Crypto Midterm 1. Consider the RSA algorithm with the parameters p = 29, q = 101, e = 271.

Student N ame

Then, what is the corresponding private key d? (you must use Euclids algorithm to nd d). Answer: The modulus n = pq = 29 101 = 2929. The function (n) = (p 1)(q 1) = 2800. The private key is equal to the following. d = e1 mod (n) = 2711 mod 2800 The inversion is found with Euclids algorithm. 2800 = (n) 271 = e 90 = (n) 10e gcd(e, (n)) = 1 = 3(n) + 31e Then, d = e1 mod (n) = 31. 2. Answer the following questions. a) What are the possible key sizes for AES? Answer: 128, 192, 256 bits b) What is the number of AES rounds when the key size is 128 bits? Answer: the key size nk = 128/32 = 4 in words, then the round number nr = nk + 6 = 10 . c) What are the sizes of AES round subkeys? Answer: 128 bits (subkey size = data block size) d) How many subkeys are needed in AES when the number of the rounds nr = 12? Answer: nr + 1 = 13 subkeys e) What is the size of the AES expanded key when the key size is 128 bits? Answer: the key size nk = 128/32 = 4 in words. The round number nr = nk + 6 = 10. Then, (nr + 1) = 11 subkeys are needed. The expanded key is 11*128 bits since the subkeys are 128 bits. 3. In a Die Hellman key exchange scheme, let my private key be k and my public key be k mod p . Answer the following questions. a) What is your public key, if your private key is l? Answer: l mod p b) What is the mutual secret between you and me when your private key is l? Answer: kl mod p c) Which hard problem must be solved to nd the private keys from the public keys? Answer: Discrete logarithm problem

4. What is a safe prime and which ones of the following primes are safe prime? 11, 13, 17, 19, 23, 29, 31, 37 Answer: Safe prime p is a prime such that the integer (p 1)/2 is also a prime. Then, 11 = 2 5 + 1 , 23 = 2 11 + 1 are the only safe primes among the primes above. 5. Let the coecients of a(x) = x13 + x8 + x5 and p(x) = x8 + x4 + x3 + 1 be in F2 . Compute a(x) mod p(x). Answer: We use division to compute a(x) mod p(x). x13 + x8 + x5 x8 + x4 + x3 + 1 13 9 8 5 x + x + x + x x5 + x x9 x9 + x5 + x4 + x x5 + x4 + x

Thus, a(x) mod p(x) = x5 + x4 + x. 6. The following table gives the powers of some elements modulo 19. What are the inverses and the orders of these elements? a a2 a3 a4 a5 a6 a7 a8 a9 6 17 7 4 5 11 9 16 1 7 11 1 7 11 1 7 11 1 8 7 18 11 12 1 8 7 18 Answer: O(6) is 9 since a9 = 1 and its inverse a8 = 16. O(7) is 3 since a3 = 1 and its inverse a2 = 11. O(8) is 6 since a10 = 1 and its inverse a5 = 12. 7. Let us take the hashes of 220 dierent data with a 100 bit hash function. What is the probability that no two data have the same hash? Repeat the question for a 40 bit hash function Hint: Pr{no collision} = e 2N 0.6065 N
n2 n2

Answer: There are n = 220 dierent objects and N = 2100 dierent hashes. Thus, 2 (220 ) 60 Pr{no collision} = (0.6065) 2100 = (0.6065) 2 If we use a 40 bit hash function, (220 ) Pr{no collision} = (0.6065) 1
240 2

= 0.6065

8. Let M denote a data block and H (M ) denote its hash. Let n, d, and e denote your RSA modulus, private key, and public key, respectively. How do you sign the data with RSA and obtain the signature (sign(H (M )))? Answer: H (M )d mod n When you send M and sign(H (M )) to another guy, how can he verify your signature? Answer: Computes H (M )d mod n and compares it with H (M )
e

mod n

9. The following numbers constitute a group under modulo n multiplication. {a | 1 a < n and gcd(a, n) = 1} What is the number of elements in this group? Answer: (n) Let n = 100 . What are the possible orders of the elements in this group? Answer: Divisors of (100) = (22 52 ) = 2(2 1) 5(5 1) = 23 5 10. Why do we use cipher modes of operation? (The answer can be written only inside of the empty box below, otherwise no credit) All cipher modes (except ECB) make the result of the current encryption dependent on the previous one or a counter increasing continuously. This has the following results. 1. If one steals any encrypted block, the decryption fails and the decryptor nds out that the data is not complete. By this way, the data integrity is ensured. 2. Also, identical data blocks are encrypted one after another sometimes. If ECB mode is used, the resulting encrypted blocks will be all identical. If other modes are used, the encrypted blocks will look very dierent and the eavesdroppers can not gure out that the identical blocks are encrypted. 11. Draw the CTR mode encryption and decryption. 12. Draw the CBC mode encryption and decryption.