MAHENDRA INSTITUTE OF TECHNOLOGY, AUTONOMOUS

DEPARTMENT OF CSE
Subject Code/Name:CS8792 / CRYPTOGRAPHY AND NETWORK SECURITY
Semester & Branch: VII & CSE
QUESTION BANK
ANSWER ALL THE QUESTIONS
PART-A (10 x 2 = 20)
1. Define Euler's Totient Function (CO3,K1)

Before presenting Euler's theorem, we need to introduce an important quantity in number theory,
referred to as Euler's totient function and written  (n), defined as the number of positive integers
less than n and relatively prime to n. By convention,  (1) = 1.
2. Recall Fermat’s little theorem with example ? (CO3,K1)

3. Recall Euler‘s theorem with example ? (CO3, K1)

4. Define Miller-Rabin Algorithm or test. (CO3, K1)

 The algorithm due to Miller and Rabin is typically used to test a large number for primality.
 Before explaining the algorithm, we need some background.
 First, any positive odd integer n ≥ 3 can be expressed as follows:
 n 1 = 2kq with k > 0, q odd
5. Define Trap door one way function. (CO3, K1)

 Trap-door one-way function, which is easy to calculate in one direction and infeasible to
calculate in the other direction unless certain additional information is known.
 With the additional information the inverse can be calculated in polynomial time.
 We can summarize as follows: A trapdoor one-way function is a family of invertible
functions fk, such that.

6. Contrast between public key and private key.(any 4 points) (CO3, K2)
7. Summarize about Elliptic curve cryptography. (CO3, K2)
 Elliptical curve cryptography uses these curves over finite fields to create a secret that only the
private key holder is able to unlock.
 The larger the key size, the larger the curve, and the harder the problem is to solve.
 ECC is a key-based technique for encrypting data.
 ECC focuses on pairs of public and private keys for decryption and encryption of web traffic.
 ECC is frequently discussed in the context of the Rivest–Shamir–Adelman
(RSA) cryptographic algorithm.
8. What are the Four possible approaches to attacking the RSA algorithm (CO4, K1)
 Brute force: This involves trying all possible private keys.
 Mathematical attacks: There are several approaches, all equivalent in effort to factoring the
product of two primes.
 Timing attacks: These depend on the running time of the decryption algorithm.
 Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm.
9. Define authentication and List its requirements (CO4, K1)
It is a procedure that verifies whether the received message comes from assigned source has not
been altered.
requirements for message authentication.
i. Disclosure.
ii. Traffic analysis.
iii. Masquerade.
iv. Content Modification.
v. Sequence Modification.
vi. Timing modification.
vii. Repudiation.
10. What is the purpose of MAC ? Write its function. (CO4, K1)
 An alternative authentication technique involves the use of a secret key to generate a small
fixed-size block of data, known as a cryptographic checksum or MAC that is appended to the
message.
 This technique assumes that two communicating parties, say A and B, share a common
secret key K.
 When A has a message to send to B, it calculates the MAC as a function of the message and
the key:MAC = C(K,M), where
M = input message
C = MAC function
K = shared secret key
MAC = message authentication code
11. Compare SHA 256 & SHA 512 (CO3, K2)

12. Define hash function (CO4, K1)

 A hash value h is generated by a function H of the form
h = H(M)
 where M is a variable-length message and H(M) is the fixed-length hash value.
 The hash value is appended to the message at the source at a time when the message is
assumed or known to be correct.
 The receiver authenticates that message by recomputing the hash value.
 Because the hash function itself is not considered to be secret, some means is required to
protect the hash value.
13. Interpret about Strong collision resistance and weak collision resistance (CO4, K2)
weak collision resistance
Given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes
referred to as weak collision resistance.
strong collision resistance
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes
referred to as strong collision resistance
14. Define Masquerade (CO4, K1)
  Insertion of messages into the network from a fraudulent source.
 This includes the creation of messages by an opponent that are purported to come from an
authorized entity.
 Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone
other than the message recipient.
15. What is meant by Message integrity ? (CO4, K1)
 Message Integrity describes the concept of ensuring that data has not been modified in
transit using of a Hash algorithm.
 The basic premise is a sender wishes to send a message to a receiver, and wishes for the
integrity of their message to be guaranteed.
 The sender will calculate a hash on the message, and include the digest with the message.
 On the other side, the receiver will independently calculate the hash on just the message,
and compare the resulting digest with the digest which was sent with the message.
 If they are the same, then the message must have been the same as when it was originally
sent.
PART-B (3 x 10 = 30)
11 Explain about Elliptic curve cryptography
DEFINE :
Elliptic Curve Cryptography (ECC) is a key-based technique for encrypting data. ECC focuses on
pairs of public and private keys for decryption and encryption of web traffic.

