Modern symmetric encryption schemes

Assignment Help Computer Network Security
Reference no: EM13686

Question 1

Let n=pq, where p,q are primes of the same length and let phi be Euler's totient function. Consider the following problems: (P1) computing the output p+q from an input n; (P2) computing the output phi(n) from an input n. Which one of the following statements is true?

a. if P1 is easy then P2 is easy

b. if P1 is hard then P2 is hard

c. P1 and P2 are polynomial-time equivalent

d. All of the above

Question 2

Let n=pq, where p,q are primes of the same length and let phi be Euler's totient function. Consider the following problems: (P1) computing the output p from an input n; (P2) computing the output phi(n) from an input n. Which one of the following statements is true?

a. if P1 is easy then P2 is easy

b. if P1 is hard then P2 is hard

c. P1 and P2 are polynomial-time equivalent

d. All of the above

Question 3

Let us denote as "X ci Y" the fact that random variables X and Y are computationally indistinguishable. Assume (A1,A2) is a pair of efficiently samplable (i.e., a variable sample can be efficiently generated) random variables and assume the same about (B1,B2). Which of these conditions is sufficient to have that (A1,A2) ci (B1,B2)?

a. A1 and A2 are independent, B1 and B2 are independent, A1 ci B1, A2 ci B2
b. A1 ci B1, A2 = A1, B2 = B1
c. A2 ci B2, A1 = A2, B1 = B2
d. All of the above

Question 4

Pseudo-random generators, pseudo-random functions and pseudo-random permutations are computationally indistinguishable, respectively, from

a. a function returning a pseudo-random string, a random function, a random permutation
b. a function returning a random string, a random function, a random permutation
c. a function returning a random string, a random function, a random function
d. All of the above

Question 5

Which of these assumptions is sufficient to construct a pseudo-random generator, a pseudo-random function and a pseudo-random permutation?

a. The hardness of factoring integers that are product of two integers of the same length
b. The hardness of computing discrete logarithms modulo random integers of a given length
c. The hardness of inverting the RSA function
d. Any of the above

Question 6

Which among these are the differences between the perfect indistinguishability notion for classical symmetric encryption schemes and the (computational) indistinguishability notion for modern symmetric encryption schemes?

a. In perfect indistinguishability the adversary's algorithm runs in polynomial time and his advantage can be greater than 0 while in computational indistinguishability the adversary's algorithm is not restricted to run in polynomial time and his advantage has to be equal to 0

b. In perfect indistinguishability the adversary's algorithm is not restricted to run in polynomial time and his advantage can be greater than 0 while in computational indistinguishability the adversary's algorithm runs in polynomial time and his advantage has to be equal to 0

c. In perfect indistinguishability the adversary's algorithm is not restricted to run in polynomial time and his advantage has to be equal to 0 while in computational indistinguishability the adversary's algorithm runs in polynomial time and his advantage can be greater than 0

d. In perfect indistinguishability the adversary's algorithm runs in polynomial time and his advantage has to be equal to 0 while in computational indistinguishability the adversary's algorithm is not restricted to run in polynomial time and his advantage can be greater than 0

Question 7

Assume |s1|=|s2|=n and consider the functions defined, for any s1 and s2, as:

(a) G1(s1,s2)=s1 xor s2, (b) G2(s1,s2)=(s1, s2, s1 xor s2).

We have that:

a. G1 and G2 are pseudo-random generators because their outputs are uniformly (and thus, pseudo-randomly) distributed if so are their input

b. G1 and G2 are not pseudo-random generators because either their outputs are not longer than their inputs or there exists a statistical test that distinguishes their outputs from a random string of the same length

c. G1 and G2 are not pseudo-random generators because either there exists an efficient algorithm that can compute their input from their output or their outputs are not longer than their inputs

d. G1 and G2 can be proved to be pseudo-random generators using a proof by reduction

Question 8

Let us denote as "X ci Y" the fact that random variables X and Y are computationally indistinguishable.
For any random variables X,Y,Z, consider the statements:
(a) if X ci Y then Y ci X,
(b) if X ci Y and Y ci X then X = Y,
(c) if X ci Y and Y ci Z then X ci Z,
(d) if X = Y then X ci Y,
(e) if X ci Y then X = Y.
Which of them are true?

a. (a), (c) and (d)

b. (b), (c) and (d)

c. (b), (c) and (e)

d. (a), (d) and (e)

Question 9

To prove that a permutation P is not a pseudo-random permutation, it suffices to show an efficient oracle adversary that can distinguish, with not negligible probability, the case in which its oracle is P from the case in which its oracle is a random permutation RP with the same input and output domains. To obtain an algorithm that makes this distinction, it suffices to find a distinguishing condition (or a set of them) among the adversary's query inputs and query outputs such that: (a) if the oracle is P, then the condition holds with high (e.g., 1) probability; (b) if the oracle is RP, then the condition holds with low (e.g., negligible) probability. Define the extended FT transform as the permutation that maps (L,M,R) to (R,f_k(R) xor M,f_k(M) xor L), where k is a random key, f is a pseudo-random function, and L,M,R are n-bit strings. Which of the following conditions are distinguishing conditions for the 1-round iteration and 2-round iteration of the extended FT transform, respectively? Notation: (L',R') and (L'',R'') denote the 1-round and 2-round outputs, respectively, of the FT transform on input (L,R); when we run the transform on different inputs, we use the notations (L0,R0), (L1,R1), .... for the inputs, (L0',R0'), (L1',R1'), .... for the 1-round outputs and (L0'',R0''), (L1'',R1''), .... for the 2-round outputs.
The notation for the extended FT transform is analogously defined.

