Module Code: COMP322301 Module Title: Cryptography c© UNIVERSITY OF LEEDS School of Computing Semester 2 2019/2020 Calculator instructions: - You are allowed to use a non-programmable calculator only from the following list of approved models in this examination: Casio FX-82, Casio FX-83, Casio FX-85. Dictionary instructions: - You are not allowed to use your own dictionary in this examination. A basic English dictionary is available to use: raise your hand and ask an invigilator, if you need it. Examination Information - There are 2 hours to complete the examination. - There are 4 pages to this examination. - Answer all 3 questions. - The number in brackets [ ] indicates the marks available for each question or part question. - You are reminded of the need for clear presentation in your answers. - The total number of marks for this examination paper is 40. Page 1 of 4 Turn the page over Module Code: COMP322301 Question 1 Consider a symmetric cryptosystem (M,C,K,E,D), where M is the plaintext space, C is the ciphertext space, K is the key space, E : K ×M → C is the encryption function, and D : K ×C →M is the decryption function. (a) Describe Kerckhoff’s principle: (i) in general, and (ii) applied specifically to this cryptosystem. [3 marks] (b) Define the key space K and the encryption function E in the Hill cipher with block size L. Give an example of a chosen plaintext attack against the Hill cipher. [4 marks] (c) Explain what we mean by a computationally secure cryptosystem. [2 marks] (d) Explain how we can obtain the 3DES cryptosystem from the DES (Data Encryption Standard) cryptosystem. What is the theoretical computational security level of 3DES (in bits)? Give an example of a ciphertext only attack against 3DES that reduces its security level. [4 marks] [Question 1 Total: 13 marks] Page 2 of 4 Turn the page over Module Code: COMP322301 Question 2 Alice and Bob want to agree on a common key to encrypt and exchange data using a symmetric cryptosystem. (a) Explain the Diffie-Hellman key exchange protocol. State all the computations and the information that Alice and Bob need to exchange to agree on the common key. [6 marks] (b) Explain the one-time pad cryptosystem in terms of the key and the encryption function used. Under which conditions does the one-time pad have perfect information-theoretical security? Explain why the one-time pad cryptosystem is not practical in most applications. [5 marks] (c) Alice and Bob have a quantum channel following the BB84 protocol that allows them to exchange a sequence of secret bits. Explain why the quantum channel is a secure way to exchange a key stream even if Eve is potentially eavesdropping on their channel. Estimate how likely it is that Alice and Bob will notice if Eve attempts to eavesdrop on one bit of information in the channel. [3 marks] [Question 2 Total: 14 marks] Page 3 of 4 Turn the page over Module Code: COMP322301 Question 3 Bob wishes to receive a message from Alice which has been authenticated via a digital signature. (a) Alice uses the RSA signature protocol and chooses the modulus n = 161 and the public key e = 5. Explain how the private key d is chosen in RSA. Use the extended Euclidean algorithm to compute the private key. [6 marks] (b) Bob receives x = 14 and y = xd ≡ 21 (mod 161) as the RSA signature. Bob has the modulus n = 161 and the public key e = 5, but does not know Alice’s private key. Verify using the square-and-multiply algorithm that Alice’s signature is correct. Show all steps. [4 marks] (c) Describe an algorithm for using a birthday attack to find a collision against a hash function h : X → Y . Approximately how many random samples q do we need to find a collision with probability p = 0.5 with the birthday attack, assuming the co-domain size is |Y |? [3 marks] [Question 3 Total: 13 marks] [Grand Total: 40 marks] Page 4 of 4 End
欢迎咨询51作业君