DISCRETE LOGARITHM PROBLEM :

 Addition operation in ECC is the counterpart of modular multiplication in RSA, and multiple
addition is the counterpart of modular exponentiation.
 To form a cryptographic system using elliptic curves, we need to find a "hard problem"
corresponding to factoring the product of two primes or taking the discrete logarithm.
 Consider the equation Q = kP where Q, P Ep(a, b) and k < p.
 It is relatively easy to calculate Q given k and P, but it is relatively hard to determine k given
Q and P.
 This is called the discrete logarithm problem for elliptic curves.
Analog of Diffie-Hellman Key Exchange

 pick a large integer q, which is either a prime number p or an integer of the form 2m and
elliptic curve parameters a and b
 This defines the elliptic group of points Eq(a, b).
K = nB x PA.
 Next, pick a base point G = (x1, y1) in Ep(a, b) whose order is a very large value n.
 The order n of a point G on an elliptic
 curve is the smallest positive integer n such that nG = O. Eq(a, b) and G are parameters.
 key exchange between users A and B :
1) A selects an integer nA less than n.
2) This is A's private key.
3) A then generates a public key PA = Na x G;the public key is a point in Eq(a, b).
4) B similarly selects a private key nB and computes a public key PB.
5) A generates the secret key K = nA x PB. B generates the secret key
 The two calculations in step 3 produce the same result because
nA x PB = nA x (nB x G) = nB x (nA x G) = nB x PA
 To break this scheme, an attacker would need to be able to compute k given G and kG, which
is assumed hard.

ELLIPTIC CURVE ENCRYPTION/DECRYPTION

 Encode the plain text m to be sent as an x-y point Pm.

 There are relatively straightforward techniques to perform such mappings.
 Require a point G and an elliptic group Ep(a,b) as parameters.
 Each user A selects a private key nA and generates a public key PA = nA
 To encrypt and send a message Pm from A to B
 A chooses a random positive integer k.
 A then produces the ciphertext Cm consisting of the pair of points:
 Cm = {kG, Pm + k PB}.
 A has used B’s public key PB.
 Two instead of one piece of information are sent.
 To decrypt Cm
 Pm + k PB - nB(kG) = Pm + k (nBG) - nB(kG) = Pm.
 A has masked Pm by adding k PB to it.
 An attacker needs to compute k given G and kG, which is assumed hard
 Example: Take p = 751, Ep(-1,188) and G = (0,376). Assume that Pm = (562,201) is to be
sent and that the sender chooses a random number k = 386. Assume that the receiver’s
public key is PB = (201,5). We have 386(0,376) = (676,558), and (562,201) + 386(201,5) =
(385,328). Consequently, {(676,558), (385,328)} is sent as the ciphertext

SECURITY OF ELLIPTIC CURVE CRYPTOGRAPHY

 security of ECC depends on how difficult it is to determine k given kP and P.

 The fastest known technique for taking the elliptic curve logarithm is known as the
Pollard rho method.
 

