How can you distinguish a cipher composed only of a Feistel network from a random function if it has only (a) one round, (b) two rounds?

For clarity, here is an image of such a cipher with two rounds:

A sequence of plaintext blocks M1, . . . , M8 is encrypted using DES into a sequence of ciphertext blocks. Where an IV is used, it is numbered C0. A transmission error occurs and one bit in ciphertext block C3 changes its value. As a consequence, the receiver obtains after decryption a corrupted plaintext block sequence M1′,…,M8′. For the discussed modes of operation (ECB, CBC), how many bits do you expect to be wrong in each block Mi′? (Hint: You may find it helpful to draw decryption block diagrams.)

Please motivate your answer.

Now we have a better SPN, where the output of the permutation is XOR-ed with another 2 key bytes, as in the following figure:

1. Try to find the key in this case, when given the following message/ciphertext pairs: ('Om', 0x0073), ('El', 0xd00e), ('an', 0x855b). Print the key in ascii.

As another example, which uses a larger block size, let's use an SPN that takes a 4-byte input x=[x1 || x2 || x3 || x4] and an 8-byte key k=[k1 || k2 || k3 || k4 || k5 || k6 || k7 || k8] as in this figure:

Note that in this 4-byte SPN, the permutation operates on all 4 bytes, similarly to the 2-byte SPN: that is, it shifts all bits four bits to the right.

1. Try to find the key in this case as well, using the following message/ciphertext pairs: ('Omul', 0xddcf7bc7), ('stea', 0x96d58b43), ('luna', 0x9c3f2303) . Again print the key in ascii.