Differences
This shows you the differences between two versions of the page.
|
sasc:laboratoare:05 [2016/03/29 00:42] sergiu.costea [Lab 05] |
sasc:laboratoare:05 [2017/03/23 19:53] (current) marios.choudary |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== Lab 05 ===== | + | ===== Lab 05 - DES ===== |
| Line 5: | Line 5: | ||
| http://cs.curs.pub.ro/2014/pluginfile.php/13095/mod_resource/content/2/sasc_curs4_5.pdf | http://cs.curs.pub.ro/2014/pluginfile.php/13095/mod_resource/content/2/sasc_curs4_5.pdf | ||
| - | ==== Exercise 1 ==== | + | ==== Exercise 1 (2p) ==== |
| - | Remember DESX defined as the operation DESX( (k1,k2,k3), m) = k1 ⊕ DES(k2, m ⊕ k3). | + | Remember DESX defined as the operation DESX( (k1,k2,k3), m) = k1 ⊕ DES(k2, m ⊕ k3), |
| - | Show an attack on DESX that runs in time 2<sup>120</sup>. | + | where k1, k3 have 64 bits (same as input/output of DES) and k2 has 56 bits (DES key size). |
| + | Show a brute force (exhaustive key search) attack on DESX that runs in time $O(2^{120})$. | ||
| - | ==== Exercise 2 ==== | + | <note tip> |
| + | Try using a couple of (message, ciphertext) pairs and see if you can get rid of k1 | ||
| + | somehow in order to speed up a brute force attack. | ||
| + | </note> | ||
| + | |||
| + | ==== Exercise 2 (3p) ==== | ||
| Show why the following schemes do not bring any real advantage compared to DES: | Show why the following schemes do not bring any real advantage compared to DES: | ||
| Line 17: | Line 23: | ||
| * b) c = DES(k2, m ⊕ k1) | * b) c = DES(k2, m ⊕ k1) | ||
| - | ==== Exercise 3 ==== | + | <note tip> |
| + | You may use a similar approach to what you did in the previous exercise. | ||
| + | </note> | ||
| + | |||
| + | ==== Exercise 3 (5p) ==== | ||
| The goal of this exercise is to implement the meet-in-the-middle attack on double DES. | The goal of this exercise is to implement the meet-in-the-middle attack on double DES. | ||
| Line 232: | Line 242: | ||
| main() | main() | ||
| </code> | </code> | ||
| - | ==== SPN 2 ==== | ||
| - | |||
| - | Now we have a better SPN, where the output of the permutation is XOR-ed with another 2 key bytes, as in the following figure: | ||
| - | {{:sasc:laboratoare:spn_1r_full_2s.png|}} | ||
| - | |||
| - | - Try to find the key in this case, when given the following message/ciphertext pairs: ('Om', 0x0073), ('El', 0xd00e), ('an', 0x855b). Print the key in ascii. | ||
| - | |||
| - | <note tip>You may try some kind of brute-force search</note> | ||
| - | |||
| - | ==== SPN 3 ==== | ||
| - | |||
| - | As another example, which uses a larger block size, let's use an SPN that takes a 4-byte input x=[x1 || x2 || x3 || x4] and an 8-byte key k=[k1 || k2 || k3 || k4 || k5 || k6 || k7 || k8] as in this figure: | ||
| - | {{:sasc:laboratoare:spn_1r_full_4s.png|}} | ||
| - | |||
| - | Note that in this 4-byte SPN, the permutation operates on all 4 bytes, similarly to the 2-byte SPN: that is, it shifts all bits four bits to the right. | ||
| - | |||
| - | - Try to find the key in this case as well, using the following message/ciphertext pairs: ('Omul', 0xddcf7bc7), ('stea', 0x96d58b43), ('luna', 0x9c3f2303) . Again print the key in ascii. | ||
| - | |||
| - | <note tip> This time you cannot (easily) do a brute-force on all the bytes of the last XOR. However, you may try to attack one S-box at a time. Think of the bits that affect one such S-box and find an efficient attack. | ||
| - | </note> | ||
