Show page

Differences

This shows you the differences between two versions of the page.

--- sasc:laboratoare:02 [2015/03/12 00:51]
marios.choudary
+++ sasc:laboratoare:02 [2017/02/21 11:28] (current)
dan.dragan
@@ Line 1: / Line 1: @@
-===== Laboratorul 02. =====
+===== Lab 02 - Shift and Vigenère ciphers =====
-In this lab we'll do some exercises related to OTP and stream ciphers.
+Please download the lab skeleton from here: {{:ic:laboratoare:lab2.zip|}}
+The archive contains the following:
+  * **format_funcs.py**: the format functions from the previous lab;
+  * **caesar.py**: the implementation of the Caesar encryption and decryption from the previous lab;
+  * **msg_ex2.txt**: the text which needs to be decrypted for exercise 2;
+  * **msg_ex3.txt**: the text which needs to be decrypted for exercise 3;
+  * **ex1.py**: implementation of exercise 1;
+  * **ex2.py**: implementation of exercise 2;
+  * **ex3.py**: implementation of exercise 3.
+You need to fill in the TODOs from **ex1.py**, **ex2.py** and **ex3.py**.
+==== Exercise 1 (2p) ====
-==== Exercise 1 ====
+Alice sends Bob the following ciphertexts:
-Advantage. The purpose of this problem is to clarify the concept of advantage. Con- sider the following two experiments EXP(0) and EXP(1):
+<code>
-  * In EXP(0) the challenger flips a fair coin (probability 1/2 for HEADS and 1/2 for TAILS) and sends the result to the adversary A.
+LDPWKHORUGBRXUJRG
-  * In EXP(1) the challenger always sends TAILS to the adversary.
+XNTRGZKKGZUDMNNSGDQFNCRADENQDLD
+DTZXMFQQSTYRFPJDTZWXJQKFSDLWFAJSNRFLJ
+SIOMBUFFHINNUEYNBYHUGYIZNBYFILXSIOLAIXCHPUCH
+ERZRZOREGURFNOONGUQNLGBXRRCVGUBYL
+CJIJPMTJPMAVOCZMVIYTJPMHJOCZM
+DTZXMFQQSTYRZWIJW
+ZPVTIBMMOPUDPNNJUBEVMUFSZ
+FVBZOHSSUVAZALHS
+KAGETMXXZAFSUHQRMXEQFQEFUYAZKMSMUZEFKAGDZQUSTNAGD
+MCIGVOZZBCHRSGWFSOBMHVWBUHVOHPSZCBUGHCMCIFBSWUVPCIF
+</code>
-The adversary’s goal is to distinguish these two experiments: at the end of each experiment the adversary outputs a bit 0 or 1 for its guess for which experiment it is in. For b = 0,1 let Wb be the event that in experiment b the adversary output 1. The adversary tries to maximize its distinguishing advantage, namely the quantity
+Charlie manages to capture the ciphertexts and he finds that the cipher used for
-Adv = | Pr[W0] − Pr[W1] | ∈ [0, 1] .
+encryption is the shift cipher (each message possibly encrypted with a different
+key). Can you decrypt the messages ?
-The advantage Adv captures the adversary’s ability to distinguish the two experiments. If the advantage is 0 then the adversary behaves exactly the same in both experiments and therefore does not distinguish between them. If the advantage is 1 then the adversary can tell perfectly what experiment it is in. If the advantage is negligible for all efficient adversaries (as defined in class) then we say that the two experiments are indistinguishable.
+Charlie also knows that the plaintext consists only of the English letters A to
+Z (all capitals, no punctuation).
-a. Calculate the advantage of each of the following adversaries:
+<note tip>**Hint:** What do all the plain texts have in common? The answer is YOU.</note>
-  * A1: Always output 1.
-  * A2: Ignore the result reported by the challenger, and randomly output 0 or 1 with even probability.
-  * A3: Output 1 if HEADS was received from the challenger, else output 0.
-  * A4: Output 0 if HEADS was received from the challenger, else output 1.
-  * A5: If HEADS was received, output 1. If TAILS was received, randomly output 0 or 1 with even probability.
