{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

CSE207 - Computer Science and Engineering UCSD CSE 207...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Computer Science and Engineering, UCSD Spring 11 CSE 207: Modern Cryptography Instructor: Mihir Bellare Problem Set 1 March 28, 2011 Problem Set 1 Due: Wednesday April 6, 2011, in class. Problem 1. [30 points] Let K be a 56-bit DES key, let L be a 64-bit string, and let M be a 64-bit plaintext. Let DESY ( K bardbl L,M ) = DES ( K,L M ) DESW ( K bardbl L,M ) = L DES ( K,M ) . This defines block ciphers DESY , DESW : { 0 , 1 } 120 ×{ 0 , 1 } 64 →{ 0 , 1 } 64 . Present the best possible key-recovery attacks that you can on these block ciphers. Your attacks should use very few input-output examples, not more than three. State the running time of your attacks. Problem 2. [50 points] The goal of a key-search attack (such as exhaustive key search) is to find the target key, but, as discussed in the notes and in class, such an attack might find a key that is consistent with the input-output examples but is not the target key. We glossed over this, saying it “usually” does not happen. This problem gives a sense of how cryptographers arrive at this type of conclusion and estimate what “usually” means. We use what is called the ideal cipher model. Let k,n 1 be integers. Let K = 2 k and N = 2 n and let T 1 ,...,T K be some enumeration of the elements of { 0 , 1 } k . We consider a thought experiment in which a block cipher is chosen at random. By this we mean that for each key T
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}