12 Explain DES with diagrams

 The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
 DES is an implementation of a Feistel Cipher.
 It uses 16 round Feistel structure.
 The block size is 64-bit.
 Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits
of the key are not used by the encryption algorithm
 First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the
bits to produce the permuted input.
 This is followed by a phase consisting of 16 rounds of the same function, which involves both
permutation and substitution functions.
 The output of the last (sixteenth) round consists of 64 bits that are a function of the input
plaintext and the key.
 The left and right halves of the output are swapped to produce the preoutput
Since DES is based on the Feistel Cipher, all that is required to specify DES is −

 Round function
 Key schedule
 Any additional processing − Initial and final permutation
INITIAL AND FINAL PERMUTATION
The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of
each other. They have no cryptography significance in DES. The initial and final permutations
are shown as follows
DETAILS OF SINGLE ROUND
 First the left and right half of each 64-bit are treated as separate 32-bit quantities labelled L
(left) and R (Right).
 The overall process at each iteration can be summarized in:
 Li = Ri-1
 Ri = Li -1 ⊕ f(Ri-1 ,Ki )
 Where denotes the bitwise XOR function
EXPANSION PERMUTATION BOX
Since right input is 32-bit and round key is a 48-bit, we first need to expand right input to 48 bits
 XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
 Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output.
 Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation

KEY GENERATION

 64-bit key is used as input to the algorithm.

 The bits of the key are numbered from 1 through 64; every eighth bit is ignored, as
indicated by the lack of shading .
 The key is first subjected to a permutation governed by a table labeled Permuted Choice.
 The resulting 56-bit key is then treated as two 28-bit quantities, labeled C0 and D0.
 These shifted values serve as input to the next round.
 They also serve as input to Permuted Choice which produces a 48-bit output that serves as
input to the function F(Ri-1, Ki).
DES DECRYPTION
 As with any Feistel cipher, decryption uses the same algorithm as encryption, except that
the application of the subkeys is reversed.
 The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.
 Avalanche effect − A small change in plaintext results in the very great change in
the ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of plaintext.

THE STRENGTH OF DES

 Concerns about the strength of DES fall into two categories:
 Concerns about the algorithm itself (nothing so far).
 Concerns about the use of 56-bit key.
 Electronic Frontier Foundation (EFF) announced that it had broken a new DES
encryption using a “DES Cracker” machine for less than $250,000.
 A 128 bit key is guaranteed for unbreakable algorithm by Brute-Force.

THE NATURE OF THE DES ALGORITHM

 Another concern is the possibility that cryptanalysis is possible by exploiting the
characteristics of the DES algorithm.
 The focus of concern has been on the eight substitution tables, or S-boxes, that are used in
each iteration.
 Because the design criteria for these boxes, and indeed for the entire algorithm, were not
made public, there is a suspicion that the boxes were constructed in such a way that
cryptanalysis is possible for an opponent who knows the weaknesses in the S-boxes.
 Over the years a number of regularities and unexpected behaviors of the S-boxes have
been discovered.
 Despite this, no one has so far succeeded in discovering the supposed fatal weaknesses in
the S-boxes.

DES ATTACKS:
 The COPACOBANA machine, built for US$10,000 by the Universities of Bochum and
Kiel, contains 120 low-cost FPGAs and can perform an exhaustive key search on DES
in 9 days on average.
 The photo shows the backplane of the machine with the FPGAs Cryptography and
Network Security
ATTACK FASTER THAN BRUTE FORCE
 Differential cryptanalysis : was discovered in the late 1980s by Eli Biham and Adi
Shamir, although it was known earlier to both IBM and the NSA and kept secret.
 To break the full 16 rounds, differential cryptanalysis requires 247chosen plaintexts.
DES was designed to be resistant to DC.
 Linear cryptanalysis was discovered by Mitsuru Matsui, and needs 243known
plaintexts (Matsui, 1993); the method was implemented (Matsui, 1994), and was the first
experimental cryptanalysis of DES to be reported.
There is no evidence that DES was tailored to be resistant to this type of attack.
Cryptography and Network Security
Possible Techniques for Improving DES
 Multiple enciphering with DES
 Extending DES to 128-bit data paths and 112-bit keys
 Extending the key expansion calculation
Double DES
 2= 112 bits
 The simplified form of multiple encryption has two encryption stage and two keys.
 Given a plaintext P and two keys K1 and K2 one can generate a cipher text C as:
Decryption equation is :
 The key length is 56
Double Encryption

