Cryptology Exam - October 25, 2024

Questions and Answers

What is the formula used by the Affine cipher for encryption?

$c = jm + k$

$c = m + k \mod n$

$c = jm + k \mod n$ (correct)

$c = m \cdot j + k \mod n$

How many possible key values does the Affine cipher have?

12

312 (correct)

26

104

What should the approximate key length of the Vigenère cipher be for the English language, in bits?

15

16 (correct)

30

8

What is a necessary step in breaking the normal Vigenère cipher?

Identify the substitution key used for each letter

What does measuring redundancy in a language involve, specifically in written texts?

Calculating word frequency distributions

How many words are estimated to exist in the English language, relevant for the Vigenère cipher's key length?

30,000 to 100,000

Why is the quality of explanations considered in grading?

Because it shows a deeper understanding

What is the purpose of having a general-purpose dictionary during the exam?

To translate text without personal notes

What is the average entropy measured for long sequences of English text?

1 bit/letter

How does a stream cipher avoid the main drawback of one time padding?

By expanding a short secret key

How is perfect secrecy mathematically defined for a cryptosystem?

H(M | C) = H(M)

Why are real-world pseudo-random number generators (PRNGs) periodic?

They must be deterministic

What is the size |K| of the set of all possible keys k ∈ K for a generic block cipher?

(2n)!

What is the computational challenge of solving xe = c mod n compared to factoring n = pq?

They are equally hard

Which parameter is NOT typically chosen when setting up RSA?

Symmetric key k

What is a significant reason that makes generic block ciphers impractical?

Storage and communication costs are too high

What is the value of φ(n) when n = pq where p and q are large primes?

(p - 1)(q - 1)

Why is the knapsack problem considered insecure despite being NP-complete?

Constructing it from a superincreasing knapsack simplifies decryption.

What distinguishes a Message Authentication Code (MAC) from a digital signature?

MAC employs a symmetric key system, while a digital signature employs an asymmetric key system.

What best describes a blind signature?

A signature created without any knowledge of the message content by the signer.

How does Bob obtain a document signature from Alice using the RSA blind signature process?

By dividing the signed message by k after receiving it from Alice.

What is the primary difference between bit commitment and zero-knowledge schemes?

Bit commitment employs one-way functions, while zero-knowledge schemes use random commitments and challenges.

What role does random challenge play in zero-knowledge proof systems?

It prevents the verifier from gaining knowledge about the secret.

Why are digital signatures not considered to be zero-knowledge?

There is no random challenge or commitment in digital signatures.

Study Notes

Cryptology Exam - October 25, 2024

• Permitted Equipment: General-purpose dictionaries for English translations (no personal notes, formulas, or external help)

• Solutions: Posted on Lisam after the exam

• Grading: Minimum points for grades 3, 4, and 5 are 13, 19, and 27, respectively, out of a total of 39 points. Numeric grades are converted to ECTS grades.

• Examiner Visit: Examiner will answer questions in exam rooms around 3 PM.

• Other Information: Answers can be in English. Explanation quality affects grading. Keep answers concise.

Question 1: Principles and History

• (a) Affine Cipher: An encryption method using a modular arithmetic formula (c = jm + k (mod n)). Has 312 possible key values.

• (b) Vigenère Cipher Key Length: Should be the length of an English word (approximately 15-16 bits, depending on source data).

• (c) Breaking Vigenère: The method involves finding the keyword length using greatest common divisor (GCD) of distances between repeated characters. This then reveals the Caesar cipher used for each letter, determined via single-character statistics for each substitution to deduce the key.

Question 2: Foundations and Basic Theory, Stream Ciphers, RNGs

• (a) Language Redundancy: Measured as average entropy per letter in long sequences (approximately 1 bit/letter).

• (b) Stream Cipher Drawback: OTP (one time pad) drawbacks are avoided in stream ciphers by expanding a short secret key using a public key expansion process (reducing secure-channel transmission length).

• (c) Perfect Secrecy: Defined mathematically as H(M|C) = H(M) where M is plaintext and C is ciphertext.

Question 3: Block Ciphers

• (a) Block Cipher Key Size: (2ⁿ)! is the extremely large number of permutations, which is impractical for generic block ciphers.

Question 4: Public Key Principles, One-Way Functions, RSA & Knapsack, Diffie-Hellman, ElGamal

• (a) Computational Hardness Comparison: Factoring n = pq and computing x^e = c (mod n) are equally hard problems, proven using the Chinese Remainder Theorem.

• (b) RSA Parameters: Chosen as prime numbers p and q (n= pq), $φ(n) = (p-1)(q-1)$, prime e such that gcd(e, φ(n)) = 1 and d such that ed≡ 1 (mod $φ(n)$).

• (c) Knapsack Problem: The knapsack problem is NP-complete but becomes significantly easier if a superincreasing one maps to superincreasing knapsack.

Question 5: Message Authentication and Digital Signatures

• (a) MAC vs. Digital Signature: Message Authentication Code (MAC) uses symmetric cryptography, while digital signatures use asymmetric cryptography.

• (b) Blind Signature: A signature created for a message with unknown content, shielding the message's content from the signature creator.

Question 6: Bit Commitment, Zero Knowledge, Secret Sharing, Games over the Phone

• (a) Bit Commitment vs. Zero Knowledge: Bit commitment uses one-way functions; zero-knowledge schemes use random commitment and random challenges.
• (b) Coin Tossing/Poker: Bit commitment ensures a fair game.
• (c) Digital Signatures and Zero Knowledge: Digital signatures lack random challenges and commitment features, thus not a zero-knowledge scheme.

Question 7: Post-Quantum Cryptography

• (a) Post-Quantum Cryptography: Cryptosystems based on lattice problems to avoid quantum computer attacks are called post-quantum.RSA is not post-quantum because factoring is vulnerable to quantum algorithms

• (b) SIS Acronym: Short Integer Solution.

• (c) SIS Hash Function Definition (missing): Not Provided.

Question 8 (Page 5): LWE and McEliece

• (a) Security Sources: Both depend on decoding general linear codes. McEliece relies heavily on the code family selection; LWE on the other hand, employs randomness in the code selection.

Description

Prepare for your upcoming Cryptology exam with this focused quiz covering key concepts like the Affine and Vigenère ciphers. Understand the principles and history behind these encryption methods to excel in your exam. Good luck!