| 1: | Let the function f for a four-stage NLFSR be f(r0…rn1) = (r0 and r1) or r3, and let the initial value of the register be 1001. Derive the initial sequence and cycle. |
| 2: | An n-stage LFSR produces a sequence with a period of length at most 2n 1, but the register has n bits and thus may assume 2n values. Why can the length of the period never be 2n? Which register value is excluded from the cycle, and why? |
| 3: | Consider double encryption, where c = Ek'(Ek(m)) and the keys k and k' are each n bits long. Assume that each encipherment takes one time unit. A cryptanalyst will use a known plaintext attack to determine the key from two messages m0 and m1 and their corresponding ciphertexts c0 and c1.
The cryptanalyst computes Ex(m0) for each possible key x and stores each in a table. How many bits of memory does the table require? How many time units does it take to compute the entry? The cryptanalyst computes y = Dx'(c0), where D is the decipherment function corresponding to E, for each possible key x', and then checks the table to see if y is in it. If so, (x, x') is a candidate for the key pair. How should the table be organized to allow the cryptographer to find a match for y in time O(1)? How many time units will pass before a match must occur? How can the cryptographer confirm that (x, x' ) is in fact the desired key pair? What are the maximum amounts of time and memory needed for the attack? What are the expected amounts of time and memory?
|
| 4: | A network consists of n hosts. Assuming that cryptographic keys are distributed on a per-host-pair basis, compute how many different keys are required. |
| 5: | One cryptographic checksum is computed by applying the DES in CBC mode to the message or file and using the last n bits of the final enciphered block as the checksum. (This is a keyed hash; the parties must agree on the key and the initalization vector used.) Analyze this hash function. In particular, how difficult is it to find two different messages that hash to the same value? How difficult is it to generate a second message that produces the same hash value as the first message? |
| 6: | A variant of the autokey cipher is to pick a well-known book and use its text, starting at some agreed-upon location. For example, the plaintext THEBO YHAST HECAT might be enciphered as the phrase AVARI ANTOF THEAU, with the sender and recipient agreeing that the first sentence in Exercise 6 in Chapter 10 in this book is the initial key. Describe a problem with this approach that could lead to a successful decipherment. |
| 7: | Unlike PEM, PGP requires the user to set a flag to indicate whether the file being protected is text or binary data. Explain why such a flag is necessary. Why does PEM not require such a flag? |
| 8: | Redraw Figure 10-5 assuming that the SA between frauds and equity is a transport mode SA rather than a tunnel mode SA. |
| 9: | When the IVC for the AH protocol is computed, why are mutable fields set to 0 rather than omitted? |