Double DES
 Using two encryption stages and two keys
 C=Ek2(Ek1(P))
 P=Dk1(Dk2(C))
 It is proved that there is no key k3 such that
 C=Ek2(Ek1(P))=Ek3(P)
 But Meet-in-the-middle attack Cryptography and Network Security
Meet-in-the-Middle Attack
 Assume C=Ek2(Ek1(P))
 Given the plaintext P and ciphertext C
 Encrypt P using all possible keys k1
 Decrypt C using all possible keys k2
 Check the result with the encrypted plaintext lists
.
 Triple DES
 DES variant
 Standardized in ANSI X9.17 & ISO 8732 and in PEM for key management
 Proposed for general EFT standard by ANSI X9
 Backwards compatible with many DES schemes
 Uses 2 or 3 keys Cryptography and Network Security.No known practical attacks
 Brute force search impossible (very hard)
 Meet-in-the-middle attacks need 256Plaintext-Cipher text pairs per key
 Popular current alternative Cryptography and Network Security

13 Solve any example problem for Chinese remainder theorem and explain it.
Given in pdf
14 Explain Diffie Hellman key exchange algorithm steps and Solve the following q = 353, 𝜶 = 3 , XA = 97, XB =
233. Find YA, YBand shared secret key.

Given in pdf
15 Solve the following using RSA algorithm
p=3, q =11, e=7, M= 5 and write steps for solving
Given in pdf
16 Illustrate about RC4 algorithm and its features.
 RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security.
 It is a variable key-size stream cipher with byte-oriented operations.
 The algorithm is based on the use of a random permutation.
 Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100
 Eight to sixteen machine operations are required per output byte, and the cipher can be
 expected to run very quickly in software.
 RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport layer Security) standards that have been
defined for communication between Web browsers and servers.
 It is also used in the WEP (Wired Equivalent Privacy) protocol and the newer WiFi Protected
 Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard. RC4 was kept as a
trade
 secret by RSA Security.
 In September 1994, the RC4 algorithm was anonymously posted on the Internetm on the
Cypherpunks anonymous remailers list.
 The RC4 algorithm is remarkably simply and quite easy to explain.
 A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state
vector S, with elements S[0], S[1],..., S[255].
 At all times, S contains a permutation of all 8-bit numbers from 0 through 255.
 For encryption and decryption, a byte k is generated from S by selecting one of the 255 entries in a
systematic fashion.
INITIALIZATION OF S
 To begin, the entries of S are set equal to the values from 0 through 255 in ascending order; that is;
S[0] = 0, S[1] = 1,..., S[255] = 255.
 A temporary vector, T, is also created. If the length of the key K is 256 bytes, then K is transferred to
T.
 Otherwise, for a key of length keylen bytes, the first keylen elements of T are copied from K and then
K is repeated as many times as necessary to fill out T.

preliminary operations can be summarized as follows:

/* Initialization */
for i = 0 to 255 do
S [ i] = i;
T[i] = K[i mod keylen];
 Next we use T to produce the initial permutation of S.
 This involves starting with S[0] and going through to S[255], and, for each S[i], swapping S[i] with
another byte in S according to a scheme dictated by T[i]:
/* Initial Permutation of S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);

STREAM GENERATION
 Once the S vector is initialized, the input key is no longer used.
 Stream generation involves cycling through all the elements of S[i], and, for each S[i], swapping S[i]
with another byte in S according to a scheme dictated by the current configuration of S.
 After S[255] is reached, the process continues,
starting over again at S[0]:
/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
STRENGTH OF RC4
 A number of papers have been published analyzing methods of attacking RC4
 None of these approaches is practical against RC4 with a reasonable key length, such as 128 bits.
 The authors demonstrate that the WEP protocol, intended to provide confidentiality on 802.11
wireless LAN networks, is vulnerable to a particular attack approach.
 In essence, the problem is not with RC4 itself but the way in which keys are generated for use as
input to RC4.
 This particular problem does not appear to be relevant to other applications using RC4 and can be
remedied in WEP by changing the way in which keys are generated.
 This problem points out the difficulty in designing a secure system that involves both
cryptographic functions and protocols that make use of them.