Name: ______________________________________
CORE 139
Methods and Issues in Cryptology
Midterm II
April 8, 2004
This exam is closed book and closed notes.
You can find an ASCII table and a sketch of the S-DES algorithm on the back of this page.
You may not use a calculator. If you find that you absolutely need one and can’t proceed
without it, explain exactly how you’d use the calculator to compute what you need and exactly
how you’d use the computed result.
Write your answers in the space provided. Use additional sheets if you need more space.
If you don’t know how to completely answer a question, explain as much as you can about the
approach. If a later part of a question depends on an earlier part which you weren’t able to
solve, you can still get credit for the later part by explaining how you would use the answer to
the earlier part or by making up an answer for the earlier part and using that to solve the later
part.
Showing your work where appropriate can help earn you partial credit if you make an arithmetic
error.
If a question is ambiguous, explaining your interpretation of the question can help earn you
partial or even full credit even if your interpretation wasn’t what I had in mind.
There are 9 questions worth a total of 63 points and 2 bonus problems worth a total of 4 points.
2
ASCII Table
S-DES
S0
0
1
2
3
function f
0
1
0
3
2

IP (2,6,3,1,4,8,5,7)

split input into L and R
1
3
2
1
0

SW (5,6,7,8,1,2,3,4)

using R…
2
0
2
1
3
o
apply expansion
permutation
3
3
1
0
3
o
XOR with key
o
apply S-boxes
S1
0
1
2
3
o
apply P4
0
0
1
2
3
1
2
0
1
3
2
3
0
1
0
3
2
1
0
3

IP (4,1,3,5,7,2,8,6)

E/P (4,1,2,3,2,3,4,1)

P10 (3,5,2,7,4,10,1,9,8,6)

P8 (6,3,7,4,8,5,10,9)

P4 (2,4,3,1)
-1

XOR with L

concatenate with R
3
1. [9 points] Match the person to the event(s) or thing(s) by writing the appropriate letter(s) in
the spots indicated. Some people may be matched to more than one thing, and things may
be used more than once or not at all.
a. Marian Rejewski
_____
Œdipus ægyptiacus
b. Michael Ventris
_____
(h) ”On Computable Numbers”
c. Horst Feistel
_____
(f) Précis du système hiéroglyphique
d. Arthur Scherbius
_____
Incidents of Travel in the Yucatan
e. Edward Hebern
_____
(e) inventor of the Sphinx of the Wireless
f.
_____
(d) inventor of Enigma
g. Diego de Landa
_____
(i) inventor of Colossus
h. Alan Turing
_____
(g) discoveries about the Mayan calendar
i.
_____
(g) attempted to summarize Mayan
hieroglyphics with an alphabet
_____
(f) deciphering Egyptian hieroglyphics
_____
(b) deciphering Linear B
_____
(a,h) deciphering Enigma
_____
deciphering the Lorenz cipher (FISH) – (i)
is acceptable, since at the very least,
Colossus helped with deciphering
_____
(c) Lucifer
_____
discovery of the first Linear B tablets
Jean-François Champollion
Tommy Flowers
2. [5 points] The strategies for breaking Enigma are based on being able to separate the
scrambler settings from the plugboard settings so that each can be determined individually.
Why is it so important to be able to do this?
The total number of keys for Enigma is the product of the number of scrambler
arrangements/orientations and the number of plugboard wirings. With swapping just
6 pairs of letters, the number of keys is approximately 1016 – an enormous number,
with the plugboard contributing more combinations than the scramblers. Separating
the two sets of settings, however, meant that it was feasible to check the much
smaller number of scrambler settings. Once the scrambler setting was known,
shortcuts existed for deriving the plugboard settings (so it wasn’t necessary to try
every combination).
4
3. [9 points] Match the event to the date it occurred or the cipher/device to the date it was
invented, patented, adopted, or first used by writing the appropriate letter(s) in the spots
indicated. Some dates may be used more than once or not at all.
a. cipher disk
_____
14th century
b. DES
_____
(a) 15th century
c. Diffie-Hellman-Merkle key
exchange
_____
16th century
_____
17th century
_____
18th century
_____
(g) 1824
_____
1856
_____
(d) 1918 – patent date for (d)
_____
1932
_____
(e) 1943
_____
(f) 1953
_____
1960
_____
(b,c) early 1970s
_____
(h) 1980s-1990s
_____
2001
d. Enigma
e. Lorenz cipher/FISH broken
f.
Linear B decipherment
g. Egyptian hieroglyphics
decipherment
h. Mayan hieroglyphics
decipherment
some partial credit was granted
for answers that were close or
which were plausible
4. [5 points] List two ways in which operator error compromised the security of Enigma. How
were those errors exploited by the codebreakers?

