Exercises2013-03-21

Information Security Course

Eric Laermans – Tom Dhaene

Information SecurityVakgroep Informatietechnologie – IBCN – Eric Laermans

p. 2

Exercise 1

DES are there (different) DES keys K1 and K2 such

that EK1[M]=DK2[M] (for all messages M)? what (sufficient) condition can you derive for those? can you give an example of such a key pair?

are threre DES keys K for which EK[M]=DK[M] (for all messages M)?

what (sufficient) condition can you derive for those? can you give an example of such a key?

Information SecurityVakgroep Informatietechnologie – IBCN – Eric Laermans

p. 3

Exercise 2

3-DES Given:

the reason why 3-DES with only 2 keys (112 bits) is used instead of 2-DES, is a so-called “meet-in-the-middle” attack

Question: what is the impact of this attack on the strength of 3-

DES with 3 keys (168 bits)?

Information SecurityVakgroep Informatietechnologie – IBCN – Eric Laermans

p. 4

Exercise 3

RC4 Given:

RC4 has “families” of weak keys; these are keys for which the sum of the first two bytes:K[0]+K[1]=0 mod 256

Question: what is, in this case, the most likely value of S[2]

after the initialisation algorithm?

Information SecurityVakgroep Informatietechnologie – IBCN – Eric Laermans

p. 5

Exercise 4

RSA Given

2 persons use a common modulus n (albeit with different key pairs)

a same message is sent twice, encrypted using the public keys of both these users

Question how can an outsider (who doesn’t know the private

keys) decipher the contents of the message (with a reasonable probability)?

Information SecurityVakgroep Informatietechnologie – IBCN – Eric Laermans

p. 6

Exercise 5

RSA Compare (approximately) the required

computation time for the generation of a digital signature using RSA with a 1024 bit modulus and using RSA with a 2048 bit modulus

Compare (approximately) the required computation time for verifying a digital signature using RSA with a 1024 bit modulus and using RSA with a 2048 bit modulus

Information SecurityVakgroep Informatietechnologie – IBCN – Eric Laermans

p. 7

Exercise 6

DSA There are now DSA versions using a 2048 bit

prime number. Which hash function would you choose?

OPM.: the goal is to avoid that the hash function would weaken the algorithm, but “overkill” isn’t desirable either

Information SecurityVakgroep Informatietechnologie – IBCN – Eric Laermans

p. 8

Exercise 7

Rabin-encryption Given:

n = p q (with p and q two different prime numbers) {n} is the public key, {p, q} is the private key encryption: C = M2 mod n decryption: Cp = C mod p; Cq = C mod q

– from which Mp = M mod p; Mq = M mod q (and therefore M using the CRT; or, more accurately, four possible values)

Question: set up a “chosen ciphertext” attack against this

scheme