question with answer you need to write in other way and explain it well and the other question you need to solve it the book and questions all in the word fill

# Category: Cryptography

Learning Goal: I’m working on a cryptography exercise and need a sample publish to help me learn.

1- What is the output of the first round of the DES algorithm when the first and last bits of plaintext’ and the key bits are ones, and the remaining bits are zero? Show your work (How to generate keys and each step until the output of the first round).

2- An avalanche effect is also desirable for the key: A one-bit change in a key should result in a dramatically different ciphertext if the plaintext is unchanged.

Assume an encryption with a given key. Now assume the key bit at position 1 (prior to PC − 1) is being flipped. Which S-boxes in which rounds are affected by the bit flip during DES encryption?

Which S-boxes in which DES rounds are affected by this bit flip during DES decryption?

Learning Goal: I’m working on a cryptography question and need an explanation and answer to help me learn.

1. (15 Points) There is nothing exclusively special about strings and XOR in one-time pad. We can get the same properties using integers mod n and addition mod n. This problem considers a variant of one-time pad, in which the keys, plaintexts, and ciphertexts are all elements of Zn instead of {0, 1}n. (a) What is the decryption algorithm that corresponds to the following encryption algo-rithm?

Enc(k, m) : c = (k + m) mod n Show that the resulting scheme satisfies correctness (b) Show that the above scheme satisfies one-time uniform ciphertext security (c) It’s not just the distribution of keys that is important. The way that the key is combined with the plaintext is also important. Show that a scheme with the following encryption algorithm does not satisfy one-time uniform ciphertext security

Enc(k, m) : c = (k • m) mod n

2. (10 Points) Alice is using one-time pad and notices that when her key is the all-zeroes string k = On, then Enc(k, m) = m and her message is sent in the clear! To avoid this problem, she decides to modify KeyGen to exclude the all-zeroes key. She modifies KeyGen to choose a key uniformly from {0, I}nO”), the set of all n-bit strings except On . In this way, she guarantees that her plaintext is never sent in the clear. (a) Describe an attack demonstrating that the modified scheme does not satisfy one-time uniform ciphertext security

3. (10 Points) The following scheme encrypts a plaintext by simply reordering its bits, according to the secret permutation k:

K = { permutations of {1, …, n}} M = {01 1 }11 C = {0, On KeyGen(ln) : k <— K return k Enc(k, m) : for i := 1 to n: Ch(i) := Mi return cr…cn DeS : for i := 1 to n: mi := Ch(i) return mi…mn

Describe an attack demonstrating that the scheme does not satisfy one-time perfect security.

4. (10 Points) Consider the following variant of one-time perfect security, where Eve can ob-tain two ciphertexts (on chosen plaintexts) encrypted under the same key, called two-time perfect security

We say that an encryption scheme is two-time perfectly secure if Vrnii, m12, m2r, m22 E M chosen by Eve, the following distributions are identical:

DI {ci := Enc(k, mil), c2 := Enc(k, mi2); k F KeyGen(r)} • 132 := := Enc(k, m21), := Enc(k, m22); k KeyGenanil

Describe an attack demonstrating that one-time pad does not satisfy this security definition.

5. (15 Points) Let El = (KeyGeni, Enc1, Deci) and E2 = (KeyGen2, Enc2, Dec2) be two encryption schemes such that only one of them satisfies one-time perfect security, but you don't know which one. Using both El and e2 (but no other encryption scheme), construct an encryption scheme with one-time perfect security and prove its security.

6. (extra credit, 15 Points) Prove that if an encryption scheme has IKI < IMI (i.e. there are fewer possible keys than there are possible messages), then it cannot satisfy one-time perfect security. illy to structure your proof as an explicit attack on the scheme, i.e. a distinguisher between the distributions Dl and Th. Hint: There is no restriction on the running time of the attacker. Exhaustive brute-force attacks are therefore valid.