poor choice of message key (e.g. girlfriend’s initials) – codebreakers compiled a
list of common choices and could quickly test them at the start

sending messages with predictable text (e.g. greetings or closings) or the same
content at the same time every day – this text could be used as a crib

not allowing scramblers to remain in the same position for two days in a row –
reduced the number of scrambler positions that needed to be tested for the next
day

not allowing the plugboard to swap adjacent letters – reduced the number of
plugboard wirings to test

Herivel tip – operators didn’t spin rotors properly when setting up the machine,
and so revealed settings in the choice of message key – codebreakers could then
make guesses about settings
5
5. [5 points] Give three reasons why the Navajo language was well-suited for being the basis
of a code. Explain why each reason was important.

not a written language – speakers were used to memorization due to oral
traditions (code was memorized)

complex language – few non-Navajo (and no Germans/Japanese) could
understand/speak, difficult for non-speakers to even transcribe

large enough population – could find large enough pool of speakers fluent in
both Navajo and English

limited to a small area – foreign anthropologists hadn’t visited the Navajo, so
language was not known outside of the area
6. [5 points] A function of the form Yx mod P is central to Diffie-Hellman-Merkle key exchange.
Why is this function suitable for the key exchange procedure? Give two reasons, and
explain why each is necessary.

it is a one-way function – it is easy to compute Yx mod P given Y, P, and x but it
is hard to find the x which would result in a particular value for Y x mod P (this is
important because the result of Yx mod P is sent between Alice and Bob – it must
be easy for them to compute, but if the eavesdropper could undo it, the secret
information x would be revealed)

