Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CS 127: Introduction to Cryptography Quiz I Practice Problems, Exams of Cryptography and System Security

Harvard University. Salil Vadhan. CS 127: Introduction to Cryptography. Quiz I Practice Problems. September 29, 2013.

Typology: Exams

2022/2023

Uploaded on 05/11/2023

salim
salim 🇺🇸

4.4

(24)

243 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Harvard University Salil Vadhan
CS 127: Introduction to Cryptography
Quiz I Practice Problems
September 29, 2013
Justify all of your answers. This also applies to questions which are not purely mathematical,
for which you should back up your answers with mathematical explanations. You may assume all
results proven (or stated as a fact) in class or on the problem sets. This set of practice problems is
roughly twice the length of the actual quiz.
Problem 1.
1. State the denition of the one-time pad encryption scheme for
n
-bit messages. Your speci-
cation should include: the message space, the ciphertext space, the key space, and functions
Gen
,
Enck
and
Deck
.
2. Why is the one-time pad not commonly used in practice?
Problem 2. (KL exercise 2.6, modied)
When using the one-time pad with the key
0n
,
the entire message is sent in the clear. It has therefore been suggested that the one-time pad
be modied by only encrypting with keys
k6= 0n
chosen uniformly at random. Is the resulting
scheme still perfectly secret? What is the smallest
ε0
for which this scheme has statistically
ε
-indistinguishable encryptions? Would we want to make such a modication in practice?
Problem 3.
For each of the following, answer whether it is TRUE or FALSE for each of the
notions of perfect secrecy, statistical security, and computational security.
1. Assumes an adversary with limited computation time
2. Provides privacy for each individual bit of a message
3. May allow an adversary to break the scheme with some small probability
4. Is achievable assuming
P6=NP
Problem 4.
Each day, a satellite sends a single encrypted message back to Earth using a 128-
bit one-time pad, with a fresh key for each day. Each message consists of a 64-bit timestamp
(the number of seconds since 1970 in binary) and a 64-bit payload (the satellite's current sensor
readings). A hacker claims that, by listening in on the communication, she is able to determine 10
bits of the given day's 128-bit message. Is the hacker's claim plausible? Does the scheme satisfy
our denition of perfect secrecy?
Problem 5. (KL exercise 3.7)
Show that if
G
is not a pseudorandom generator, then
Enck(m) =
G(k)m
does not have indistinguishable encryptions.
1
pf2

Partial preview of the text

Download CS 127: Introduction to Cryptography Quiz I Practice Problems and more Exams Cryptography and System Security in PDF only on Docsity!

Harvard University Salil Vadhan

CS 127: Introduction to Cryptography

Quiz I Practice Problems

September 29, 2013

Justify all of your answers. This also applies to questions which are not purely mathematical, for which you should back up your answers with mathematical explanations. You may assume all results proven (or stated as a fact) in class or on the problem sets. This set of practice problems is roughly twice the length of the actual quiz.

Problem 1.

  1. State the denition of the one-time pad encryption scheme for n-bit messages. Your speci- cation should include: the message space, the ciphertext space, the key space, and functions Gen, Enck and Deck.
  2. Why is the one-time pad not commonly used in practice?

Problem 2. (KL exercise 2.6, modied) When using the one-time pad with the key 0 n, the entire message is sent in the clear. It has therefore been suggested that the one-time pad be modied by only encrypting with keys k 6 = 0n^ chosen uniformly at random. Is the resulting scheme still perfectly secret? What is the smallest ε ≥ 0 for which this scheme has statistically ε-indistinguishable encryptions? Would we want to make such a modication in practice?

Problem 3. For each of the following, answer whether it is TRUE or FALSE for each of the notions of perfect secrecy, statistical security, and computational security.

  1. Assumes an adversary with limited computation time
  2. Provides privacy for each individual bit of a message
  3. May allow an adversary to break the scheme with some small probability
  4. Is achievable assuming P 6 = NP

Problem 4. Each day, a satellite sends a single encrypted message back to Earth using a 128- bit one-time pad, with a fresh key for each day. Each message consists of a 64-bit timestamp (the number of seconds since 1970 in binary) and a 64-bit payload (the satellite's current sensor readings). A hacker claims that, by listening in on the communication, she is able to determine 10 bits of the given day's 128-bit message. Is the hacker's claim plausible? Does the scheme satisfy our denition of perfect secrecy?

Problem 5. (KL exercise 3.7) Show that if G is not a pseudorandom generator, then Enck(m) = G(k) ⊕ m does not have indistinguishable encryptions.

Problem 6.

  1. Give the denition of a pseudorandom generator.
  2. Suppose G : { 0 , 1 }∗^ → { 0 , 1 }∗^ is a pseudorandom generator. Which of the following G′^ is necessarily a pseudorandom generator for every pseudorandom generator G? Justify your answer (e.g., by a reducibility argument or a counterexample).

(a) G′(x) = G(x)b(x), where b(x) is the XOR of all the bits of G(x). (b) G′(x) = G(x 0 |x|). (c) G′(x) = the rst |x| + 1 bits of G(x)