Alan Kaminsky Department of Computer Science Rochester Institute of Technology 4572 + 2433 = 7005
Home Page
Foundations of Cryptography CSCI 662-01 Spring Semester 2018
Course Page

CSCI 662-01—Foundations of Cryptography
Homework 4

Prof. Alan Kaminsky—Spring Semester 2018
Rochester Institute of Technology—Department of Computer Science

Questions
Submission Requirements
Grading Criteria
Late Homeworks
Plagiarism


Questions

    Questions 1–3. The BadAes block cipher has the same block size (128 bits) as AES, the same key size (128 bits) as AES, the same state matrix as AES, and the same key schedule as AES. However, BadAes has only one round consisting of the following three steps, which are the same as in AES: AddRoundKey, SubBytes, ShiftRows. (Note: In AES, the first round subkey is the same as the original key.)

  1. The BadAes block cipher is operated in Cipher Block Chaining (CBC) mode. In CBC mode, the plaintext is padded with a 1 bit followed by as many 0 bits as necessary to fill the final block. The plaintext 57ef694da00453fbd2fdd30970024a2a (hex) is encrypted with the key e0836da77383cf66e618b35beb95d2e7 (hex) and the IV 7c3bc1560468f68468b89fa148ccfd80 (hex). What is the ciphertext (hex)?

  2. Repeat Question 1, except now the BadAes block cipher is operated in Output Feedback (OFB) mode.

  3. An oracle for the BadAes block cipher (without any mode of operation) tells you that when the plaintext a8b1b013512bdd7d78f65c2483a533e1 is encrypted with a certain key, the ciphertext is 764b70e8cf18d7e0537a601ad131e8e4. What is the key?

    Questions 4–5. Consider the following four-bit S-box. The input bits are labeled X1, X2, X3, X4. The output bits are labeled Y1, Y2, Y3, Y4.

    x     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
    S[x]  5  7  e  d  9  3  c  1  0  a  f  8  6  b  2  4
    

  4. What is the bias of the linear approximation X2 + X3 + Y1 + Y4 = 0? Show how you derived your answer by listing, for each possible S-box input value, the quantities needed to determine the answer.

  5. What is the probability of the differential (ΔX, ΔY) = (1011, 1101)? Show how you derived your answer by listing, for each possible S-box input value, the quantities needed to determine the answer.


Submission Requirements

Put your answers in a plain text file named "<username>.txt", replacing <username> with the user name from your Computer Science Department account. Send your plain text file to me by email at ark­@­cs.rit.edu. Include your full name and your computer account name in the email message, and include the plain text file as an attachment.

I will send you an acknowledgment email when I receive your submission. If you have not received a reply within one day, please contact me. Your homework is not successfully submitted until I have sent you an acknowledgment.

The submission deadline is Friday, March 9, 2018 at 11:59pm. The date/time at which your email message arrives in my inbox will determine whether your homework meets the deadline.

You may submit your homework multiple times up until the deadline. I will keep and grade only the most recent successful submission. There is no penalty for multiple submissions.

If you submit your homework before the deadline, but I do not accept it (e.g. a plain text file was not attached to your email), and you cannot or do not submit your homework again before the deadline, the homework will be late (see below). I STRONGLY advise you to submit the homework several days BEFORE the deadline, so there will be time to deal with any problems that might arise in the submission process.


Grading Criteria

Each homework question will be graded as follows, for a total of 10 points:
2 = Correct
1 = Partially correct
0 = Incorrect or missing

After grading your homework I will put your grade and any comments I have in your encrypted grade file. For further information, see the Course Grading and Policies and the Encrypted Grades.


Late Homeworks

If I have not received a successful submission of your homework by the deadline, your homework will be late and will receive a grade of zero. There will be no extensions for homeworks.


Plagiarism

The homework must be entirely your own individual work. I will not tolerate plagiarism. If in my judgment the homework is not entirely your own work, you will automatically receive, as a minimum, a grade of zero for the assignment. See the Course Policies for my policy on plagiarism.

Foundations of Cryptography CSCI 662-01 Spring Semester 2018
Course Page
Alan Kaminsky Department of Computer Science Rochester Institute of Technology 4572 + 2433 = 7005
Home Page
Copyright © 2018 Alan Kaminsky. All rights reserved. Last updated 05-Mar-2018. Please send comments to ark­@­cs.rit.edu.