the order of exponentiation doesn’t matter – (ab)c = (ac)b – this means that it
doesn’t matter whether Alice applies her secret information first and then Bob, or
Bob applies his first and then Alice – both get the same result (this is important
because each use the same steps, but in a different order, to figure out the
secret)
7. [5 points] Why was Diffie-Hellman-Merkle key exchange such an important breakthrough in
cryptography? Explain.
It shattered the idea that secret communication between two parties requires a
previously-shared secret. At the end of the key exchange, both Alice and Bob share
a secret, but they didn’t have any secret information in common before the exchange
started.
This solved key distribution, at least when it is possible for both parties to exchange
messages before the “real” message is sent. It allows people who have never met
before to have a private conversion, by first exchanging a key and then using that
key to encrypt their communications. This is vitally important for e-commerce.
6
8. You have intercepted the following Enigma-encoded message:
KDUOS ZAKRX CRXTD KPFGK XQPRY GRKXW R
Based on previous messages, you suspect that the message begins with the text TOP
SECRET. The following shows a series of alphabets resulting from successive scrambler
settings:
plaintext
setting #
T
O
P
S
E
C
R
E
T
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
U
H
L
F
E
R
F
W
O
U
K
D
V
V
N
O
J
B
V
L
N
M
S
I
K
U
V
H
T
V
S
U
O
D
P
N
A
G
G
Q
I
P
N
O
M
U
Y
W
E
V
T
M
X
X
P
O
I
J
W
R
K
J
I
Z
Y
M
X
X
A
O
L
B
V
X
N
M
Q
K
W
W
A
Z
X
S
W
P
C
K
P
T
H
I
F
U
P
Z
L
X
A
Y
Y
A
X
G
Q
L
Y
L
P
O
J
E
R
Y
C
O
Z
Z
O
S
J
L
F
S
N
L
H
X
L
Z
Z
Q
B
W
A
V
T
R
V
Q
N
B
V
T
P
G
J
E
K
V
J
W
Y
U
C
L
B
D
P
P
R
J
M
U
K
N
R
E
R
Z
C
D
Y
S
V
D
W
G
K
K
I
O
R
S
H
Q
F
A
H
Z
T
E
P
D
T
B
V
J
J
M
A
E
I
W
Y
H
Q
P
U
B
F
A
I
W
T
S
G
U
R
F
G
F
D
G
S
U
T
R
P
R
B
Y
U
U
C
Q
D
K
I
Q
R
C
T
U
S
S
D
O
B
T
R
C
Q
R
H
P
O
G
X
Y
I
A
T
B
D
T
N
G
Y
U
G
C
T
R
A
N
J
W
D
B
F
A
W
C
X
M
V
K
C
V
X
I
I
N
E
S
H
E
F
W
B
C
K
E
E
C
U
X
S
N
H
M
Z
F
Z
M
X
U
J
Y
K
G
S
S
M
D
N
H
A
N
O
I
L
Y
J
M
Y
I
W
I
F
L
R
X
J
B
Q
G
L
E
T
G
P
B
J
Z
U
L
M
M
Q
K
Z
N
H
K
L
O
Z
S
B
H
Z
C
E
M
N
Y
L
N
A
I
Q
O
M
M
B
C
L
A
W
I
B
Q
S
M
L
E
K
X
P
H
J
P
H
K
B
X
H
B
C
A
A
Z
D
H
Y
A
H
D
E
E
L
J
Y
A
E
C
U
O
Z
K
P
R
O
X
H
V
S
F
Q
Z
P
E
F
V
D
D
N
Q
G
C
C
D
W
O
I
J
O
M
F
F
W
D
C
Z
R
F
N
R
K
Q
T
V
F
ciphertext
F
T
G
G
X
E
D
T
Q
Y
Q
T
W
S
V
G
G
I
J
You want to determine if setting #1 is the right one for the start of the message.
a. [5 points] Since you don’t know anything about the plugboard settings, assume the
setting AC. Derive additional plugboard settings from this, until you’ve gone as far
as you can go or you get a contradiction.
There are many variations on this, since the exact set of settings you derive
is dependent on the order in which you consider the plaintext-ciphertext
letter pairs.
Start with AC. Row 6: CARZ so RZ. Row 7: RZDA so
AD. This is a contradiction, so we stop.
b. [5 points] Based only on the plugboard settings you’ve derived for part (a), is it
possible that setting #1 is the correct scrambler setting for the start of the message?
Explain.
It is too early to say. It is definitely true that if setting #1 is the right
setting, AC is not a correct plugboard setting. To know for certain, it is
necessary to try all of the other possible plugboard settings to see if they all
lead to contradictions – if so, then setting #1 cannot be correct.
K
D
U
O
S
Z
A
K
R
X
7
9. [10 points] Encrypt the message consisting of the letter Z using S-DES with key
1011001110. To save you some time, the two subkeys have already been worked out –
subkey 1 is 11111100 and subkey 2 is 11000011. Give the ciphertext as text – do not leave
it as a bit string. Clearly showing and labelling your work can help you earn partial credit if
you make a mistake.
From the ASCII table, Z is 90. This is 01011010 in binary, because 27+25+24+21 =
64+16+8+2 = 90.
The message is 01011010.
Apply IP to get 10001011.
Take the right half: 1011.
Apply E/P to the right half to get 11010111.
XOR this with subkey 1 to get 00101011.
Send the left half (0010) through S-box S0 – the row is 00 and the column is 01, so
the result is 00. Send the right half (1011) through S-box S1 – the row is 11 and the
column is 01, so the result is 01.
Apply P4 to the result of the S-boxes to get 0100.
Concatenate the left half after IP (1000) with 0100 to get 1100. Join this with the
right half after IP (1011) to get 11001011.
Swap the left and right halves to get 10111100.
Take the right half: 1100.
Apply E/P to the right half to get 01101001.
XOR this with subkey 2 to get 10101010.
Send the left half (1010) through S-box S0 – the row is 10 and the column is 01, so
the result is 10. Send the right half (1010) through S-box S1 – the row is 10 and the
column is 01, so the result is 00.
Apply P4 to the result of the S-boxes to get 0001.
Concatenate the left half after the swap (1011) with 0001 to get 1010. Join this with
the right half after the swap (1100) to get 10101100.
Apply IP-1 to get 01110001.
Convert 01110001 to decimal: 27+26+25+20 = 64+32+16+1 = 113. Look this up in
the ASCII table to get q. This is the ciphertext.
8
(Bonus) [3 points] Using cribs and Turing’s bombes, you have discovered the message key
for ten different messages so far today. How can you use this information to find the
scrambler and plugboard settings for the day key?
Each message contains 3-6 characters of ciphertext which is the message key,
encrypted using the day key. (Three if the message key is not repeated, six if it is.)
Since you’ve now figured out the message key for those messages, this is a crib.
The technique of problem 8 can be used to eliminate many scrambler settings which
don’t encrypt the known message key properly. Furthermore, the information from
multiple messages can be combined to eliminate more scrambler settings – you need
a setting S which not only encrypts the first letter of the message key in the first
message correctly, but also encrypts the first letter of the message key in the
second, third, fourth, etc. messages correctly.
As for the plugboard, the deductions done to determine if a setting is plausible also
provide information about at least some of the plugboard wirings. Also, since the
plugboard is the same for the day key and the message key, the wirings deduced
while establishing the message key for each message are applicable.
(Bonus)
[1 point] To what does the term “Triple Fence” refer?
The NSA (National Security Agency). This is from Stephen Levy’s book, “Crypto:
How the Code Rebels Beat the Government, Saving Privacy in the Digital Age” (which
was recommended reading).