1. (15 Points) There is nothing exclusively special about strings and XOR in one-time pad. We...
Fantastic news! We've Found the answer you've been seeking!
Question:
![1. (15 Points) There is nothing exclusively special about strings and XOR in one-time pad. We can get the](https://dsd5zvtm8ll6.cloudfront.net/questions/2023/11/654378e1ab8a5_1698920672298.jpg)
![3. (10 Points) The following scheme encrypts a plaintext by simply reordering its bits, according to the](https://dsd5zvtm8ll6.cloudfront.net/questions/2023/11/65437900b8274_1698920703767.jpg)
Transcribed Image Text:
1. (15 Points) There is nothing exclusively special about strings and XOR in one-time pad. We can get the same properties using integers mod n and addition mod n. This problem considers a variant of one-time pad, in which the keys, plaintexts, and ciphertexts are all elements of Zn instead of {0, 1}". (a) What is the decryption algorithm that corresponds to the following encryption algo- rithm? Enc (k, m) : c = (k + m) mod n Show that the resulting scheme satisfies correctness (b) Show that the above scheme satisfies one-time uniform ciphertext security (c) It's not just the distribution of keys that is important. The way that the key is combined with the plaintext is also important. Show that a scheme with the following encryption algorithm does not satisfy one-time uniform ciphertext security Enc(k, m): c = (k m) mod n 2. (10 Points) Alice is using one-time pad and notices that when her key is the all-zeroes string k = 0", then Enc(k, m) = m and her message is sent in the clear! To avoid this problem, she decides to modify KeyGen to exclude the all-zeroes key. She modifies KeyGen to choose a key uniformly from {0, 1}"\{0"}, the set of all n-bit strings except 0. In this way, she guarantees that her plaintext is never sent in the clear. (a) Describe an attack demonstrating that the modified scheme does not satisfy one-time uniform ciphertext security 3. (10 Points) The following scheme encrypts a plaintext by simply reordering its bits, according to the secret permutation k: K = { permutations of {1, ..., n}} M = {0,1}" C = {0,1}" Key Gen(1"): k + K return k Enc(k, m): for i:= 1 to n : Ck(i) := mi return C1...Cn Dec (k, c): for i:= 1 to n : mi - Ck(i) return mı...mn Describe an attack demonstrating that the scheme does not satisfy one-time perfect se- curity. 4. (10 Points) Consider the following variant of one-time perfect security, where Eve can ob- tain two ciphertexts (on chosen plaintexts) encrypted under the same key, called two-time perfect security We say that an encryption scheme is two-time perfectly secure if Vm11, m12, m21, M22 EM chosen by Eve, the following distributions are identical: 1-2 • D₁ := {c₁ Enc(k, m11), C₂ = Enc(k, m12); k ← KeyGen (1")} • D₂ = {c₁ = Enc(k, m21), C2 = Enc(k, m22); k ← KeyGen (1")} Describe an attack demonstrating that one-time pad does not satisfy this security definition. 5. (15 Points) Let &₁ = (KeyGen₁, Enc₁, Dec₁) and E2 = (KeyGen2, Enc2, Dec₂) be two encryption schemes such that only one of them satisfies one-time perfect security, but you don't know which one. Using both &₁ and E2 (but no other encryption scheme), construct an encryption scheme with one-time perfect security and prove its security. 6. (extra credit, 15 Points) Prove that if an encryption scheme has |K| < |M (i.e. there are fewer possible keys than there are possible messages), then it cannot satisfy one-time perfect security. Try to structure your proof as an explicit attack on the scheme, i.e. a distinguisher between the distributions D₁ and D₂. Hint: There is no restriction on the running time of the attacker. Exhaustive brute-force attacks are therefore valid. 1. (15 Points) There is nothing exclusively special about strings and XOR in one-time pad. We can get the same properties using integers mod n and addition mod n. This problem considers a variant of one-time pad, in which the keys, plaintexts, and ciphertexts are all elements of Zn instead of {0, 1}". (a) What is the decryption algorithm that corresponds to the following encryption algo- rithm? Enc (k, m) : c = (k + m) mod n Show that the resulting scheme satisfies correctness (b) Show that the above scheme satisfies one-time uniform ciphertext security (c) It's not just the distribution of keys that is important. The way that the key is combined with the plaintext is also important. Show that a scheme with the following encryption algorithm does not satisfy one-time uniform ciphertext security Enc(k, m): c = (k m) mod n 2. (10 Points) Alice is using one-time pad and notices that when her key is the all-zeroes string k = 0", then Enc(k, m) = m and her message is sent in the clear! To avoid this problem, she decides to modify KeyGen to exclude the all-zeroes key. She modifies KeyGen to choose a key uniformly from {0, 1}"\{0"}, the set of all n-bit strings except 0. In this way, she guarantees that her plaintext is never sent in the clear. (a) Describe an attack demonstrating that the modified scheme does not satisfy one-time uniform ciphertext security 3. (10 Points) The following scheme encrypts a plaintext by simply reordering its bits, according to the secret permutation k: K = { permutations of {1, ..., n}} M = {0,1}" C = {0,1}" Key Gen(1"): k + K return k Enc(k, m): for i:= 1 to n : Ck(i) := mi return C1...Cn Dec (k, c): for i:= 1 to n : mi - Ck(i) return mı...mn Describe an attack demonstrating that the scheme does not satisfy one-time perfect se- curity. 4. (10 Points) Consider the following variant of one-time perfect security, where Eve can ob- tain two ciphertexts (on chosen plaintexts) encrypted under the same key, called two-time perfect security We say that an encryption scheme is two-time perfectly secure if Vm11, m12, m21, M22 EM chosen by Eve, the following distributions are identical: 1-2 • D₁ := {c₁ Enc(k, m11), C₂ = Enc(k, m12); k ← KeyGen (1")} • D₂ = {c₁ = Enc(k, m21), C2 = Enc(k, m22); k ← KeyGen (1")} Describe an attack demonstrating that one-time pad does not satisfy this security definition. 5. (15 Points) Let &₁ = (KeyGen₁, Enc₁, Dec₁) and E2 = (KeyGen2, Enc2, Dec₂) be two encryption schemes such that only one of them satisfies one-time perfect security, but you don't know which one. Using both &₁ and E2 (but no other encryption scheme), construct an encryption scheme with one-time perfect security and prove its security. 6. (extra credit, 15 Points) Prove that if an encryption scheme has |K| < |M (i.e. there are fewer possible keys than there are possible messages), then it cannot satisfy one-time perfect security. Try to structure your proof as an explicit attack on the scheme, i.e. a distinguisher between the distributions D₁ and D₂. Hint: There is no restriction on the running time of the attacker. Exhaustive brute-force attacks are therefore valid.
