Professional Documents
Culture Documents
Cns Question Bank
Cns Question Bank
Cns Question Bank
DEPARTMENT OF CSE
Subject Code/Name:CS8792 / CRYPTOGRAPHY AND NETWORK SECURITY
Semester & Branch: VII & CSE
QUESTION BANK
ANSWER ALL THE QUESTIONS
PART-A (10 x 2 = 20)
1. Define Euler's Totient Function (CO3,K1)
Before presenting Euler's theorem, we need to introduce an important quantity in number theory,
referred to as Euler's totient function and written (n), defined as the number of positive integers
less than n and relatively prime to n. By convention, (1) = 1.
2. Recall Fermat’s little theorem with example ? (CO3,K1)
The algorithm due to Miller and Rabin is typically used to test a large number for primality.
Before explaining the algorithm, we need some background.
First, any positive odd integer n ≥ 3 can be expressed as follows:
n 1 = 2kq with k > 0, q odd
5. Define Trap door one way function. (CO3, K1)
Trap-door one-way function, which is easy to calculate in one direction and infeasible to
calculate in the other direction unless certain additional information is known.
With the additional information the inverse can be calculated in polynomial time.
We can summarize as follows: A trapdoor one-way function is a family of invertible
functions fk, such that.
6. Contrast between public key and private key.(any 4 points) (CO3, K2)
7. Summarize about Elliptic curve cryptography. (CO3, K2)
Elliptical curve cryptography uses these curves over finite fields to create a secret that only the
private key holder is able to unlock.
The larger the key size, the larger the curve, and the harder the problem is to solve.
ECC is a key-based technique for encrypting data.
ECC focuses on pairs of public and private keys for decryption and encryption of web traffic.
ECC is frequently discussed in the context of the Rivest–Shamir–Adelman
(RSA) cryptographic algorithm.
8. What are the Four possible approaches to attacking the RSA algorithm (CO4, K1)
Brute force: This involves trying all possible private keys.
Mathematical attacks: There are several approaches, all equivalent in effort to factoring the
product of two primes.
Timing attacks: These depend on the running time of the decryption algorithm.
Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm.
9. Define authentication and List its requirements (CO4, K1)
It is a procedure that verifies whether the received message comes from assigned source has not
been altered.
requirements for message authentication.
i. Disclosure.
ii. Traffic analysis.
iii. Masquerade.
iv. Content Modification.
v. Sequence Modification.
vi. Timing modification.
vii. Repudiation.
10. What is the purpose of MAC ? Write its function. (CO4, K1)
An alternative authentication technique involves the use of a secret key to generate a small
fixed-size block of data, known as a cryptographic checksum or MAC that is appended to the
message.
This technique assumes that two communicating parties, say A and B, share a common
secret key K.
When A has a message to send to B, it calculates the MAC as a function of the message and
the key:MAC = C(K,M), where
M = input message
C = MAC function
K = shared secret key
MAC = message authentication code
11. Compare SHA 256 & SHA 512 (CO3, K2)
Addition operation in ECC is the counterpart of modular multiplication in RSA, and multiple
addition is the counterpart of modular exponentiation.
To form a cryptographic system using elliptic curves, we need to find a "hard problem"
corresponding to factoring the product of two primes or taking the discrete logarithm.
Consider the equation Q = kP where Q, P Ep(a, b) and k < p.
It is relatively easy to calculate Q given k and P, but it is relatively hard to determine k given
Q and P.
This is called the discrete logarithm problem for elliptic curves.
Analog of Diffie-Hellman Key Exchange
pick a large integer q, which is either a prime number p or an integer of the form 2m and
elliptic curve parameters a and b
This defines the elliptic group of points Eq(a, b).
K = nB x PA.
Next, pick a base point G = (x1, y1) in Ep(a, b) whose order is a very large value n.
The order n of a point G on an elliptic
curve is the smallest positive integer n such that nG = O. Eq(a, b) and G are parameters.
key exchange between users A and B :
1) A selects an integer nA less than n.
2) This is A's private key.
3) A then generates a public key PA = Na x G;the public key is a point in Eq(a, b).
4) B similarly selects a private key nB and computes a public key PB.
5) A generates the secret key K = nA x PB. B generates the secret key
The two calculations in step 3 produce the same result because
nA x PB = nA x (nB x G) = nB x (nA x G) = nB x PA
To break this scheme, an attacker would need to be able to compute k given G and kG, which
is assumed hard.
Round function
Key schedule
Any additional processing − Initial and final permutation
INITIAL AND FINAL PERMUTATION
The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of
each other. They have no cryptography significance in DES. The initial and final permutations
are shown as follows
DETAILS OF SINGLE ROUND
First the left and right half of each 64-bit are treated as separate 32-bit quantities labelled L
(left) and R (Right).
The overall process at each iteration can be summarized in:
Li = Ri-1
Ri = Li -1 ⊕ f(Ri-1 ,Ki )
Where denotes the bitwise XOR function
EXPANSION PERMUTATION BOX
Since right input is 32-bit and round key is a 48-bit, we first need to expand right input to 48 bits
XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output.
Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation
KEY GENERATION
DES ATTACKS:
The COPACOBANA machine, built for US$10,000 by the Universities of Bochum and
Kiel, contains 120 low-cost FPGAs and can perform an exhaustive key search on DES
in 9 days on average.
The photo shows the backplane of the machine with the FPGAs Cryptography and
Network Security
ATTACK FASTER THAN BRUTE FORCE
Differential cryptanalysis : was discovered in the late 1980s by Eli Biham and Adi
Shamir, although it was known earlier to both IBM and the NSA and kept secret.
To break the full 16 rounds, differential cryptanalysis requires 247chosen plaintexts.
DES was designed to be resistant to DC.
Linear cryptanalysis was discovered by Mitsuru Matsui, and needs 243known
plaintexts (Matsui, 1993); the method was implemented (Matsui, 1994), and was the first
experimental cryptanalysis of DES to be reported.
There is no evidence that DES was tailored to be resistant to this type of attack.
Cryptography and Network Security
Possible Techniques for Improving DES
Multiple enciphering with DES
Extending DES to 128-bit data paths and 112-bit keys
Extending the key expansion calculation
Double DES
2= 112 bits
The simplified form of multiple encryption has two encryption stage and two keys.
Given a plaintext P and two keys K1 and K2 one can generate a cipher text C as:
Decryption equation is :
The key length is 56
Double Encryption
Double DES
Using two encryption stages and two keys
C=Ek2(Ek1(P))
P=Dk1(Dk2(C))
It is proved that there is no key k3 such that
C=Ek2(Ek1(P))=Ek3(P)
But Meet-in-the-middle attack Cryptography and Network Security
Meet-in-the-Middle Attack
Assume C=Ek2(Ek1(P))
Given the plaintext P and ciphertext C
Encrypt P using all possible keys k1
Decrypt C using all possible keys k2
Check the result with the encrypted plaintext lists
.
Triple DES
DES variant
Standardized in ANSI X9.17 & ISO 8732 and in PEM for key management
Proposed for general EFT standard by ANSI X9
Backwards compatible with many DES schemes
Uses 2 or 3 keys Cryptography and Network Security.No known practical attacks
Brute force search impossible (very hard)
Meet-in-the-middle attacks need 256Plaintext-Cipher text pairs per key
Popular current alternative Cryptography and Network Security
13 Solve any example problem for Chinese remainder theorem and explain it.
Given in pdf
14 Explain Diffie Hellman key exchange algorithm steps and Solve the following q = 353, 𝜶 = 3 , XA = 97, XB =
233. Find YA, YBand shared secret key.
Given in pdf
15 Solve the following using RSA algorithm
p=3, q =11, e=7, M= 5 and write steps for solving
Given in pdf
16 Illustrate about RC4 algorithm and its features.
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security.
It is a variable key-size stream cipher with byte-oriented operations.
The algorithm is based on the use of a random permutation.
Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100
Eight to sixteen machine operations are required per output byte, and the cipher can be
expected to run very quickly in software.
RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport layer Security) standards that have been
defined for communication between Web browsers and servers.
It is also used in the WEP (Wired Equivalent Privacy) protocol and the newer WiFi Protected
Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard. RC4 was kept as a
trade
secret by RSA Security.
In September 1994, the RC4 algorithm was anonymously posted on the Internetm on the
Cypherpunks anonymous remailers list.
The RC4 algorithm is remarkably simply and quite easy to explain.
A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state
vector S, with elements S[0], S[1],..., S[255].
At all times, S contains a permutation of all 8-bit numbers from 0 through 255.
For encryption and decryption, a byte k is generated from S by selecting one of the 255 entries in a
systematic fashion.
INITIALIZATION OF S
To begin, the entries of S are set equal to the values from 0 through 255 in ascending order; that is;
S[0] = 0, S[1] = 1,..., S[255] = 255.
A temporary vector, T, is also created. If the length of the key K is 256 bytes, then K is transferred to
T.
Otherwise, for a key of length keylen bytes, the first keylen elements of T are copied from K and then
K is repeated as many times as necessary to fill out T.
STREAM GENERATION
Once the S vector is initialized, the input key is no longer used.
Stream generation involves cycling through all the elements of S[i], and, for each S[i], swapping S[i]
with another byte in S according to a scheme dictated by the current configuration of S.
After S[255] is reached, the process continues,
starting over again at S[0]:
/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
STRENGTH OF RC4
A number of papers have been published analyzing methods of attacking RC4
None of these approaches is practical against RC4 with a reasonable key length, such as 128 bits.
The authors demonstrate that the WEP protocol, intended to provide confidentiality on 802.11
wireless LAN networks, is vulnerable to a particular attack approach.
In essence, the problem is not with RC4 itself but the way in which keys are generated for use as
input to RC4.
This particular problem does not appear to be relevant to other applications using RC4 and can be
remedied in WEP by changing the way in which keys are generated.
This problem points out the difficulty in designing a secure system that involves both
cryptographic functions and protocols that make use of them.