Textbook Problems

• Chapter 2: 2.1 – 2.5, 2.7, 2.8
• Chapter 20: 20.1 – 20.7, 20.11, 20.12, 20.14
• Chapter 21: 21.1 – 21.9; 21.11, 21.12

Additional Problems

1. Which block cipher mode to use? For each of the following scenarios, determine which of the four block cipher modes discussed in class would be most appropriate. Justify your answer.
   1. Encryption of the social security number field within every record of a database.
   2. Encryption of a Word document (.doc) that will be sent as an email attachment.
   3. Sector-by-sector encryption of an external hard drive.
   4. Real-time encryption of a non-packetized bit stream (e.g. raw digital video).
   5. Suppose a communication system encrypts data using AES-128 and has the ability to update keys over the network; that is, when a node on the network needs to update its key, a network controller can send the node a new key encrypted with the current key. What block cipher mode would me most appropriate when encrypting the new key to send to the node?
2. One-time Pad. A One-time Pad (OTP) is a secure method of encrypting data, but since each user must have a copy of a file of random key, it is not practical in most situations. The random key for OTP must be truly random, typically generated from a hardware entropy source. What other condition must be met for OTP to be secure? When this condition is not met, what situation arises, and why is it a bad thing?
3. Medium RSA Computation. You intercept the encrypted message C = 4176229917282169 to a user with public key e = 65537, N = 19915121917840759. Decrypt the message (the answer will be readable text). The functions used to convert a string to an integer and vice versa are the same as those used in rsa_example.py. Hint: Wolfram Alpha can factor moderate-sized integers.

4. Medium Diffie-Hellman Computation. Recall that in a real Diffie-Hellman protocol, there are three system parameters: a prime q, a prime p that is much bigger than q, and an element a of order q mod p. For an actual implementation of the DH protocol, q would be at least 160 bits and p would be at least 1024 bits. Consider a small example of a DH protocol with the following system parameters:

   • q = 866279
   • p = 764058079
   • a = 19482865

   Complete a key exchange between Alice and Bob using these parameters. That is, generate random secret keys XA and XB, calculate the public keys YA and YB, and perform Alice and Bob’s computations to derive the shared secret K. This is easily done in Python.

5. A simple LCG. Consider the linear congruential generator with parameters a = 5, c = 0, and n = 32.

   1. What is the period of X0 = 1?
   2. What is the period of X0 = 2?
   3. Are they any values of X0 with a period greater than eight?
6. Recovering parameters of an LCG. You observe the following sequence of numbers generated using a linear congruential generator (LCG):

         
         16, 55, 172, 11, 40, 127, 132, 147, 192, 71, 220, ...
       

   Find the values of a, c, and n. Hint: use the formula for an LCG to create a system of two linear equations and solve for a; once you have a, it’s easy to solve for c and n.
7. When to re-seed an AES-based PRNG. Find NIST SP 800-90A on the NIST website. How many requests may be made to the PRNG discussed in class before it must be re-seeded? Look for the value of reseed_interval.