-b. What is the maximum advantage possible in distinguishing these two experiments? Explain why.
+==== Exercise 2 (4p) ====
-==== Exercise 2 ====
+Alice sends Bob another ciphertext, but much longer this time:
-Let's use the experiment defined earlier as a pseudorandom generator (PRG) as follows:
+{{:sasc:laboratoare:sasc_msg_lab1.txt|Download message file}}
-  - Set a desired output length n
-  - Obtain a random sequence R of bits of length n (say flipping a coin, using a Linear-congruential generator, or any other method)
-  - For each bit r in the random sequence R generated in the previous step, output a bit b as follows:
-  * if the bit r is 0, then output a random bit b (e.g. flip a coin and output either 0 or 1 depending on its result)
-  * if the bit r is 1, then output 1
-a. Implement the frequency (monobit) test from NIST (see section 2.1):
+Charlie needs to decrypt this as well. Some colleagues tell him this is encrypted
-http://csrc.nist.gov/publications/nistpubs/800-22-rev1a/SP800-22rev1a.pdf
+using the substitution cipher, and that again the plaintext consists only of the English letters **A** to **Z** (all capitals, no punctuation). Try to help Charlie to decrypt this.
-and check if a sequence generated by the above PRG (say n=100) seems random or not.
+Hint: use the frequency analysis mechanisms we discussed in class. Note that the frequency of each letter does not map precisely. In particular, the most frequent two letters do match well with the given table, but the others are sometimes mixed. However, Charlie knows that the most frequent bi-grams are the following (from most frequent to less frequent):
+**TH**, **HE**, **IN**, **OR**, **HA**, **ET**, **AN**, **EA**, **IS**, **OU**, **HI**, **ER**, **ST**, **RE**, **ND**
-b. Run the test on a random bitstring (e.g. a string such as R used by the above PRG), and compare the result of the test.
+With this information, can you tell what the ciphertext is about?
-If the two results are different across many iterations, this test already gives you an attacker that breaks the PRG.
+==== Exercise 3 (4p) ====
-==== Exercise 3 ====
+Charlie manages to capture {{:sasc:laboratoare:sasc_msg_lab2.txt|a last communication}} which turns out to be the most important, so it is crucial he decrypts it. However, this time Alice used the Vigenere cipher, with a key that Charlie knows has **7** characters.
-In class we explained that the one time pad is malleable (i.e. we can easily change the encrypted plaintext by simply modifying the ciphertext). Let’s see a concrete example. Suppose you are told that the one time pad encryption of the message “attack at dawn” is 09e1c5f70a65ac51626bc3d25f17 (the plaintext letters are encoded as 8-bit ASCII and the given ciphertext is written in hex). What would be the one time pad encryption of the message “attack at dusk” under the same OTP key?
+The ciphertext is in the file attached. Try the method of multiplying probabilities as explained in class and see if you can decrypt the ciphertext. You can find details about this method [[http://www.cs.mtu.edu/~shene/NSF-4/Tutorial/VIG/Vig-Recover.html|here]].
-==== Exercise 4 ====
+These are the known frequencies of the plaintext:
-Let us see what goes wrong when a stream cipher key is used more than once. Below are eleven hexencoded ciphertexts that are the result of encrypting eleven plaintexts with a stream cipher, all with the same stream cipher key. Your goal is to decrypt the last ciphertext, and submit the secret message within it as solution.
+<code>
+{'A': 0.07048643054277828,
+'C': 0.01577161913523459,
+'B': 0.012074517019319227,
+'E': 0.13185372585096597,
+'D': 0.043393514259429625,
+'G': 0.01952621895124195,
+'F': 0.023867295308187673,
+'I': 0.06153403863845446,
+'H': 0.08655128794848206,
+'K': 0.007566697332106716,
+'J': 0.0017594296228150873,
+'M': 0.029657313707451703,
+'L': 0.04609015639374425,
+'O': 0.07679967801287949,
+'N': 0.060217341306347746,
+'Q': 0.0006382244710211592,
+'P': 0.014357175712971482,
+'S': 0.05892939282428703,
+'R': 0.05765294388224471,
+'U': 0.02749540018399264,
+'T': 0.09984475620975161,
+'W': 0.01892824287028519,
+'V': 0.011148804047838086,
+'Y': 0.023045078196872126,
+'X': 0.0005289788408463661,
+'Z': 0.00028173873045078196}
+</code>
-Hint: XOR the ciphertexts together, and consider what happens when a space is XORed with a character in [a-zA-Z].
