1. (a) Explain how a block of plaintext is encrypted using a substitution-permutation
network, describing each of the components and explaining their role. Name a
standard cipher for private key encryption based on a substitution-permutation
network. [6]
(b) Describe in detail how you would mount an attack on an SPN using differential
cryptanalysis, explaining the goal of the attack, the resources required, the the
weakness it exploits, the algorithm used and why it is correct, and its data
complexity. [10]
(c) Explain why it is necessary to use a block cipher with a secure mode of operation.
Describe a mode of operation which can be used to create a stream cipher. [4]
2. (a) Define the notion of unkeyed cryptographic hash function. Give two applications for
such a function, explaining the security properties it provides and why it provides
them in each case. [5]
(b) What is a collision for a hash function? Give the storage and processing complexity
of a birthday attack for finding collisions, explaining your answer. [6]
(c) What is a message authentication code? Describe the cipher-block-chaining mode
of operation and how it is used to create a MAC. Alice uses CBC-MAC to create an
unkeyed hash function by publishing the key (she doesn’t use this for encryption).
Is this secure? Explain your answer. [9]
3. (a) Alice wants to allow Bob to communicate with her using RSA encryption. What
information does she send to him, what does she keep secret, and how is it computed
(state any algorithms used)? How can Bob use it to encrypt his plaintext, and how
will Alice decrypt Bob’s ciphertext? Show that decryption returns the original
plaintext. [8]
(b) State the Chinese Remainder Theorem. Explain why it is useful in RSA decryption,
and how it can be used to recover a plaintext which has been encrypted for several
principals using a single, small exponent. [7]
(c) Alice and Bob are assigned RSA keys with the same modulus of encryption n, but
coprime encryption exponents e1 and e2. Charlie sends them encryptions of the
same plaintext. Explain how an attacker can easily recover it without their private
keys. [5]
Page 2 of 3 CM30173
4. (a) Alice and Bob agree to establish a session key using Diffie-Helman key exchange,
based on the multiplicative group of integers modulo 23, with generator 5. If Alice
chooses the secret value 2, and Bob the secret value 10, what values will they send
to each other, and what will their shared secret be? How could an attacker able to
find discrete logarithms discover this secret? How could an attacker read messages
between Alice and Bob without discovering their shared secret? [8]
(b) Explain how the assumed difficulty of finding discrete logarithms may be used to
authenticate a message, giving details of any operations used. [4]
(c) Describe the index calculus method for computing discrete logarithms, explaining
how to collect linear relations for a factor base and use them to find discrete
logarithms. Is the index calculus method applicable in all groups (if not, why not)?
[8]
JDL/RJB Page 3 of 3 CM30173