APPENDIXCSolutions to ExercisesIntroduction to <strong>Cryptography</strong>Classical <strong>Cryptography</strong>Substitution ciphersExercise 2.1 Determine the number of possible keys for the affine substitution ciphers. Isthis sufficient to have a secure cryptosystem?Transposition ciphersExercise 2.2 Show that for every π in S n , there exists an positive integer m, such thatπ m is the identity map, and such that m divides n!. The smallest such m is called the orderof π.Exercise 2.3 How many transpositions exist in S n ? Describe the elements of order 2 inS n and determine their number.Exercise 2.4 Show that every element of S n can be expressed as the composition of atmost n transpositions.Exercise 2.5 What is the order of a permutation with cycle lengths d 1 , . . . , d t ? How doesthis solve the previous exercise concerning the order of a permutation?Exercise 2.6 What is the block length m of an (r, s)-simple columnar transposition? Describethe permutation. Hint: it may be easier to describe the permutation if the index setis {0, . . . , m − 1}.103
Solution. The block length is the number of characters which are involved in each permutation,which equals rs for an (r, s)-simple columnar transposition. In terms of mapsof indices, the k-th position maps to (i, j) in an array where i = ((k − 1) mod s) + 1 andj = (k − 1) div s (for k in 1, . . . , rs). The transpose maps (i, j) to (j, i), which goes to thenew position π(k) = i + (j − 1)r in the ciphertext. The map k ↦→ π(k) determines the inverseof the permutation on indices. The inverse permutation is determined by exchangingthe roles of r and s.Exercise 2.7 Show that the (r, r)-simple columnar transposition has order 2. What is theorder of the cipher for (r, s) = (3, 5)? Determine the permutation in cycle notation forthis cipher. Determine the permutation in cycle notation for the (7, 36)-simple columnartransposition used in this chapter.Solution. For a (r, r)-simple columnar transposition one writes each r 2 -block into an r ×rarray, applies a transposition, and reads the columns off as rows. It has order 2 sincetwo-fold application of the cipher acts as the identity on every r 2 -block.In general, an (r, s)-simple columnar tranposition cipher does not have order 2 since thetranspose matrix does not have the same form, so r characters are read from each column,while s characters are written into each row at the next application of the cipher. Theinverse of an (r, s)-simple columnar transposition is an (s, r)-simple columnar transposition.The (3, 5)-simple columnar transposition is determined by the following map of indicesgiving the map in list notation1 ↦→ 1, 2 ↦→ 6, 3 ↦→ 11, . . .[1, 6, 11, 2, 7, 12, 3, 8, 13, 4, 9, 14, 5, 10, 15]In SAGE we can construct this sequence and determine the cycle notation for the permuationas follows:sage: (r,s) = (3,5)sage: G = SymmetricGroup(r*s)sage: S = [ i+s*j for i in range(1,s+1) for j in range(r) ]sage: S[1, 6, 11, 2, 7, 12, 3, 8, 13, 4, 9, 14, 5, 10, 15]sage: G(S)(2,6,12,14,10,4)(3,11,9,13,5,7)The equivalent construction for (r, s) = (7, 36) follows.104 Appendix C. Solutions to Exercises
- Page 1 and 2:
Author (David R. Kohel) /Title (Cry
- Page 4 and 5:
CONTENTS1 Introduction to Cryptogra
- Page 6:
PrefaceWhen embarking on a project
- Page 10 and 11:
information. We introduce here some
- Page 12 and 13:
ut strings in A ∗ map injectively
- Page 14 and 15:
CHAPTERTWOClassical Cryptography2.1
- Page 16 and 17:
LV MJ CW XP QO IG EZ NB YH UA DS RK
- Page 18 and 19:
As a special case, consider 2-chara
- Page 20 and 21:
Note that if d k = 1, then we omit
- Page 22:
ExercisesSubstitution ciphersExerci
- Page 25 and 26:
Ciphertext-only AttackThe cryptanal
- Page 27 and 28:
of size n, suppose that p i is the
- Page 29 and 30:
Note that ZKZ and KZA are substring
- Page 31:
Checking possible keys, the partial
- Page 34 and 35:
sage: X = pt.frequency_distribution
- Page 36 and 37:
CHAPTERFOURInformation TheoryInform
- Page 38 and 39:
For each of these we can extend our
- Page 40 and 41:
in terms of the cryptosystem), then
- Page 42 and 43:
CHAPTERFIVEBlock CiphersData Encryp
- Page 44 and 45:
Deciphering. Suppose we begin with
- Page 46 and 47:
The Advanced Encryption Standard al
- Page 48 and 49:
1. Malicious substitution of a ciph
- Page 50 and 51:
locks M j−1 , . . . , M 1 as well
- Page 52:
where X = K ⊕ M = (X 1 , X 2 , X
- Page 55 and 56:
6.2 Properties of Stream CiphersSyn
- Page 57 and 58: Exercise. Verify that the equality
- Page 59 and 60: n 2 n − 11 12 33 74 155 316 637 1
- Page 61 and 62: Exercise 6.6 In the previous exerci
- Page 63 and 64: Exercise 6.9 Compute the first 8 te
- Page 65 and 66: which holds since −4 = 17 + (−1
- Page 67 and 68: must therefore have a divisor of de
- Page 69 and 70: Shrinking Generator cryptosystemLet
- Page 72 and 73: CHAPTEREIGHTPublic Key Cryptography
- Page 74 and 75: Initial setup:1. Alice and Bob publ
- Page 76 and 77: We apply this rule in the RSA algor
- Page 78 and 79: the discrete logarithm problem (DLP
- Page 80 and 81: Man in the Middle AttackThe man-in-
- Page 82: Exercise 8.6 Fermat’s little theo
- Page 85 and 86: k < p − 1 with GCD(k, p − 1) =
- Page 88 and 89: CHAPTERTENSecret SharingA secret sh
- Page 90: using any t shares (x 1 , y 1 ), .
- Page 93 and 94: sage-------------------------------
- Page 95 and 96: sage: x.is_unit?Type:builtin_functi
- Page 97 and 98: Python (hence SAGE) has useful data
- Page 99 and 100: sage: n = 12sage: for i in range(n)
- Page 101 and 102: sage: I = [55+i for i in range(3)]
- Page 103 and 104: sage: I = [7, 4, 11, 11, 14, 22, 14
- Page 105 and 106: ExercisesRead over the above SAGE t
- Page 107: 102
- Page 111 and 112: Solution.below.The coincidence inde
- Page 113 and 114: analysis of the each of the decimat
- Page 115 and 116: arbitrary permutation of the alphab
- Page 117 and 118: In order to understand naturally oc
- Page 119 and 120: We do this by first verifying the e
- Page 121 and 122: Solution.None provided.Linear feedb
- Page 123 and 124: Multiplying each through by the con
- Page 125 and 126: Solution. The linear complexity of
- Page 127 and 128: If a, b, and c are as above, then f
- Page 129 and 130: Exercise 8.5 Use SAGE to find a lar
- Page 131 and 132: Solution. Now we can verify that e
- Page 133 and 134: which has no common factors with p
- Page 135 and 136: sage: p = 2^32+61sage: m = (p-1).qu
- Page 137 and 138: sage: a5 := a^n5sage: c5 := c^n5sag
- Page 139 and 140: The application of this function E
- Page 141 and 142: 5. (∗) How many elements a of G h
- Page 143: 1. The value f(0) of the polynomial