A Classical Introduction to Cryptography Exercise BookTO CRYPTOGRAPHY EXERCISE BOOK Thomas Baignkres EPFL, Switzerland Pascal Junod EPFL, Switzerland Yi Lu EPFL, Switzerland Jean Monnerat EPFL, Switzerland Serge Vaudenay EPFL, Switzerland Springer - Thomas Baignbres Pascal Junod EPFL - I&C - LASEC Lausanne, Switzerland Lausanne, Switzerland Yi Lu Jean Monnerat EPFL - I&C - LASEC EPFL-I&C-LASEC Lausanne, Switzerland Lausanne, Switzerland Serge Vaudenay Lausanne, Switzerland Library of Congress Cataloging-in-Publication Data A C.I.P. Catalogue record for this book is available from the Library of Congress. A CLASSICAL INTRODUCTION TO CRYPTOGRAPHY EXERCISE BOOK by Thomas Baignkres, Palcal Junod, Yi Lu, Jean Monnerat and Serge Vaudenay ISBN- 10: 0-387-27934-2 e-ISBN-10: 0-387-28835-X ISBN- 13: 978-0-387-27934-3 e-ISBN- 13: 978-0-387-28835-2 Printed on acid-free paper. O 2006 Springer Science+Business Media, Inc. All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, Inc., 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if the are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed in the United States of America. |
Contents
| 1 | |
| 4 | |
| 5 | |
| 6 | |
Solutions | 8 |
CONVENTIONAL CRYPTOGRAPHY 17 | 16 |
3DES Exhaustive Search | 18 |
Exhaustive Search on 3DES | 19 |
Decorrelation | 88 |
Decorrelation and Differential Cryptanalysis | 89 |
Fault Attack against a Block Cipher | 94 |
Solutions | 97 |
Solutions | 130 |
Exercise 5 | 138 |
ALGORITHMIC NUMBER THEORY | 159 |
ELEMENTS OF COMPLEXITY THEORY | 175 |
An Extension of DES to 128bit Blocks | 20 |
Attack Against the OFB Mode | 21 |
Linear Feedback Shift Registers | 22 |
Attacks on Cascade Ciphers | 23 |
Attacks on Encryption Modes I | 24 |
Attacks on Encryption Modes II | 28 |
A Variant of A51 I | 29 |
Memoryless Exhaustive Search | 32 |
Solutions | 34 |
DEDICATED CONVENTIONAL CRYPTOGRAPHIC PRIMITIVES | 57 |
Expected Number of Collisions | 58 |
Weak Hash Function Designs | 60 |
Collisions on a Modified MD5 | 62 |
MAC from Block Ciphers | 63 |
CFBMAC | 64 |
Solutions | 66 |
CONVENTIONAL SECURITY ANALYSIS | 81 |
Differential and Linear Probabilities | 82 |
Impossible Differentials | 84 |
Multipermutations | 86 |
Orthomorphisms | 87 |
Graph Colorability I | 176 |
Solutions | 177 |
PUBLIC KEY CRYPTOGRAPHY 181 | 180 |
RSA Cryptosystem | 182 |
RSA Common Moduli | 183 |
Repeated RSA Encryption | 184 |
Paillier Cryptosystem | 185 |
NaccacheStern Cryptosystem | 186 |
Solutions | 188 |
DIGITAL SIGNATURES | 199 |
DSS with Unprotected Parameters | 200 |
OngSchnorrShamir Signature | 201 |
Ring Signatures | 203 |
Solutions | 205 |
CRYPTOGRAPHIC PROTOCOLS | 211 |
A Blind Signature Protocol for a Variant of DSA | 213 |
Conference Key Distribution System | 217 |
FROM CRYPTOGRAPHY ΤΟ | 231 |
Solutions | 240 |
References | 249 |
Other editions - View all
Common terms and phrases
3DES adversary Algorithm all-zero assume attack average complexity bijection Birthday Paradox bits block cipher C₁ CBC mode ciphertext clocking tap collision compute consider corresponding cryptanalysis cryptographic Cryptology cryptosystem decryption deduce defined denote displayed element encryption Enigma machine equal equation Exercise exhaustive key search exhaustive search factor Feistel scheme Figure function f h₁ Hamming weight hash function input integer iterated key length keystream LFSRs m₁ meet-in-the-middle attack mod p² mod q mode of operation modular exponentiations modulo multiple number of wrong obtain oracle output padding plaintext blocks plaintext/ciphertext pairs polynomial Pr[C Pr[K Pr[X preimage preimage attack previous question prime number probability protocol public key R₁ random permutation random variable recover secret key sequence Show signature Solution subkeys Table tuples uniformly distributed random verifier Vigenère ciphers weak keys wrong keys
Popular passages
Page 6 - Let n be a positive integer. A Latin square of order n is an nxn...