Birla Institute of Technology & Science – Pilani

Hyderabad Campus
nd
2 Semester 2020-2021
Cryptography (BITS F463) – Comprehensive Examination (Regular) - KEY
Q1. (a) Given the ElGamal Crypto system for public key encryption. Two users A and B agree on
a prime number p = 17 and a generator value g = 6.

Encryption (done by user B) Decryption (done by user A)

p = 17 and g = 6 p = 17 and g = 6
Let the private key of user A be a = 5 The user A receives the cipher text from user B as
User A computes his public key using the equation 15, 9
ga mod p and the value is 65 mod 17 = 7 The public key of user A is 7
User A’s private key is 5
User B encrypts the message M = 13 as follows: User A can now decrypt the message using the
Let user B choose a random key value as k = 10 private key 5 and the decryption factor computed
He computes the value α = 15 using the equation using the equation 15-5 mod 17 and the value of
gk mod p = 610 mod 17 the decryption factor is 9
He then encrypts the message M using the equation
13 * 710mod 17 as β = 9 The decryption is done using the equation 9 * 9
mod 17
The user B now sends the encrypted message And the value is 13
comprising two parts and the values are 15 and 9 User A has now got the message decrypted as and
which is the equivalent of the plaintext message M retrieved as 13

(b)

The user B chooses a random integer b, and publishes the point bG (while b remains secret)

The user A chooses his own random integer a and sends the pair of points (aG, Pm+a(bG))) to the
user B (while a remains secret).

Now to decrypt the message, the user B computes b(aG) from the first part of the pair, then subtracts it
from the second part to obtain Pm+a(bG)−b(aG) = Pm+abG−abG = Pm, and then reverses the
embedding to get back the message M.

Let us say an attacker E, who can only see the values bG, aG, and Pm + a(bG) will have to find a from
aG or b from bG to make sense of Pm + a(bG). As the problem is now reduced to the Elliptic Curve
Discrete Log Problem, the attack can be thwarted.
Q2. (a) The plaintext message is “The office did not jump at the idea”. The Playfair key matrix
used by User A to encrypt the plaintext message is

A B C D E
F G H I/J K
L M N O P
Q R S T U
V W X Y Z
Given that to break up a similar letter pair, we need to use the letter X. If the number of letters in
the plaintext message is not sufficient to make pairs of letters, then we need to add the letter X at
the end of the message so that it is of even length.

Thus the given plain text message is to be written as

TH EO FX FI CE DI DN OT IU MP AT TH EI DE AX
Now, applying the Playfair cipher encryption, applying the rules, we get the corresponding
ciphertext as:

SI DP HV GK DA IO CD TY KT NL DQ CD DK EA CV

(b) Given a 2 x 2 Hill Cipher encryption with key matrix as a 2 x 2 matrix whereas the plaintext to
be encrypted is split into digraphs and is written as numeric column vectors.
The key matrix is:

The plaintext is:

By applying the rules of the Hill cipher algorithm, we can find out the cipher text as:
We multiply the key matrix by each column vector in turn. That is,

We can now convert these numbers to letters, so 0 becomes A and 15 becomes P. Thus the first
two letters of the ciphertext are AP.

Thus the ciphertext is APADJ TFTWLFJ

The plaintext message in letters is: short example

 (c)

First we compute the cipher alphabet:

letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
cipher C R Y P T O G A H B D E F I J K L M N Q S U V W X Z

Decryption then yields the intermediate text: XVSAHWSRBXEXBSEIUIEXXWYSSXHXER

Using a rail fence of height 5 we get as the plaintext message as:

X V S A
H W S R B X E
X B S E I U I
E X X W Y S S X
H X E R

The answer is (by reading out diagonally)

XHXEH XBWVS SXXWE RSBIY ESUXA EISRX

Q3. (a)
Key in Hex (128 bits): 54 68 61 74 73 20 6D 79 20 4B 75 6E 67 20 46 75
Therefore,
w[0] = (54, 68, 61, 74)
w[1] = (73, 20, 6D, 79)
w[2] = (20, 4B, 75, 6E)
w[3] = (67, 20, 46, 75)
It is given that g(w[3]) = (B6, 5A, 9D, 85)

We can find w[4] as

w[4] = w[0] ⊕ g(w[3])
= (54, 68, 61, 74) ⊕ (B6, 5A, 9D, 85)
w[4] = (E2, 32, FC, F1)

(b)

The state matrix before AddRoundKey operation is:

The Round Key No. 0 matrix is:

The new state matrix after we have completed the operation can be obtained by XOR-ing the
corresponding entries of the above two matrices.

The answer is as follows:

(c) To find the outputs of the two substitutions using S1 and S8 substitution boxes respectively.

(i) S1(100011)

When we write the first and the sixth bits together, we get 11 in binary, which is 3 in decimal. The
remaining bits are 0001 in binary, which is 1 in decimal. Now, we look for the value in row 3,
column 1, in the S1 box. The result is 12 in decimal, which is 1100 in binary.
Thus the input 100011 yields the output 1100.

(ii) S8 (000000)

When we write the first and the sixth bits together, we get 00 in binary, which is 0 in decimal. The
remaining bits are 0000 in binary, which is 0 in decimal. Now, we look for the value in row 0,
column 0, in the S8 box. The result is 13 in decimal, which is 1101 in binary.
Thus the input 000000 yields the output 1101.