Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

CS 127: Introduction to Cryptography Quiz I Practice Problems, Exams of Cryptography and System Security

University of Notre DameCryptography and System Security

Harvard University. Salil Vadhan. CS 127: Introduction to Cryptography. Quiz I Practice Problems. September 29, 2013.

Typology: Exams

2022/2023

Uploaded on 05/11/2023

salim
salim 🇺🇸

4.4

(24)

243 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Harvard University Salil Vadhan
CS 127: Introduction to Cryptography
Quiz I Practice Problems
September 29, 2013
Justify all of your answers. This also applies to questions which are not purely mathematical,
for which you should back up your answers with mathematical explanations. You may assume all
results proven (or stated as a fact) in class or on the problem sets. This set of practice problems is
roughly twice the length of the actual quiz.
Problem 1.
1. State the denition of the one-time pad encryption scheme for
n
-bit messages. Your speci-
cation should include: the message space, the ciphertext space, the key space, and functions
Gen
,
Enck
and
Deck
.
2. Why is the one-time pad not commonly used in practice?
Problem 2. (KL exercise 2.6, modied)
When using the one-time pad with the key
0n
,
the entire message is sent in the clear. It has therefore been suggested that the one-time pad
be modied by only encrypting with keys
k6= 0n
chosen uniformly at random. Is the resulting
scheme still perfectly secret? What is the smallest
ε0
for which this scheme has statistically
ε
-indistinguishable encryptions? Would we want to make such a modication in practice?
Problem 3.
For each of the following, answer whether it is TRUE or FALSE for each of the
notions of perfect secrecy, statistical security, and computational security.
1. Assumes an adversary with limited computation time
2. Provides privacy for each individual bit of a message
3. May allow an adversary to break the scheme with some small probability
4. Is achievable assuming
P6=NP
Problem 4.
Each day, a satellite sends a single encrypted message back to Earth using a 128-
bit one-time pad, with a fresh key for each day. Each message consists of a 64-bit timestamp
(the number of seconds since 1970 in binary) and a 64-bit payload (the satellite's current sensor
readings). A hacker claims that, by listening in on the communication, she is able to determine 10
bits of the given day's 128-bit message. Is the hacker's claim plausible? Does the scheme satisfy
our denition of perfect secrecy?
Problem 5. (KL exercise 3.7)
Show that if
G
is not a pseudorandom generator, then
Enck(m) =
G(k)m
does not have indistinguishable encryptions.
1
pf2

Partial preview of the text

Download CS 127: Introduction to Cryptography Quiz I Practice Problems and more Exams Cryptography and System Security in PDF only on Docsity!

Harvard University Salil Vadhan

CS 127: Introduction to Cryptography

Quiz I Practice Problems

September 29, 2013

Justify all of your answers. This also applies to questions which are not purely mathematical, for which you should back up your answers with mathematical explanations. You may assume all results proven (or stated as a fact) in class or on the problem sets. This set of practice problems is roughly twice the length of the actual quiz.

Problem 1.

  1. State the denition of the one-time pad encryption scheme for n-bit messages. Your speci- cation should include: the message space, the ciphertext space, the key space, and functions Gen, Enck and Deck.
  2. Why is the one-time pad not commonly used in practice?

Problem 2. (KL exercise 2.6, modied) When using the one-time pad with the key 0 n, the entire message is sent in the clear. It has therefore been suggested that the one-time pad be modied by only encrypting with keys k 6 = 0n^ chosen uniformly at random. Is the resulting scheme still perfectly secret? What is the smallest ε ≥ 0 for which this scheme has statistically ε-indistinguishable encryptions? Would we want to make such a modication in practice?

Problem 3. For each of the following, answer whether it is TRUE or FALSE for each of the notions of perfect secrecy, statistical security, and computational security.

  1. Assumes an adversary with limited computation time
  2. Provides privacy for each individual bit of a message
  3. May allow an adversary to break the scheme with some small probability
  4. Is achievable assuming P 6 = NP

Problem 4. Each day, a satellite sends a single encrypted message back to Earth using a 128- bit one-time pad, with a fresh key for each day. Each message consists of a 64-bit timestamp (the number of seconds since 1970 in binary) and a 64-bit payload (the satellite's current sensor readings). A hacker claims that, by listening in on the communication, she is able to determine 10 bits of the given day's 128-bit message. Is the hacker's claim plausible? Does the scheme satisfy our denition of perfect secrecy?

Problem 5. (KL exercise 3.7) Show that if G is not a pseudorandom generator, then Enck(m) = G(k) ⊕ m does not have indistinguishable encryptions.

Problem 6.

  1. Give the denition of a pseudorandom generator.
  2. Suppose G : { 0 , 1 }∗^ → { 0 , 1 }∗^ is a pseudorandom generator. Which of the following G′^ is necessarily a pseudorandom generator for every pseudorandom generator G? Justify your answer (e.g., by a reducibility argument or a counterexample).

(a) G′(x) = G(x)b(x), where b(x) is the XOR of all the bits of G(x). (b) G′(x) = G(x 0 |x|). (c) G′(x) = the rst |x| + 1 bits of G(x)