Untitled
CM30173: Example sheet 4
13th February
All questions relate to lecture 5. Please note the directed reading set at the end of lecture 5.
1. Consider the four modes of operation available for use with DES. Alice and Bob share a
key k. Alice encrypts a message of multiple blocks with k and sends it to Bob. Oscar is
listening on the unsecured channel.
If an initialisation vector (IV) is required Alice will generate a random number of the
appropriate length to use as the IV and transmit this with the ciphertext.
Writing brief notes, assess each of the modes for the following:
(a) How is decryption achieved in this mode?
(b) Are ciphertext blocks independent?
(c) Can patterns and repetitions in the plaintext be seen in the ciphertext?
(d) Can Oscar alter the order of ciphertext blocks, without detection, resulting in a
plaintext consisting of the plaintext blocks in a different order?
(e) If an IV is used is it necessary to change it for each new encryption? If not, is it
useful to change it?
(f) Assume Oscar has a known plaintext-ciphertext pair encrypted with k, can he pre-
tend to be Alice by “replaying” parts of this message? Will Bob accept that these
originate from Alice?
(g) Do errors propagate, that is, how many blocks are affected by a single bit flip during
transmission of a ciphertext block?
(h) Can we pre-process or work in parallel to produce the ciphertext?
In the above scenario Oscar can alter the IV. What risks does this bring? How can we
protect against this?
2. The complementation property: Let ek(x) denote encryption with DES using key k.
If y = ek(x) then ȳ = ek̄(x̄) where ā denotes the bitwise complement of a.
Explain why this is the case.
3. Work out the details of the meet in the middle attack on double-DES (2DES) and
thus the
• data complexity,
• processing complexity and
• storage complexity.
What is the cost of the attack?