1、本资源来自数缘社区 http:/:81 欢迎来到数缘社区。本社区是一个高等数学及密码学的技术性论坛,由山东大学数学院研究生创办。在这里您可以尽情的遨游数学的海洋。作为站长,我诚挚的邀请您加入,希望大家能一起支持发展我们的论坛,充实每个版块。把您宝贵的资料与大家一起分享! 数学电子书库 每天都有来源于各类网站的与数学相关的新内容供大家浏览和下载,您既可以点击左键弹出网页在线阅读,又可以点右键选择下载。现在书库中藏书 1000 余本。如果本站没有您急需的电子书,可以发帖说明,我们有专人负责为您寻找您需要的电子书。 密码学论文库 国内首创信息安全专业的密码学论文库,主要收集欧密会(Eurocrypt
2、)、美密会(Crypto)、亚 密 会(Asiacrypt)等国内外知名论文。现在论文库中收藏论文4000余篇(包括论文库版块700余篇、论坛顶部菜单“密码学会议论文集”3000 余篇)。如果本站没有您急需的密码学论文,可以发帖说明,我们有专人负责为您寻找您需要的论文。 提示:本站已经收集到 19812003 年欧密会、美密会全部论文以及 1997 年2003 年五大会议全部论文(欧密会、美密会、亚密会、PKC、FSE)。 数学综合讨论区 论坛管理团队及部分会员来源于山东大学数学院七大专业(基础数学、应用数学、运筹学、控制论、计算数学、统计学、信息安全),在数学方面均为思维活跃、成绩优秀的研究
3、生,相信会给您的数学学习带来很大的帮助。 密码学与网络安全 山东大学数学院的信息安全专业师资雄厚,前景广阔,具有密码理论、密码技术与网络安全技术三个研究方向。有一大批博士、硕士及本科生活跃于本论坛。本版块适合从事密码学或网络安全方面学习研究的朋友访问。 网络公式编辑器 数缘社区公式编辑器采用Latex语言,适用于任何支持图片格式的论坛或网页。在本论坛编辑好公式后,您可以将自动生成的公式图片的链接直接复制到你要发的帖子里以图片的形式发表。 如果您觉得本站对您的学习和成长有所帮助,请把它添加到您的收藏夹。如果您对本论坛有任何的意见或者建议,请来论坛留下您宝贵的意见。 附录A:本站电子书库藏书目录
4、http:/:81/bbs/dispbbs.asp?boardID=18 Other Public-Key Cryptosystems.42Chapter 11: Message Authentication and Hash Functions .45Chapter 12: Hash and MAC Algorithms48Chapter 13: Digital Signatures and Authentication Protocols50Chapter 14: Authentication Applications 54Chapter 15: Electronic Mail Secur
5、ity 57Chapter 16: IP Security .60Chapter 17: Web Security.65Chapter 18: Intruders68Chapter 19: Malicious Software.72Chapter 20: Firewalls 74-3-NOTICEThis manual contains solutions to all of the review questions andhomework problems in Cryptography and Network Security, Third Edition. Ifyou spot an e
6、rror in a solution or in the wording of a problem, I wouldgreatly appreciate it if you would forward the information via email tome at . An errata sheet for this manual, if needed, isavailable at ftp:/ TO QUESTIONS2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.2.2
7、Permutation and substitution.2.3 One key for symmetric ciphers, two keys for asymmetric ciphers.2.4 A stream cipher is one that encrypts a digital data stream one bit or one byte at atime. A block cipher is one in which a block of plaintext is treated as a whole andused to produce a ciphertext block
8、 of equal length.2.5 Cryptanalysis and brute force.2.6 Ciphertext only. One possible attack under these circumstances is the brute-forceapproach of trying all possible keys. If the key space is very large, this becomesimpractical. Thus, the opponent must rely on an analysis of the ciphertext itself,
9、generally applying various statistical tests to it. Known plaintext. The analyst maybe able to capture one or more plaintext messages as well as their encryptions.With this knowledge, the analyst may be able to deduce the key on the basis of theway in which the known plaintext is transformed. Chosen
10、 plaintext. If the analystis able to choose the messages to encrypt, the analyst may deliberately pickpatterns that can be expected to reveal the structure of the key.2.7 An encryption scheme is unconditionally secure if the ciphertext generated by thescheme does not contain enough information to de
11、termine uniquely thecorresponding plaintext, no matter how much ciphertext is available. Anencryption scheme is said to be computationally secure if: (1) the cost of breakingthe cipher exceeds the value of the encrypted information, and (2) the timerequired to break the cipher exceeds the useful lif
12、etime of the information.2.8 The Caesar cipher involves replacing each letter of the alphabet with the letterstanding k places further down the alphabet, for k in the range 1 through 25.2.9 A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertextalphabet, so that each letter of
