This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Computer Science and Engineering, UCSD Spring 11 CSE 207: Modern Cryptography Instructor: Mihir Bellare Problem Set 1 March 28, 2011 Problem Set 1 Due: Wednesday April 6, 2011, in class. Problem 1. [30 points] Let K be a 56bit DES key, let L be a 64bit string, and let M be a 64bit plaintext. Let DESY ( K bardbl L,M ) = DES ( K,L M ) DESW ( K bardbl L,M ) = L DES ( K,M ) . This defines block ciphers DESY , DESW : { , 1 } 120 { , 1 } 64 { , 1 } 64 . Present the best possible keyrecovery attacks that you can on these block ciphers. Your attacks should use very few inputoutput examples, not more than three. State the running time of your attacks. Problem 2. [50 points] The goal of a keysearch attack (such as exhaustive key search) is to find the target key, but, as discussed in the notes and in class, such an attack might find a key that is consistent with the inputoutput examples but is not the target key. We glossed over this, saying it usually does not happen. This problem gives a sense of how cryptographers arrive at this type of conclusion and estimate what usually means. We use what is called the ideal cipher model. Let k,n 1 be integers. Let K = 2 k and N = 2 n and let T 1 ,...,T K be some enumeration of the elements of { , 1 } k . We consider a thought experiment in which a block cipher is chosen at random. By this we mean that for each keyin which a block cipher is chosen at random....
View
Full
Document
This note was uploaded on 08/31/2011 for the course CSE 207 taught by Professor Daniele during the Winter '08 term at UCSD.
 Winter '08
 daniele
 Computer Science

Click to edit the document details