

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Harvard University. Salil Vadhan. CS 127: Introduction to Cryptography. Quiz I Practice Problems. September 29, 2013.
Typology: Exams
1 / 2
This page cannot be seen from the preview
Don't miss anything!
Harvard University Salil Vadhan
September 29, 2013
Justify all of your answers. This also applies to questions which are not purely mathematical, for which you should back up your answers with mathematical explanations. You may assume all results proven (or stated as a fact) in class or on the problem sets. This set of practice problems is roughly twice the length of the actual quiz.
Problem 1.
Problem 2. (KL exercise 2.6, modied) When using the one-time pad with the key 0 n, the entire message is sent in the clear. It has therefore been suggested that the one-time pad be modied by only encrypting with keys k 6 = 0n^ chosen uniformly at random. Is the resulting scheme still perfectly secret? What is the smallest ε ≥ 0 for which this scheme has statistically ε-indistinguishable encryptions? Would we want to make such a modication in practice?
Problem 3. For each of the following, answer whether it is TRUE or FALSE for each of the notions of perfect secrecy, statistical security, and computational security.
Problem 4. Each day, a satellite sends a single encrypted message back to Earth using a 128- bit one-time pad, with a fresh key for each day. Each message consists of a 64-bit timestamp (the number of seconds since 1970 in binary) and a 64-bit payload (the satellite's current sensor readings). A hacker claims that, by listening in on the communication, she is able to determine 10 bits of the given day's 128-bit message. Is the hacker's claim plausible? Does the scheme satisfy our denition of perfect secrecy?
Problem 5. (KL exercise 3.7) Show that if G is not a pseudorandom generator, then Enck(m) = G(k) ⊕ m does not have indistinguishable encryptions.
Problem 6.
(a) G′(x) = G(x)b(x), where b(x) is the XOR of all the bits of G(x). (b) G′(x) = G(x 0 |x|). (c) G′(x) = the rst |x| + 1 bits of G(x)