13、 the plaintext alphabet maps to a single unique letterof the ciphertext alphabet.2.10 The Playfair algorithm is based on the use of a 5 5 matrix of letters constructedusing a keyword. Plaintext is encrypted two letters at a time using this matrix.2.11 A polyalphabetic substitution cipher uses a sepa
14、rate monoalphabetic substitutioncipher for each successive letter of plaintext, depending on a key.CHAPTER 2CLASSICAL ENCRYPTION TECHNIQUES-5-2.12 1. There is the practical problem of making large quantities of random keys. Anyheavily-used system might require millions of random characters on a regu
15、larbasis. Supplying truly random characters in this volume is a significant task.2. Even more daunting is the problem of key distribution and protection. For everymessage to be sent, a key of equal length is needed by both sender and receiver.Thus, a mammoth key distribution problem exists.2.13 A tr
16、ansposition cipher involves a permutation of the plaintext letters.2.14 Steganography involves concealing the existence of a message.ANSWERS TO PROBLEMS2.1 A good glass in the Bishops hostel in the Devils seattwenty-one degrees andthirteen minutesnortheast and by northmain branch seventh limb eastsi
17、deshoot from the left eye of the deaths head a bee line from the tree throughthe shot fifty feet out. (from The Gold-Bug, by Edgar Allan Poe)2.2 a. The first letter t corresponds to A, the second letter h corresponds to B, e is C, sis D, and so on. Second and subsequent occurrences of a letter in th
18、e keysentence are ignored. The resultciphertext: SIDKHKDM AF HCRKIABIE SHIMC KD LFEAILAplaintext: basalisk to leviathan blake is contactb. It is a monalphabetic cipher and so easily breakable.c. The last sentence may not contain all the letters of the alphabet. If the firstsentence is used, the seco
19、nd and subsequent sentences may also be used untilall 26 letters are encountered.2.3 The cipher refers to the words in the page of a book. The first entry, 534, refers topage 534. The second entry, C2, refers to column two. The remaining numbers arewords in that column. The names DOUGLAS and BIRLSTO
20、NE are simply wordsthat do not appear on that page. Elementary! (from The Valley of Fear, by Sir ArthurConan Doyle)2.4 SPUTNIK2.5 25! 2842.6 a. We need an even number of letters, so append a “q“ to the end of the message.Then convert the letters into the corresponding alphabetic positions:m e e t m
21、e a t t h e u s u a l13 5 5 20 13 5 1 20 20 8 5 21 19 21 1 12p l a c e a t t e n r a t h e r16 12 1 3 5 1 20 20 5 14 18 1 20 8 5 18t h a n e i g h t o c l o c k q20 8 1 14 5 9 7 8 20 15 3 12 15 3 11 17-6-The calculations proceed two letters at a time. The first pair: C12 =9457 135 mod26=137100 mod26
22、=722 The first two ciphertext characters are alphabetic positions 7 and 22, whichcorrespond to GV. The complete ciphertext:GVUIGVKODZYPUHEKJHUZWFZFWSJSDZMUDZMYCJQMFWWUQRKRb. We first perform a matrix inversion. Note that the determinate of the encryptionmatrix is (9 7) (4 5) = 43. Using the matrix i
23、nversion formula from thebook: 9457 -1=1437-4-59 mod26=237-4-59 mod26=161-92-1159 mod26=5121525 Here we used the fact that (43)1= 23 in Z26. Once the inverse matrix has beendetermined, decryption can proceed. Source: LEWA00.2.7 Consider the matrix K with elements kijto consist of the set of column v
24、ectors Kj,where:K =k11L k1nM M Mkn1L knn andKj=k1jMknj The ciphertext of the following chosen plaintext n-grams reveals the columns of K:(B, A, A, , A, A) K1(A, B, A, , A, A) K2:(A, A, A, , A, B) Kn2.8 PT BOAT ONE OWE NINE LOST IN ACTION IN BLACKETT STRAIT TWOMILES SW MERESU COVE X CREW OF TWELVE X
