Show page

Differences

This shows you the differences between two versions of the page.

--- ac:laboratoare:02 [2019/10/03 16:05]
marios.choudary
+++ ac:laboratoare:02 [2024/10/11 20:41] (current)
dimitrie.valu
@@ Line 1: / Line 1: @@
-===== Lab 02 - Applied Cryptography =====
+===== Lab 02 - Vigenère and DES =====
-Please download the lab skeleton from here: {{:ic:laboratoare:lab2.zip|}}
+This laboratory will cover frequency attacks against the Vigenère cipher and the meet-in-the-middle attack on 2DES. To solve the lab, open [[https://colab.research.google.com/drive/1bRQcD1dPNTqvpdFF9rUfGnsn6jaMonfU|this Colab notebook]] and copy it into your own drive for persistence.
-The archive contains several files, just need the following:
-  * **format_funcs.py**: the format functions from the previous lab;
-  * **msg_ex3.txt**: the text which needs to be decrypted for exercise 3;
-  * **ex3.py**: implementation of exercise 3.
-You need to fill in the TODOs from **ex3.py**.
-<hidden>
-==== Exercise 1 (2p) ====
-Alice sends Bob the following ciphertexts:
-<code>
-LDPWKHORUGBRXUJRG
-XNTRGZKKGZUDMNNSGDQFNCRADENQDLD
-DTZXMFQQSTYRFPJDTZWXJQKFSDLWFAJSNRFLJ
-SIOMBUFFHINNUEYNBYHUGYIZNBYFILXSIOLAIXCHPUCH
-ERZRZOREGURFNOONGUQNLGBXRRCVGUBYL
-CJIJPMTJPMAVOCZMVIYTJPMHJOCZM
-DTZXMFQQSTYRZWIJW
-ZPVTIBMMOPUDPNNJUBEVMUFSZ
-FVBZOHSSUVAZALHS
-KAGETMXXZAFSUHQRMXEQFQEFUYAZKMSMUZEFKAGDZQUSTNAGD
-MCIGVOZZBCHRSGWFSOBMHVWBUHVOHPSZCBUGHCMCIFBSWUVPCIF
-</code>
-Charlie manages to capture the ciphertexts and he finds that the cipher used for
-encryption is the shift cipher (each message possibly encrypted with a different
-key). Can you decrypt the messages ?
-Charlie also knows that the plaintext consists only of the English letters A to
-Z (all capitals, no punctuation).
-<note tip>**Hint:** What do most of the plain texts have in common? The answer is YOU.</note>
-==== Exercise 2 (4p) ====
-Alice sends Bob another ciphertext, but much longer this time:
-{{:sasc:laboratoare:sasc_msg_lab1.txt|Download message file}}
-Charlie needs to decrypt this as well. Some colleagues tell him this is encrypted
-using the substitution cipher, and that again the plaintext consists only of the English letters **A** to **Z** (all capitals, no punctuation). Try to help Charlie to decrypt this.
-Hint: use the frequency analysis mechanisms we discussed in class. Note that the frequency of each letter does not map precisely. In particular, the most frequent two letters do match well with the given table, but the others are sometimes mixed. However, Charlie knows that the most frequent bi-grams are the following (from most frequent to less frequent):
-**TH**, **HE**, **IN**, **OR**, **HA**, **ET**, **AN**, **EA**, **IS**, **OU**, **HI**, **ER**, **ST**, **RE**, **ND**
-With this information, can you tell what the ciphertext is about?
-</hidden>
-==== Exercise 1 (5p) ====
-(use ex3.py from lab2 zip file)
-Charlie manages to capture {{:sasc:laboratoare:sasc_msg_lab2.txt|a last communication}} which turns out to be the most important, so it is crucial he decrypts it. However, this time Alice used the Vigenere cipher, with a key that Charlie knows has **7** characters.
-The ciphertext is in the file attached. Try the method of multiplying probabilities as explained in class and see if you can decrypt the ciphertext. You can find details about this method [[http://www.cs.mtu.edu/~shene/NSF-4/Tutorial/VIG/Vig-Recover.html|here]].
-These are the known frequencies of the plaintext:
-<code>
-{'A': 0.07048643054277828,
-'C': 0.01577161913523459,
-'B': 0.012074517019319227,
-'E': 0.13185372585096597,
-'D': 0.043393514259429625,
-'G': 0.01952621895124195,
-'F': 0.023867295308187673,
-'I': 0.06153403863845446,
-'H': 0.08655128794848206,
-'K': 0.007566697332106716,
-'J': 0.0017594296228150873,
-'M': 0.029657313707451703,
-'L': 0.04609015639374425,
-'O': 0.07679967801287949,
-'N': 0.060217341306347746,
-'Q': 0.0006382244710211592,
-'P': 0.014357175712971482,
-'S': 0.05892939282428703,
-'R': 0.05765294388224471,
-'U': 0.02749540018399264,
-'T': 0.09984475620975161,
-'W': 0.01892824287028519,
-'V': 0.011148804047838086,
-'Y': 0.023045078196872126,
-'X': 0.0005289788408463661,
-'Z': 0.00028173873045078196}
-</code>
-<hidden>
