互联网信息安全第二次作业

Internet Security, Principles and Practices Homework Assignment #2 03-31-2012 1 John K. Zao

Secret and Public Key Cryptography

1. How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block? [Kaufman §3.3] (10 pts.)

Since a DES plaintext block has 64 bits but a DES key has only 56 bits, on the average each plaintext has only a fractional share of a DES key: Key Share = 256 / 264 = 2-8 = 1/256. Note: this fractional key share is regarded as one of the weakness of DES algorithm.

由于DES文本块有64位，但是DES密钥仅仅有56位，平均来讲每个文本块只占一小部分,大约是256分之一，注意：部分密钥被当做是DES的算法弱点。

2. Suppose the DES mangler function mapped every 32-bit value to zero, regardless of the value of its input. What function would DES then compute? [Kaufman §

3.5] (10 pts.)

If the mangler function in DES [as shown] produces only zeros then each DES round is reduced to a swapping of upper/lower 32-bit fragments:

L(i) = R(i-1)

R(i) = L(i-1)

With 16 (even number) rounds plus initial and final permuta-tions (which cancel each other), this modified DES is equivalent to an identity function, which causes no change to the input.

如果DES的混乱功能仅仅产生0那么每一轮的DES将被简化至仅仅交换大写和小写的32

位碎片。

随着16轮初始到最终的交换，修改后的DES是等价于一个恒等功能，相当于和输入一致。

3. It is said that the initial and final permutations of all 64 bits in DES operation do not enhance the cryptographic strength of the encryption algorithm. Could you provide an explanation without using sophisticated mathematics? (10 pts.)

有一种说法是最初和最后的所有64位的排列并没有增加加密算法的强度，你能简单说明下为什么？请不要使用复杂的数学理论。

The initial permutation is a one-to-one and onto mapping that converts one plaintext block to another. Hence, its effect is equivalent to feeding one plaintext instead of another into the crypto algorithm. Such an action does not increase the security of the algorithm.

这最初的排列是一个一对一的满映射将文本块进行转换，它的作用只是文本的简单替换，这样的操作并不能增加算法的安全性。

Compute the number of 64-bit encryption operations performed for an n bit plaintext using CBC, k-bit OFB and k-bit CFP. Count all encryption operations, not just operations performed on the plaintext itself. (10 pts.)

对一个64位的文本使用CBC，K-bit OFB, k-bit CFP等加密，请写出相关计算，而不仅仅是针对文本本身的计算。

CBC → Ceiling of (n/64)

k-bit OFB → Ceiling of (n/k)

k-bit CFP → Ceiling of (n/k)

5. Reverse the order of XOR-ing and encryption in CBC encryption [Kaufman, Fig. 4-5,

p.98] , i.e., c1 is computed as E(m1) xor IV. Does this work? Does it matter? Justify your answer using the vulnerabilities and issues identified in the book and in class. (10 pts.)

颠倒CBC加密的XOR顺序。

Exchange of XOR and encryption will greatly compromise the security of block chaining operation!

交换XOR加密随按发会显著降低块链接操作的安全性。

Note that both IV and cipher text blocks can be observed by the adversaries. If one reverses the order of XOR and encryption in CBC, then this block chaining operation can be reduced

to Electronic Cookbook (ECB) mode by simply performing c i c i-1.

请注意IV和密码文本块能够被外界获取到，如果有人交换了CBC的XOR顺序，然后这个文本块会被简化至ECB模式仅仅通过简单的Ci和Ci-1.

6. What pseudo-random bit stream is generated by 64-bit OFB with a weak DES key? (10 pts.) Note: please refer to Kaufman §3.3.6 for the definition of weak key.

使用一个弱的DES秘钥会产生怎样的伪随机数据流？

Because of the special property of DES weak keys (w): E w (E w (m)) = m, the bit stream generated will be repetitive alterations of IV and E w (IV).

由于DES的弱秘钥的特殊属性：Ew(Ew(m))=m, 这样产生的数据流将会在IV和Ew(IV)之间循环。

7. Given m and n are two positive integers, show that m/gcd(m,n) and n/gcd(m,n) are relatively prime by using Euclid’s algorithm. [Kaufman §7.1] (10 pts.)