+==== Bonus: Exercise 4 (3p) ====
-ciphertext #1:
+In class we explained that the one time pad is malleable (i.e. we can easily change the encrypted plaintext by simply modifying the ciphertext). We have also discussed how the CRC was a very bad idea in the design of WEP due to its linearity.
-c4eeaa8b5f8aaf9174145bf43e1784b8fa00dc71d885a804e5ee9fa40b16349c146fb778cdf2d3aff021dfff5b403b5 10d0d0455468aeb98622b137dae857553ccd8883a7bc37520e06e515d22c954eba5025b8cc57ee59418ce7dc6bc4 1556bdb36bbca3e8774301fbcaa3b83b220809560987815f65286764703de0f3d524400a19b159610b11ef3e
+You are given the following ciphertext in hexadecimal:
+<code>
+e0e061d1694c9
+</code>
-ciphertext #2:
+which you know it corresponds to the concatenation of the message "floare" with its CRC-16 (in hexa "8E31") obtained from this website:
+http://www.lammertbies.nl/comm/info/crc-calculation.html
-c02ecbbfbafa3ed18510abd11fa724fcda2018a1a8342cf064bbde548b12b07df44ba7191d9606ef4081ffde5ad46 a5069d9f7f543bedb9c861bf29c7e205132eda9382b0bc2c5c4b45f919cf3a9f1cb74151f6d551f4480c82b2cb24cc5b0 28aa76eb7b4ab24171ab3cdadb8356f
+If we need to modify the ciphertext so that a correct decryption outputs "albina" instead of "floare" and such that the CRC-16 calculation remains correct, what is the modification we need to perform?
-ciphertext #3:
+Output the new ciphertext after the necessary modifications and show that it correctly leads to the plaintext "albina" and a correct computation of its CRC-16.
-ba9a7b2bba9b8005d43a304b5714cc0bb0c8a34884dd91304b8ad40b62b07df44ba6e9d8a2368e51d04e0e7 b207b70b9b8261112bacb6c866a232dfe257527dc29398f5f3251a0d47e503c66e935de81230b59b7afb5f41afa8d661cb
+You might find this starting script useful:
+<code python ex4_draft.py>
-ciphertext #4:
-ba9aab2a8a4fd06414fb517b5605cc0aa0dc91a8908c2064ba8ad5ea06a029056f47a8ad3306ef5021eafe1ac 01a81197847a5c68a1b78769a37bc8f4575432c198ccb4ef63590256e305cd3a9544ee4160ead45aef520489e7da7d 835402bca670bda8eb775200b8dabbba246b130f040d8ec6447e2c767f3d30ed81ea2e4c1404e1315a1010e7229be6636aaa
-ciphertext #5:
-f561ba9adb4b6ebec54424ba317b564418fac0dd35f8c08d31a1fe9e24fe56808c213f17c81d9607cee021dafe1e001 b21ade877a5e68bea88d61b93ac5ee0d562e8e9582f5ef375f0a4ae20ed86e935de81230b59b73fb4302cd95d770c6 5b40aaa065f2a5e33a5a0bb5dcaba43722130f042f8ec85b7c2070
-ciphertext #6:
-bfbacfbb9befd54415da243e1695ecabd58c519cd4bd2061bbde24eb76a19d84aba34d8de287be84d07e7e9a 30ee714979c7e1123a8bd9822a33ecaf512472e8e8f8db3f9635c1949e640c621854eba0d79eccf52ff111284b4cc61 d11902aebc66f2b2e436434eacc0aba938220b084800c2ca4e693522643573b2c4ce35050b0cf774201f0fe52ac9f26 d71b6cf61a711cc229f77ace7aa88a2f19983122b11be87a59c355d25f8e4