-==== Bonus: Exercise 4 (3p) ====
-In class we explained that the one time pad is malleable (i.e. we can easily change the encrypted plaintext by simply modifying the ciphertext). We have also discussed how the CRC was a very bad idea in the design of WEP due to its linearity.
-You are given the following ciphertext in hexadecimal:
-<code>
-e0e061d1694c9
-</code>
-which you know it corresponds to the concatenation of the message "floare" with its CRC-16 (in hexa "8E31") obtained from this website:
-http://www.lammertbies.nl/comm/info/crc-calculation.html
-If we need to modify the ciphertext so that a correct decryption outputs "albina" instead of "floare" and such that the CRC-16 calculation remains correct, what is the modification we need to perform?
-Output the new ciphertext after the necessary modifications and show that it correctly leads to the plaintext "albina" and a correct computation of its CRC-16.
-You might find this starting script useful:
-<code python ex4_draft.py>
-import sys
-import random
-import string
-import operator
-def strxor(a, b): # xor two strings (trims the longer input)
-  return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)])
-def hexxor(a, b): # xor two hex strings (trims the longer input)
-  ha = a.decode('hex')
-  hb = b.decode('hex')
-  return "".join([chr(ord(x) ^ ord(y)).encode('hex') for (x, y) in zip(ha, hb)])
-def main():
-  #Plaintexts
-  s1 = 'floare'
-  s2 = 'albina'
-  G = '' #To find
-  #Obtain crc of s1
-  #See this site:
-  #http://www.lammertbies.nl/comm/info/crc-calculation.html
-  x1 = s1.encode('hex')
-  x2 = s2.encode('hex')
-  print "x1: " + x1
-  crc1 = '8E31' #CRC-16 of x1
-  #Compute delta (xor) of x1 and x2:
-  xd = hexxor(x1, x2)
-  print "xd: " + xd
-if __name__ == "__main__":
-  main()
-</code>
-<note tip>
-Use the property for CRC-16 that CRC(m XOR d) = CRC(m) XOR CRC(d).
-If d = 'floare' XOR 'albina' and C = [C1 | C2] = [m XOR G1 | CRC(m) XOR G2], then C1' = C1 XOR d.
-</note>
-</hidden>
-==== Exercise 2 (5p) ====
-The goal of this exercise is to implement the meet-in-the-middle attack on double DES.
-For this, you are given a starter code (see below), implemented using the Pycrypto library:
-https://pypi.python.org/pypi/pycrypto
-Perform the following tasks:
-  * a) Install the pycrypto library
-  * b) Starting from the starter code (see below), write methods to encrypt and decrypt using double-DES (2DES), defined as follows:
-<code> 2DES( (k1,k2), m) = DES(k1, DES(k2, m))</code>
-  * c) You are given the ciphertexts
-c1 = 'cda98e4b247612e5b088a803b4277710f106beccf3d020ffcc577ddd889e2f32'
-c2 = '54826ea0937a2c34d47f4595f3844445520c0995331e5d492f55abcf9d8dfadf'
-as hex strings (i.e. you need to decode them to get the actual byte strings to use with DES, e.g. c1.decode('hex'))
-Decrypt them using the following keys:
-k1 = 'Smerenie'
-k2 = 'Dragoste'
-The plaintext corresponding to c1 is m1='Fericiti cei saraci cu duhul, ca'. Find the plaintext m2 corresponding to c2.
-<note tip>
-With the Pycrypto library, DES is given a key in 8 bytes (64 bits) rather than 7 (56 bits). However, the last bit in each byte is considered as a parity bit, but in fact ignored in this library, leaving the actual key in 56 bits. For this and the following exercises, we assume the entire key as 64 bits, given for example as 8 characters, as above.
-Note also that for this exercises, we shall be using the default values when initialising the DES cipher (i.e. ECB mode and no IV).
-</note>
-  * d) Decrypt the entire ciphertext (c1 || c2) with k1 and k2 using 2DES and check it matches the messages m1||m2 above.
-  * e) You are given the following ciphertext/plaintext pairs:
-m1 = 'Pocainta' (in byte string, i.e. can be used directly with Pycrypto DES)
-c1 = '9f98dbd6fe5f785d' (in hex string, you need to hex-decode)
-m2 = 'Iertarea'
-c2 = '6e266642ef3069c2'
-Due to a problem with the PRG, you also know the last 6-bytes of each key (note we now have a different key than for the previous exercises):
-k1 (last 6 bytes) = 'oIkvH5'
-k2 (last 6 bytes) = 'GK4EoU'
-To build a table, I recommend using a list of tuples, where you add new (key,enc) pairs as follows:
-<code>
-tb = []
-tb.append(('keyval', 'encva'))
-</code>