25、REQUEST ANYINFORMATION2.9 a.s e n d m o r e m o n e y18 4 13 3 12 14 17 4 12 14 13 4 249 0 1 7 23 15 21 14 11 11 2 8 91 4 14 10 9 3 12 18 23 25 15 12 7B E C K J D M S X Z P M Hb.-7-c a s h n o t n e e d e d2 0 18 7 13 14 19 13 4 4 3 4 325 4 22 3 22 15 19 5 19 21 12 8 41 4 14 10 9 3 12 18 23 25 15 12
26、 7B E C K J D M S X Z P M H2.10 your package ready Friday 21st room three Please destroy this immediately.2.11 a. Lay the message out in a matrix 8 letters across. Each integer in the key tellsyou which letter to choose in the corresponding row. Result:He sitteth between the cherubims. The isles may
27、 be gladthereof. As the rivers in the south.b. Quite secure. In each row there is one of eight possibilities. So if the ciphertextis 8n letters in length, then the number of possible plaintexts is 8n.c. Not too secure. Lord Peter figured it out. (from The Nine Tailors)-8-ANSWERS TO QUESTIONS3.1 Most
28、 symmetric block encryption algorithms in current use are based on the Feistelblock cipher structure. Therefore, a study of the Feistel structure reveals theprinciples behind these more recent ciphers.3.2 A stream cipher is one that encrypts a digital data stream one bit or one byte at atime. A bloc
29、k cipher is one in which a block of plaintext is treated as a whole andused to produce a ciphertext block of equal length.3.3 If a small block size, such as n = 4, is used, then the system is equivalent to aclassical substitution cipher. For small n, such systems are vulnerable to a statisticalanaly
30、sis of the plaintext. For a large block size, the size of the key, which is on theorder of n 2n, makes the system impractical.3.4 In a product cipher, two or more basic ciphers are performed in sequence in such away that the final result or product is cryptographically stronger than any of thecompon
31、ent ciphers.3.5 In diffusion, the statistical structure of the plaintext is dissipated into long rangestatistics of the ciphertext. This is achieved by having each plaintext digit affect thevalue of many ciphertext digits, which is equivalent to saying that each ciphertextdigit is affected by many p
32、laintext digits. Confusion seeks to make the relationshipbetween the statistics of the ciphertext and the value of the encryption key ascomplex as possible, again to thwart attempts to discover the key. Thus, even if theattacker can get some handle on the statistics of the ciphertext, the way in whi
33、ch thekey was used to produce that ciphertext is so complex as to make it difficult todeduce the key. This is achieved by the use of a complex substitution algorithm.3.6 Block size: Larger block sizes mean greater security (all other things being equal)but reduced encryption/decryption speed. Key si
34、ze: Larger key size means greatersecurity but may decrease encryption/decryption speed. Number of rounds: Theessence of the Feistel cipher is that a single round offers inadequate security butthat multiple rounds offer increasing security. Subkey generation algorithm:Greater complexity in this algor
35、ithm should lead to greater difficulty ofcryptanalysis. Round function: Again, greater complexity generally means greaterresistance to cryptanalysis. Fast software encryption/decryption: In many cases,encryption is embedded in applications or utility functions in such a way as topreclude a hardware
36、implementation. Accordingly, the speed of execution of thealgorithm becomes a concern. Ease of analysis: Although we would like to makeour algorithm as difficult as possible to cryptanalyze, there is great benefit inmaking the algorithm easy to analyze. That is, if the algorithm can be concisely and
37、CHAPTER 3BLOCK CIPHERS AND THE DATA ENCRYPTIONSTANDARD-9-clearly explained, it is easier to analyze that algorithm for cryptanalyticvulnerabilities and therefore develop a higher level of assurance as to its strength.3.7 The S-box is a substitution function that introduces nonlinearity and adds to t
38、hecomplexity of the transformation.3.8 The avalanche effect is a property of any encryption algorithm such that a smallchange in either the plaintext or the key produces a significant change in theciphertext.3.9 Differential cryptanalysis is a technique in which chosen plaintexts with particularXOR
39、difference patterns are encrypted. The difference patterns of the resultingciphertext provide information that can be used to determine the encryption key.Linear cryptanalysis is based on finding linear approximations to describe thetransformations performed in a block cipher.3.10 In some modes, the
40、 plaintext does not pass through the encryption function, but isXORed with the output of the encryption function. The math works out that fordecryption in these cases, the encryption function must also be used.ANSWERS TO PROBLEMS3.1 a. This adds nothing to the security of the algorithm. There is a o
41、ne-to-onereversible relationship between the 10-bit key and the output of the P10function. If we consider the output of the P10 function as a new key, then thereare still 210different unique keys.b. By the same reasoning as (a), this adds nothing to the security of the algorithm.3.2 s = wxyz + wxy +
42、 wyz + wy + wz + yz + w + x + zt = wxz + wyz + wz + xz + yz + w + y3.3 OK3.4-10-0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 150 1 2 3 4 5 6 7 8 9 10 11 12 13 14 153.5 Let S2nbe the set of permutations on 0, 1, . . ., 2n 1, which is referred to as thesymmetric group on 2nobjects, and let N = 2n. For 0 i N, le
43、t Aibe all mappingsp S2mfor which pi(i) = i. It follows that |Ai| = (N 1)! and I1i kAi= (N k)!. Theinclusion-exclusion principle states thatPr(no fixed points in pi) = 1N!Nk N - k( )! -1( )kk =0N= -1( )kk !k =0N= 1 1 + 1/2! 1/3! + . . . + (1)N 1/N!= e1+ O1N! Then since e1 0.368, we find that for eve
44、n small values of N, approximately37% of permutations contain no fixed points.3.6 a. We need only determine that probability that for the remaining N t plaintextsPi, EKPi EKPi. But EKPi = EKPi for all the remaining Piwith probability 1 1/(N t)!.b. Without loss of generality we may assume the EKPi =
45、Pisince EK() is takenover all permutations. It then follows that we seek the probability that apermutation on N t objects has exactly t fixed points, which would be theadditional t points of agreement between EK() and EK(). But a permutationon N t objects with t fixed points is equal to the number o
46、f ways t out of N tobjects can be fixed, while the remaining N t t are not fixed. Then usingProblem 3.4 we have that-11-Pr(t additional fixed points) =N -tt Pr(no fixed points in N t t objects)= 1t( )!-1( )kk!k =0N- t- tWe see that this reduces to the solution to part (a) when t = N t.3.7 a. First,
47、pass the 64-bit input through PC-1 (Table 3.4a) to produce a 56-bit result.Then perform a left circular shift separately on the two 28-bit halves. Finally,pass the 56-bit result through PC-2 (Table 3.4b) to produce the 48-bit K1.:in binary notation: 0000 1011 0000 0010 0110 01111001 1011 0100 1001 1
48、010 0101in hexadecimal notation: 0 B 0 2 6 7 9 B 4 9 A 5b. L0, R0are derived by passing the 64-plaintext through IP (Table 3.2a):L0= 1100 1100 0000 0000 1100 1100 1111 1111R0= 1111 0000 1010 1010 1111 0000 1010 1010c. The E table (Table 3.2c) expands R0to 48 bits:E(R0) = 01110 100001 010101 010101 011110 100001 010101 010101d. A = 011100 010001 011100 110010 111000 010101 110011 110000e. S100(1110) = S10(14) = 0 (base 10) = 0000 (base 2) S201(1000) = S2(8) = 12 (base 10) = 1100 (base 2) S300(1110