-ciphertext #7:
-bfbacfbb9befd54415da243e1695ecabd58c519cd4bd90f1fa6ea5ba47b01c909ba7696cf606ef40c04afe1ac0a a8148dd066592ded9f8774b529c7ea125d298e8883f5e9305f4b44f915cb2bd05af51373fd9b4af511039fa2d96f8341 4aaaf261bda2e97b170fb5cce2a53e675c154c0d9681596934777e2275b381ce2e40582afe67650b13e72287ff2270 abcf73bb028932836fbdecfecee0a3b894473c1bbeb6b4913a536ce4f9b13f1efff71ea313c8661dd9a4ce
-ciphertext #8:
-c4eeaa8b5f8bffd11155ea506b56041c6a00c8a08854dd21a4bbde54ce56801d943ba708b8a3574f40c00fff9e00f a1439fd0654327a3bfc860b92f89ee04132ecb9298f5fd2d5e4b45e40ecc3b9d59e9417df7c95bba410e9aa2ca24c54 74da2f276baa3ac325918b2daada43d6712150441c2e04f6565517f317da9d3
-ciphertext #9:
-f9bbb2aeadec111841a81abc300ecaa01bd8069d5cc91005e9fe4aad6e04d513e96d99de2569bc5e50eeeca 709b50a8a987f4264edb6896fb537d0a716132ddc938fb0f836480e06ed0fcd6e9759f40462f9cf57f4564186a2c1778f 1543efa270bda5e933421cbe88a4a52222190f471e9bd15f652b653b7071aec59a2705081ffe72651d08f822c9ed6d7
-e48b63ab15d0208573a7eef027
-ciphertext #10:
-d06ece998b7a2fb1d464fed2ced7641ddaa3cc31c9941cf110abbf409ed39598005b3399ccfafb61d0315fca0a314 be138a9f32503bedac8067f03adbf3575c3b8edc9ba7f537530541ab0f9f3cd04ff50d66f1d559ba520e89a2cb2a83
-target ciphertext (decrypt this one):
-ba9babebbbefd001547a810e67149caee11d945cd7fc81a05e9f85aac650e9052ba6a8cd8257bf14d13e6f0a8 03b54fde9e77472dbff89d71b57bddef121336cb85ccb8f3315f4b52e301d16e9f52f904
-<note tip>You may use the following Python code as a starting point</note>
-<code>
 import sys
 import random
 import string
 import operator
-MSGS = (
-    '315c4eeaa8b5f8aaf9174145bf43e1784b8fa00dc71d885a804e5ee9fa40b16349c146fb778cdf2d3aff021dfff5b403b510d0d0455468aeb98622b137dae857553ccd8883a7bc37520e06e515d22c954eba5025b8cc57ee59418ce7dc6bc41556bdb36bbca3e8774301fbcaa3b83b220809560987815f65286764703de0f3d524400a19b159610b11ef3e',
-    '234c02ecbbfbafa3ed18510abd11fa724fcda2018a1a8342cf064bbde548b12b07df44ba7191d9606ef4081ffde5ad46a5069d9f7f543bedb9c861bf29c7e205132eda9382b0bc2c5c4b45f919cf3a9f1cb74151f6d551f4480c82b2cb24cc5b028aa76eb7b4ab24171ab3cdadb8356f',
-    '32510ba9a7b2bba9b8005d43a304b5714cc0bb0c8a34884dd91304b8ad40b62b07df44ba6e9d8a2368e51d04e0e7b207b70b9b8261112bacb6c866a232dfe257527dc29398f5f3251a0d47e503c66e935de81230b59b7afb5f41afa8d661cb',
-    '32510ba9aab2a8a4fd06414fb517b5605cc0aa0dc91a8908c2064ba8ad5ea06a029056f47a8ad3306ef5021eafe1ac01a81197847a5c68a1b78769a37bc8f4575432c198ccb4ef63590256e305cd3a9544ee4160ead45aef520489e7da7d835402bca670bda8eb775200b8dabbba246b130f040d8ec6447e2c767f3d30ed81ea2e4c1404e1315a1010e7229be6636aaa',
