks. The
re are 6 pages of questions.
d) Circle your instructor’s name.
e) For full marks, show work.
Q1) [10] The Dead Poet’s Society used a substitution cipher to encrypt their slogan as
follows: “X fyaa si zyaa, S bawsaea.” Decipher their slogan, explaining a
ll your choices.
The marks are for the reasoning, not the slogan.
Q2) [3] State three types of Cryptanalytic Attack?
Q3) [3] Give a precise explanation of how a one

time pad works. Show the encryption
and decryption formulas.
Q4) [3] Give a
formal
Definition of a Permutation Cipher.
Q5) [2] What property makes a stream cipher
non

synchronous (as opposed to
synchronous)?
Paper #318
74.414 Cryptography Final Exam (3 hours)
Dec. 12, 2002,1:30pm
Engineering 3
46 Instructors: Van Rees & Li
Page 2 of 6
Q6) a) [3] The following statistics were calculated from some ciphertext: Four letters
occurred 3 times, Five letters occurred 2 times, Three letters occurred 1 time and the rest
of
the letters did not occur at all. Was the ciphertext monoalphabetically enciphered?
Justify your answer mathematically.
b) [5] Suppose you know that a Vigenere cipher with keyword length 10 was used to
produce the ciphertext you have
intercepted. Explain how you would get the plaintext
using the best method available (i.e. using the frequencies of all the letters).
Q7) a) [1] State Bayes’ Theorem.
b) [1] State a condition for perfect secrecy based
on key equivocation.
c) [2] Give a formula for Unicity distance. Define all symbols used.
d) [1] If
X
is a random variable having probability distribution which takes on
values p
1
. p
2
,…, p
n
where p
i
> 0 for all i, give a mathema
tical formula for the entropy of
X
.
Paper #318
74.414 Cryptography Final Exam (3 hours)
Dec. 12, 2002,1:30pm
Engineering 346 Instructors: Van Rees & Li
Page 3 of 6
Q8) [3] Let P={a,b}, K={k
1
, k
2
,k
3
} and C={1,2,
3} for a cryptosystem with the following
encryption matrix and probabilities.
a b
k
1
1 2 Pr[a] =1/4 Pr[k
1
] = 1/4
k
2
2 1 Pr[b] = 3/4 Pr[k
2
] = 1/2
k
3
3 3 Pr[k
3
] = 1/4
Calculate
Pr[1], Pr[b1], H(K).
Q9a) [2] Define a product cipher giving the encryption and decryption rules.
9b) [2] The affine cipher is the product of what two ciphers?
9c) [5] Do only
one
of the following two questions.
i)
Define idempotent and then prove if S and T are idempotent and S
T
commutes then S
T is idempotent
ii) Prove that an affine Cipher has perfect Security.
Paper #318
74.414 Cryptography Final E
xam (3 hours)
Dec. 12, 2002,1:30pm
Engineering 346 Instructors: Van Rees & Li
Page 4 of 6
Q10a) [1] Give a formula for the bias of a random variable
X
. Define all terms used.
b) [4] Consider a single S

box in
baby

baby AES. There are two inputs X
1
and X
2
and two outputs Y
1
and Y
2
. The S

box is summarized in the following table:
z 0 1 2 3
S
(Z) 1 3 0 2
What is the bias of X
1
Y
2
? Please show your work. Is this a useful bias in linear
cry
ptanalysis?
c) [6] If we have found that a random variable X
5
X
13
U
1
4
U
2
4
has a bias of
1/32, explain how this can be used to break baby AES, if we had 8000 plaintext
elements along with their corresponding ciphertext elements. R
ecall that Baby AES had
4 rounds.
Q11a) [5] Give the high level pseudocode for AES encryption (128 bits) i.e. What
subprograms are called and in what order. If you have forgotten their names, make up
some names for subprograms but tell me wha
t the subprograms do. Skip the input and
output and assume that the key schedule is available.
Paper #318
74.414 Cryptography Final Exam (3 hours)
Dec. 12, 2002,1:30pm
Engineering 346 Instructors: Van Rees & Li
Page 5 of 6
Q11 b) [1] What is the irreducible polynomial used in AES?
c) [2] How many rounds are there in DES? How many bits in a block of plaintext
for DES?
d) [4] Suppose we have the following column (in hex)
as input to MixColumns.
What is the new third from the top entry for this column (in hex) that is outputted by
MixColumns? Show your work.
01
04
0a
80
Q12) [8] Name the 4 modes of operation that AES could work under. For each give a
formu
la for y
i
in term of x
i
’s, z
i
’s, e
K
’s and y
i
’s.
Q13) [6] Consider the RSA cryptosystem where N =35 and let the encryption key b=11.
Calculate the decryption key
a
using the extended Euclidean Algorithm. Decipher the
following code:
0 1 5
5
Paper #318
74.414 Cryptography Final Exam (3 hours)
Dec. 12, 2002,1:30pm
Engineering 346 Instructors: Van Rees & Li
Page 6 of 6
Q14) [5] How does one implement exponentiation (using modular arithme
tic) efficiently.
Pseudocode is best.
Q15) [3] Define a yes

biased Monte

Carlo Algorithm.
Q16) [2] Why are people not going to use the new deterministic polynomial time
algorithm to find primes?
Comments 0
Log in to post a comment