-To sort the table, you can do this:
-<code>
-tbs = sorted(tb, key=itemgetter(1))
-</code>
-To search with binary search, first select just the second column (to search the encryptions):
-<code>
-tenc = [value for _,value in tbs]
-</code>
-then use the bisect library (e.g. bisect.bisect_left)
-https://docs.python.org/2/library/bisect.html
-The starter code is this:
-<code>
-import sys
-import random
-import string
-from operator import itemgetter
-import time
-import bisect
-from Crypto.Cipher import DES
-def strxor(a, b): # xor two strings (trims the longer input)
-  return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)])
-def hexxor(a, b): # xor two hex strings (trims the longer input)
-  ha = a.decode('hex')
-  hb = b.decode('hex')
-  return "".join([chr(ord(x) ^ ord(y)).encode('hex') for (x, y) in zip(ha, hb)])
-def bitxor(a, b): # xor two bit strings (trims the longer input)
-  return "".join([str(int(x)^int(y)) for (x, y) in zip(a, b)])
-def str2bin(ss):
-  """
-    Transform a string (e.g. 'Hello') into a string of bits
-  """
-  bs = ''
-  for c in ss:
-    bs = bs + bin(ord(c))[2:].zfill(8)
-  return bs
-def str2int(ss):
-  """
-    Transform a string (e.g. 'Hello') into a (long) integer by converting
-    first to a bistream
-  """
-  bs = str2bin(ss)
-  li = int(bs, 2)
-  return li
-def hex2bin(hs):
-  """
-    Transform a hex string (e.g. 'a2') into a string of bits (e.g.10100010)
-  """
-  bs = ''
-  for c in hs:
-    bs = bs + bin(int(c,16))[2:].zfill(4)
-  return bs
-def bin2hex(bs):
-  """
-    Transform a bit string into a hex string
-  """
-  bv = int(bs,2)
-  return int2hexstring(bv)
-def byte2bin(bval):
-  """
-    Transform a byte (8-bit) value into a bitstring
-  """
-  return bin(bval)[2:].zfill(8)
-def int2hexstring(bval):
-  """
-    Transform an int value into a hexstring (even number of characters)
-  """
-  hs = hex(bval)[2:]
-  lh = len(hs)
-  return hs.zfill(lh + lh%2)
-def get_index(a, x):
-  'Locate the leftmost value exactly equal to x in list a'
-  i = bisect.bisect_left(a, x)
-  if i != len(a) and a[i] == x:
-    return i
-  else:
-    return -1
-def des_enc(k, m):
-  """
-  Encrypt a message m with a key k using DES as follows:
-  c = DES(k, m)
-  Args:
-    m should be a bytestring (i.e. a sequence of characters such as 'Hello' or '\x02\x04')
-    k should be a bytestring of length exactly 8 bytes.
-  Note that for DES the key is given as 8 bytes, where the last bit of
-  each byte is just a parity bit, giving the actual key of 56 bits, as expected for DES.
-  The parity bits are ignored.
-  Return:
-    The bytestring ciphertext c
-  """
-  d = DES.new(k)
-  c = d.encrypt(m)
-  return c
-def des_dec(k, c):
-  """
-  Decrypt a message c with a key k using DES as follows:
-  m = DES(k, c)
-  Args:
-    c should be a bytestring (i.e. a sequence of characters such as 'Hello' or '\x02\x04')
-    k should be a bytestring of length exactly 8 bytes.
-  Note that for DES the key is given as 8 bytes, where the last bit of
-  each byte is just a parity bit, giving the actual key of 56 bits, as expected for DES.
-  The parity bits are ignored.
-  Return:
-    The bytestring plaintext m
-  """
-  d = DES.new(k)
-  m = d.decrypt(c)
-  return m
-def main():
-  # Exercitiu pentru test des2_enc
-  key1 = 'Smerenie'
-  key2 = 'Dragoste'
-  m1_given = 'Fericiti cei saraci cu duhul, ca'
-  c1 = 'cda98e4b247612e5b088a803b4277710f106beccf3d020ffcc577ddd889e2f32'
-  # TODO: implement des2_enc and des2_dec
-  m1 = des2_dec(key1, key2, c1.decode('hex'))
-  print 'ciphertext: ' + c1
-  print 'plaintext: ' + m1
-  print 'plaintext in hexa: ' + m1.encode('hex')
-  # TODO: run meet-in-the-middle attack for the following plaintext/ciphertext
-  m1 = 'Pocainta'
-  c1 = '9f98dbd6fe5f785d' # in hex string
-  m2 = 'Iertarea'
-  c2 = '6e266642ef3069c2'
-  # Note: you only need to search for the first 2 bytes of the each key:
-  k1 = '??oIkvH5'
-  k2 = '??GK4EoU'
-if __name__ == "__main__":
-  main()
-</code>
-<hidden>
-The solution is {{:ic:laboratoare:lab2_sol.zip|here}}.
-</hidden> /* do not delete this! */

Labs

Resources

ac/laboratoare/02.1570107948.txt.gz · Last modified: 2019/10/03 16:05 by marios.choudary

Show page Old revisions

Media Manager Back to top