Expert Answer:
Answer rating: 100% (QA)
Information encoding techniques This same body of something like the transmission and the fingerprint among other components are encrypted and decrypted using this methodology type The methodology uni... View the full answer
Related Book For
Management Accounting
ISBN: 978-0132570848
6th Canadian edition
Authors: Charles T. Horngren, Gary L. Sundem, William O. Stratton, Phillip Beaulieu
Posted Date:
Students also viewed these computer network questions
-
Big Tex decides to hire a new manager to help him out around the hotel, and he will pay her $40,000 per year. Calculate the rooms sold, occupancy %, and sales dollars he will need to break even after...
-
Physics Concepts in Scuba Diving 1. Provide an analysis of scuba diving in relation to physics including one physics concept relating to forces and newton's laws and one physics concept relating to...
-
how to solve this problems in cryptography? Problems 1. (15 Points) There is nothing exclusively special about strings and XOR in one-time pad. We can get the same properties using integers mod n and...
-
Why does Erasmus attack Church officials in his In Praise of Folly? O For spending money on lavish art O For not allowing clergy to marry O For supporting military campaigns O For selling pardons and...
-
Multiple Choice Questions 1. Generally, the operating cash flow is expected to be negative (a) True (b) False 2. How is the available cash flow calculated? (a) Cash flow from operating activities...
-
Which of the chapters ideas for creating a learning organization and promoting individual creativity support creative thinking by the Marines?
-
A number of transactions are described below.
-
Trim Corporation acquired 100 percent of Round Corporations voting common stock on January 1, 20X2, for $400,000. At that date, the book values and fair values of Rounds assets and liabilities were...
-
Fire Internal control deficiencies are listed below. For each deficiency. 1) identify a potential misstatement and 2) design a reliable substantive audit procedure targeting the potential...
-
Tool Depot is a U.S. home improvement retailer with two stores. Theycurrently have two suppliers for the three products that they sell: wrenches, drills, and saws. Suppliers ship product directly to...
-
: 2013 2012 Quantities 160 60 Apples 220 Oranges 2013 2012 Prices $ 1.00 50.50 Apples 2.00 50.25 Oranges An economy produces only apples and oranges . The base year is 2012 and the table gives the...
-
As consumers we're connected to an instant feed or live updates, breaking news, and messages. We believe that when we post something on social media, we will get instant feedback from friends. What...
-
Describe the process for screening candidates for ethics. Outline which job candidate factors are illegal to consider when hiring. Explain how to obtain accurate behavior information from resumes,...
-
In relation to Operation management, sustainability and supply chain management explain the following terms; What is the overall objective of scheduling? What is JIT? What is a Lean producer? Discuss...
-
The issue of Royal Rose Manufacturing Co., Ltd. with many new employees is the low level of production. Although the company implements training programs for employees, the skill improvement of...
-
For safety reasons an elevator stops with an acceleration of g/3 in the case of an emergency. Let's assume an unusually high ceiling of the elevator to hang three sections lamp one below the other...
-
Elk Inc. is considering a project that has the following cash flow and WACC data. What is the project's NPV ? a . $ 2 8 6 . 7 5 b . $ 6 0 0 C . $ 4 4 3 . 3 8 d . $ 5 7 3 . 5 1
-
We all experience emotions, but some people disguise their true feelings better than others. Do you think this is a helpful or harmful thing to do? Under what conditions do you think it would be most...
-
Give three examples of industries where process-costing systems are probably used.
-
Maritime Desserts Inc. (MDI) produces a variety of premium cheesecakes and sells them in individual packages directly to retail customers and in packages of 10 cakes to restaurants in New Brunswick,...
-
Fill in the unknowns: * Degree of completion: direct materials, 80%; conversion costs, 40%. Degree of completion: direct materials, 40%; conversion costs, 10%. (Step 2) Equivalent Units (Step 1)...
-
Compare the leadership image of nurses in various roles: staff nurse, advanced practice nurse, nurse educator, nursing service administrator, and so on. How are they alike? How are they different?...
-
Describe how you could reinvent yourself, personally and professionally, so as not to merely live the status quo.
-
Reflect on Coveys (1989) seven habits of highly effective people and brainstorm on how you could incorporate them into your nursing practice.
![Mobile App Logo](https://dsd5zvtm8ll6.cloudfront.net/includes/images/mobile/finalLogo.png)
Study smarter with the SolutionInn App