a. 1-round extended FT: (L'=R); 2-round extended FT: (L0 xor L1 = L0'' xor L1'') and (R0=R1)

b. 1-round extended FT: (L'=M); 2-round extended FT: M0=M1, L0=L1 and L0''=L1''

c. 1-round extended FT: L=M=R, and R'=M'; 2-round extended FT: L=M=R, and L''=M''

d. None of the above

Question 10

For modern symmetric encryption schemes, which among these are the differences between the indistinguishability notion and the indistinguishability notion with chosen message attack?

a. In the indistinguishability notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle, and can later use these queries and responses to generate the two challenge plaintexts m(0) and m(1) and its guess for which message was encrypted as c


b. In the "indistinguishability with chosen message attack" notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle, and can later use these queries and responses to generate the two challenge plaintexts m(0) and m(1) and its guess for which message was encrypted as c

c. In the "indistinguishability with chosen message attack" notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle, but cannot later use these queries and responses to generate the two challenge plaintexts m(0) and m(1) and its guess for which message was encrypted as c

d. In the indistinguishability notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle, but cannot later use these queries and responses to generate the two challenge plaintexts m(0) and m(1) and its guess for which message was encrypted as c

Question 11

Which among these are the differences between the indistinguishability notion with chosen message attack and the indistinguishability notion with adaptive chosen message attack?

Answer

a. In the indistinguishability with chosen message attack notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle even after seeing the ciphertext and can later use these queries and responses to generate its guess for which message was encrypted as c

b. In the indistinguishability with chosen message attack notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle even after seeing the ciphertext but cannot later use these queries and responses to generate its guess for which message was encrypted as c

c. In the indistinguishability with adaptive chosen message attack notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle even after seeing the ciphertext and can later use these queries and responses to generate its guess for which message was encrypted as c

d. In the indistinguishability with adaptive chosen message attack notion, the adversary can additionally and repeatedly query the E(k,.) algorithm as an oracle even after seeing the ciphertext but cannot later use these queries and responses to generate its guess for which message was encrypted as c

Question 12

Let (KG,E,D) be the encryption scheme. Which of the following security notions is satisfied by (KG,E,D)?

Answer

a. security in the sense of indistinguishability

b. security in the sense of indistinguishability against chosen message attack

c. security in the sense of indistinguishability against adaptive chosen message attack

d. none of the above: it is not a symmetric encryption scheme

Question 13

Let G:{0,1}n-->{0,1}2n be a pseudo-random generator and consider the following encryption scheme (KG,E,D), where KG generates a random string k; E, on input key k and a message bit b, returns c = G(k) xor 12n if b=1 or c = G(k) if b=0 and D is naturally defined so to satisfy the decryption correctness property.

Which of the following security notions is satisfied by (KG,E,D)?

a. security in the sense of indistinguishability

b. security in the sense of indistinguishability against chosen message attack

c. security in the sense of indistinguishability against adaptive chosen message attack

d. none of the above

Question 14

Let F:{0,1}^n-->{0,1}^{n} be a pseudo-random function and consider the following encryption scheme (KG,E,D), where KG generates a random string k; E, on input key k and a string m, returns c =F(k,0) xor m and D is naturally defined so to satisfy the decryption correctness property.

Which of the following security notions is satisfied by (KG,E,D)?

a. security in the sense of indistinguishability

b. security in the sense of indistinguishability against chosen message attack

c. perfect secrecy

d. none of the above

Question 15

Let P:{0,1}^n-->{0,1}^{n} be a pseudo-random permutation and consider the following encryption scheme (KG,E,D), where KG generates a random string k; E, on input key k and an n-bit string m, returns c =P(k,m) and D is naturally defined so to satisfy the decryption correctness property.

Which of the following security notions is satisfied by (KG,E,D)?

Answer

a. security in the sense of indistinguishability

b. security in the sense of indistinguishability against chosen message attack

c. perfect secrecy

d. none of the above

Reference no: EM13686

Questions Cloud

World data app : Prepare WorldDataApp project. It implements the NameIndex portion, including creating it in SetupProgram, and searching, viewing and updating it in UserApp program.
Theory of the business : The Theory of the Business
Question on security infrastructure and protocols : Question on Security infrastructure and protocols
Small business administration : Identify the likely stage for each venture and describe the type of financing each venture is likely to be seeking and identify potential sources for that financing.
Modern symmetric encryption schemes : Pseudo-random generators, pseudo-random functions and pseudo-random permutations
Evaluate and output the value in the given base : Write C program that will input two values from the user that are a Value and a Base with which you will evaluate and output the Value in the given Base.
Intermediate macroeconomics : Use the IS/LM model and the IS-PC-MR model to explain what monetary policy to pursue.
Prepare the bank reconciliation for company : Prepare the bank reconciliation for company.
What is the expected return on the market : What is the expected return on the market and What is the risk-free rate?

Reviews

Write a Review

 

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd