27/12/2020 NERDOLOGY!

: Stream Ciphers (Week - 1) - Cryptography I

NERDOLOGY!
Sunday, September 1, 2013

Stream Ciphers (Week - 1) - Cryptography I

Premium VPN
Score of 5.37 out of 8.45.
Question 1
Data compression is often used in data storage and transmission. Suppose you want to use
data compression in conjunction with encryption. Does it make more sense to:
Sco
Your Answer Explanation
re
Co Ciphertexts tend to look like random strings and Now from
$2.49
Compress then encrypt. rre 1.00 therefore the only opportunity for compression is
ct prior to encryption.
Encrypt then compress.
The order does not matter /month.
-- either one is fine.
The order does not matter
-- neither one will compress
the data.
1.00
Total /
1.00
Question 2
Let G:{0,1}s→{0,1}n be a secure PRG. Which of the following is a secure PRG (there is
more than one correct answer):
Scor
Your Answer Explanation
e
Ino GET THE DEAL
a distinguisher for G′ gives a distinguisher
G′(k)=G(k)⨁1n rre 0.00
for G.
ct
Ino
G′(k1,k2)=G(k1)∥G(k2) a distinguisher for G′ gives a distinguisher
rre 0.00
(here ∥ denotes concatenation) for G.
ct
Ino
G′(k)=G(k)∥0 (here ∥ A distinguisher will output not random
rre 0.00
denotes concatenation) whenever the last bit of its input is 0.
ct
Ino
A distinguisher will output not random
G′(k)=G(0) rre 0.00
whenever its input is equal to G(0) .
ct
G′(k)=G(k)[0,…,n−2] Ino
a distinguisher for G′ gives a distinguisher
(i.e., G′(k) drops the last bit of rre 0.00
for G.
G(k) ) ct

Cor A distinguisher will output not random

G′(k)=G(k)∥G(k) (here
rec 0.17 whenever the first n bits are equal to the last
∥ denotes concatenation) t n bits.
0.17
Total /
1.00
Question 3
Let G:K→{0,1}n be a secure PRG. Define G′(k1,k2)=G(k1)⋀G(k2) where ⋀ is the
bit-wise AND function. Consider the following statistical test A on {0,1}n :
A(x) outputs LSB(x) , the least significant bit of x .
What is AdvPRG[A,G′]? You may assume that LSB(G(k)) is 0 for exactly half the seeds
k in K .

Note: Please enter the advantage as a decimal between 0 and 1 with a leading 0. If the
advantage is 3/4, you should enter it as 0.75

You entered:
0.5

Your Answer Score Explanation

0.5 Incorrect 0.00
Total 0.00 / 1.00 Labels
Question 4 Business Communication (3)
Let (E,D) be a (one-time) semantically secure cipher with key space K={0,1}ℓ . A bank
wishes to split a decryption key k∈{0,1}ℓ into two pieces p1 and p2 so that both are Case Studies (5)
needed for decryption. The piece p1 can be given to one executive and p2 to another so that
Control of Mobile Robots (1)
both must contribute their pieces for decryption to proceed.

printed-notes.blogspot.com/2013/09/stream-ciphers-week-1.html 1/5
27/12/2020 NERDOLOGY!: Stream Ciphers (Week - 1) - Cryptography I
The bank generates random k1 in {0,1}ℓ and sets k1′←k⊕k1 . Note that k1⊕k1′=k Coursera (27)
. The bank can give k1 to one executive and k1′ to another. Both must be present for
decryption to proceed since, by itself, each piece contains no information about the secret Cryptography I (7)
key k (note that each piece is a one-time pad encryption of k ).
Economics (9)
Now, suppose the bank wants to split k into three pieces p1,p2,p3 so that any two of the
pieces enable decryption using k . This ensures that even if one executive is out sick, Finance.. (1)
decryption can still succeed. To do so the bank generates two random pairs (k1,k1′) and
(k2,k2′) as in the previous paragraph so that k1⊕k1′=k2⊕k2′=k . How should the Financial Accounting.. (3)
bank assign pieces so that any two pieces enable decryption using k , but no single piece
Human Resource Management (2)
can decrypt?
S Interactive Python (3)
c
Your Answer o Explanation International Business (17)
r
e
M-Commerce (1)

Maps and the Geospatial

p1=(k1,k2),p2=(k1′,k2′),p3=(k2′) Revolution (5)

Marketing (4)
p1=(k1,k2),p2=(k1,k2),p3=(k2′)
Mathematics and Statistics (2)
p1=(k1,k2),p2=(k1′),p3=(k2′)
Penn State (5)
p1=(k1,k2),p2=(k2,k2′),p3=(k2′)
Photography.. (2)
C
o executives 1 and 2 can decrypt using Project Management (10)
r 1. k1,k1′, executives 1 and 3 can decrypt
r 0 using k2,k2′, and executives 2 and 3 can Python Programming (16)
p1=(k1,k2),p2=(k1′,k2),p3=(k2′) e0 decrypt using k2,k2′. Moreover, a single
c
Stanford (7)
executive has no information about $k$.
t
Strategic Management (1)
1.
0 Tech Tutorials (14)
0
Total / Toronto (11)
1.
0
0
Question 5 Blog Archive
Let M=C=K={0,1,2,…,255} and consider the following cipher defined over (K,M,C) :
E(k,m)=m+k(mod256);D(k,c)=c−k(mod256) . ► 2017 (1)
Does this cipher have perfect secrecy? ► 2016 (1)
Your Answer Score Explanation
► 2014 (10)
Yes.
▼ 2013 (30)
No, there is a simple attack on this
► October (1)
cipher.
No, only the One Time Pad has Inorre many constructions can have ▼ September (21)
0.00
perfect secrecy. ct perfect secrecy. Learn to Program:
The Fundamentals
0.00 /
Total - Assignment 3
1.00
Learn to Program:
The Fundamentals
Question 6 - Week 6 Exercise
Let (E,D) be a (one-time) semantically secure cipher where the message and ciphertext
Learn to Program:
space is {0,1}n . Which of the following encryption schemes are (one-time) semantically The Fundamentals
secure? - Week 5 Exercise
S
Learn to Program:
c
Your Answer Explanation The Fundamentals
or - Assignment 2 ...
e
Learn to Program:
I
The Fundamentals
n - Week 4 Exercise
o 0.
E′(k,m)=reverse(E(k,m)) rr 0 an attack on E′ gives an attack on E. Learn to Program:
e 0 The Fundamentals
c
— Week 3
Exercise
t
C Learn to Program:
To break semantic security, an attacker The Fundamentals
o
0. would read the secret key from the challenge - Assignment 1
rr
E′(k,m)=E(k,m)∥k 1 ciphertext and use it to decrypt the challenge
e Learn to Program:
7 ciphertext. Basically, any ciphertext reveals
c The Fundamentals
the secret key. — Week 2
t
Exercise
C
To break semantic security, an attacker
o Learn to Program:
0. would ask for the encryption of $0^n$ and The Fundamentals
rr
E′(k,m)=E(0n,m) 1 $1^n$ and can easily distinguish EXP(0) from - Week 1 Exercise
e
7 EXP(1) because it knows the secret key,
c Cryptography I - Final
namely 0n .
t Exam
C 0. an attack on E′ gives an attack on E. Public Key
E′( (k,k′), m)=E(k,m)∥E(k′,m) o 1 Encryption from
rr 7

printed-notes.blogspot.com/2013/09/stream-ciphers-week-1.html 2/5
27/12/2020 NERDOLOGY!: Stream Ciphers (Week - 1) - Cryptography I
e trapdoor
c permutations (...
t
Maps and the
C Geospatial
o Revolution -
0. Feedback — Fi...
E′(k,m)=0∥E(k,m) (i.e. rr
1 an attack on E′ gives an attack on E.
prepend 0 to the ciphertext) e Basic key exchange
7
c (Week - 5) -
t Cryptography I
C Maps and the
o To break semantic security, an attacker Geospatial
0.
rr would ask for the encryption of $0^n$ and Revolution -
E′(k,m)=E(k,m)∥LSB(m) 1
e $0^{n-1}1$ and can distinguish EXP(0) from Feedback — Le...
7
c EXP(1).
Authenticated
t Encryption (Week -
0. 4) - Cryptography I
8
Maps and the
3
Geospatial
Total / Revolution -
1. Feedback — Le...
0
Message Integrity
0
(Week - 3) -
Cryptography I
Question 7 Maps and the
Suppose you are told that the one time pad encryption of the message "attack at dawn" is Geospatial
6c73d5240a948c86981bc294814d (the plaintext letters are encoded as 8-bit ASCII and the Revolution -
given ciphertext is written in hex). What would be the one time pad encryption of the Feedback — Le...
message "attack at dusk" under the same OTP key?
Block Ciphers (Week
- 2) - Cryptography
You entered: I
6c73d5240a948c86981bc Maps and the
2808548 Geospatial
Revolution -
Your Answer Score Explanation
Feedback — Le...
6c73d5240a948c86981bc2808548 Correct 1.00
Stream Ciphers
Total 1.00 / 1.00 (Week - 1) -
Cryptography I
Question 8
The movie industry wants to protect digital content distributed on DVD’s. We develop a
► July (7)
variant of a method used to protect Blu-ray disks called AACS. ► April (1)
Suppose there are at most a total of n DVD players in the world (e.g. n=232 ). We view
these n players as the leaves of a binary tree of height log2n . Each node in this binary tree ► 2012 (12)
contains an AES key ki . These keys are kept secret from consumers and are fixed for all ► 2011 (29)
time. At manufacturing time each DVD player is assigned a serial number i∈[0,n−1] .
► 2010 (15)
Consider the set of nodes Si along the path from the root to leaf number i in the binary tree.
The manufacturer of the DVD player embeds in player number i the keys associated with the
nodes in the set Si. A DVD movie m is encrypted as
E(kroot,k)∥E(k,m)
where k is a random AES key called a content-key and kroot is the key associated with the
This blog 'Nerdology!' by Jay is
root of the tree. Since all DVD players have the key kroot all players can decrypt the movie licensed under a Creative
m . We refer to E(kroot,k) as the header and E(k,m) as the body. In what follows the DVD Commons Attribution-
header may contain multiple ciphertexts where each ciphertext is the encryption of the Noncommercial-No Derivative
content-key k under some key ki in the binary tree. Works 3.0 Unported License.
Suppose the keys embedded in DVD player number r are exposed by hackers and
published on the Internet. In this problem we show that when the movie industry distributes a
new DVD movie, they can encrypt the contents of the DVD using a slightly larger header
(containing about log2n keys) so that all DVD players, except for player number r , can
decrypt the movie. In effect, the movie industry disables player number r without affecting
other players.
As shown below, consider a tree with n=16 leaves. Suppose the leaf node labeled 25
corresponds to an exposed DVD player key. Check the set of keys below under which to
encrypt the key k so that every player other than player 25 can decrypt the DVD. Only four
keys are needed.