-    '3f561ba9adb4b6ebec54424ba317b564418fac0dd35f8c08d31a1fe9e24fe56808c213f17c81d9607cee021dafe1e001b21ade877a5e68bea88d61b93ac5ee0d562e8e9582f5ef375f0a4ae20ed86e935de81230b59b73fb4302cd95d770c65b40aaa065f2a5e33a5a0bb5dcaba43722130f042f8ec85b7c2070',
-    '32510bfbacfbb9befd54415da243e1695ecabd58c519cd4bd2061bbde24eb76a19d84aba34d8de287be84d07e7e9a30ee714979c7e1123a8bd9822a33ecaf512472e8e8f8db3f9635c1949e640c621854eba0d79eccf52ff111284b4cc61d11902aebc66f2b2e436434eacc0aba938220b084800c2ca4e693522643573b2c4ce35050b0cf774201f0fe52ac9f26d71b6cf61a711cc229f77ace7aa88a2f19983122b11be87a59c355d25f8e4',
-    '32510bfbacfbb9befd54415da243e1695ecabd58c519cd4bd90f1fa6ea5ba47b01c909ba7696cf606ef40c04afe1ac0aa8148dd066592ded9f8774b529c7ea125d298e8883f5e9305f4b44f915cb2bd05af51373fd9b4af511039fa2d96f83414aaaf261bda2e97b170fb5cce2a53e675c154c0d9681596934777e2275b381ce2e40582afe67650b13e72287ff2270abcf73bb028932836fbdecfecee0a3b894473c1bbeb6b4913a536ce4f9b13f1efff71ea313c8661dd9a4ce',
-    '315c4eeaa8b5f8bffd11155ea506b56041c6a00c8a08854dd21a4bbde54ce56801d943ba708b8a3574f40c00fff9e00fa1439fd0654327a3bfc860b92f89ee04132ecb9298f5fd2d5e4b45e40ecc3b9d59e9417df7c95bba410e9aa2ca24c5474da2f276baa3ac325918b2daada43d6712150441c2e04f6565517f317da9d3',
-    '271946f9bbb2aeadec111841a81abc300ecaa01bd8069d5cc91005e9fe4aad6e04d513e96d99de2569bc5e50eeeca709b50a8a987f4264edb6896fb537d0a716132ddc938fb0f836480e06ed0fcd6e9759f40462f9cf57f4564186a2c1778f1543efa270bda5e933421cbe88a4a52222190f471e9bd15f652b653b7071aec59a2705081ffe72651d08f822c9ed6d76e48b63ab15d0208573a7eef027',
-    '466d06ece998b7a2fb1d464fed2ced7641ddaa3cc31c9941cf110abbf409ed39598005b3399ccfafb61d0315fca0a314be138a9f32503bedac8067f03adbf3575c3b8edc9ba7f537530541ab0f9f3cd04ff50d66f1d559ba520e89a2cb2a83'
-    )
-TARGET = '32510ba9babebbbefd001547a810e67149caee11d945cd7fc81a05e9f85aac650e9052ba6a8cd8257bf14d13e6f0a803b54fde9e77472dbff89d71b57bddef121336cb85ccb8f3315f4b52e301d16e9f52f904'
 def strxor(a, b): # xor two strings (trims the longer input)
@@ Line 127: / Line 121: @@
 def main():
-  # do something here
-  print 'Hello'
+  #Plaintexts
+  s1 = 'floare'
+  s2 = 'albina'
+  G = '' #To find
+  #Obtain crc of s1
+  #See this site:
+  #http://www.lammertbies.nl/comm/info/crc-calculation.html
+  x1 = s1.encode('hex')
+  x2 = s2.encode('hex')
+  print "x1: " + x1
+  crc1 = '8E31' #CRC-16 of x1
+  #Compute delta (xor) of x1 and x2:
+  xd = hexxor(x1, x2)
+  print "xd: " + xd
 if __name__ == "__main__":
   main()
 </code>
+<note tip>
+Use the property for CRC-16 that CRC(m XOR d) = CRC(m) XOR CRC(d).
+If d = 'floare' XOR 'albina' and C = [C1 | C2] = [m XOR G1 | CRC(m) XOR G2], then C1' = C1 XOR d.
+</note>
+<hidden>
+The solution is {{:ic:laboratoare:lab2_sol.zip|here}}.
+</hidden>