Your
Scor
Answe Explanation
e
r
Cor You cannot encrypt k under any key on the path from the root to node
26 0.03
rect 25. Therefore 26 can only decrypt if you encrypt k under key k26.
1 Cor 0.03 You cannot encrypt k under the root, but 1's children must be able to

printed-notes.blogspot.com/2013/09/stream-ciphers-week-1.html 3/5
27/12/2020 NERDOLOGY!: Stream Ciphers (Week - 1) - Cryptography I
rect decrypt k .
Cor There is a better solution that does not require encrypting on the key of
30 0.03
rect this node.
Cor You cannot encrypt k under key 5, but 11's children must be able to
11 0.03
rect decrypt k .
Cor
2 0.03 No, this will let node 25 decrypt the DVD.
rect
Cor There is a better solution that does not require encrypting on the key of
14 0.03
rect this node.
Cor There is a better solution that does not require encrypting on the key of
19 0.03
rect this node.
Cor
6 0.03 You cannot encrypt k under 2, but 6's children must be able to decrypt k .
rect
0.25
Total /
0.25

Question 9
Continuing with the previous question, if there are n DVD players, what is the number of keys
under which the content key k must be encrypted if exactly one DVD player's key needs to
be revoked?
Your
Sco
Answ Explanation
re
er

n/2

n
2

n−1
Co That's right. The key will need to be encrypted under one key for each node
rre 1.00 on the path from the root to the revoked leaf. There are log2n nodes on
log2n ct
the path.
1.00
Total /
1.00
Question 10
Continuing with question 8, suppose the leaf nodes labeled 16, 18, and 25 correspond to
exposed DVD player keys. Check the smallest set of keys under which to encrypt the key k
so that every player other than players 16,18,25 can decrypt the DVD. Only six keys are
needed.
Your Answer Score Explanation
17 Correct 0.02 Yes, this will let player 17 decrypt.

22 Inorrect 0.00

11 Correct 0.02 Yes, this will let players 23,24 decrypt.

4 Correct 0.02 Yes, this will let players 19-22 decrypt.

14 Correct 0.02

15 Correct 0.02 Yes, this will let player 15 decrypt.

27 Correct 0.02

30 Inorrect 0.00

6 Inorrect 0.00 Yes, this will let players 27-30 decrypt.

26 Inorrect 0.00 Yes, this will let player 26 decrypt.

Total 0.12 / 0.20

Posted by Jay at Sunday, September 01, 2013

Labels: Coursera, Cryptography I, Stanford

Up to 60% Cheaper Than Braces

Smile Direct Club, The Castle

Book An Appointment Today to Start Your Smile Journey.

San Rafael

STORE INFO DIRECTIONS

printed-notes.blogspot.com/2013/09/stream-ciphers-week-1.html 4/5
27/12/2020 NERDOLOGY!: Stream Ciphers (Week - 1) - Cryptography I

Newer Post Home Older Post

Awesome Inc. theme. Powered by Blogger.

Universidad Nº 1 Derecho
Universidad Escuela Libre de Derecho

Más de 40 Años con Derecho en Costa Rica. Universidad Libre

San José

STORE INFO DIRECTIONS

printed-notes.blogspot.com/2013/09/stream-ciphers-week-1.html 5/5