課程名稱︰密碼學 課程性質︰ 課程教師︰陳君明 開課學院： 開課系所︰數學系 考試日期（年月日）︰2007/4/16 考試時限（分鐘）：約150mins左右 是否需發放獎勵金：是 （如未明確表示，則不予發放） 試題 : PartI (3 points each) 1.Which value of Legendre symbol or Jacoby symbol is correct? A.(13/53)=-1 B.(15/55)=-1 C.(17/57)=-1 D.(19/59)=-1 E.non of the above 2.Which hash function is simply a truncated version of SHA-512,computed with different initial values? A.SHA-384 B.SHA-256 C.MD5 D.RIPEMD-160 E.none of the above 3.In which operation of AES, each set of four bytes in a state is treated as a degree-3 polynomial over F256? A.ByteSub B.MixColumn C.AddRoundKey D.ShiftRow E.none of the above 4.By which mode of operation, a block cipher can be used to construct a self-synchronizing stream cipher? A.ECB B.CBC C.OFB D.CFB E.none of the above 5.Which value of Euler φ-function is NOT equal to 40? A.φ(41) B.φ(75) C.φ(88) D.φ(132) E.none of the above 6.Denote h as a hash function, k as a key, m as a message, p1 and p2 as padding strings. Which is the value of HMACk(m)? A.h(k||m) B.h(m||k) C.j(k||p||m||k) D.h(k||p1||h(k||p2||m)) E.none of the above 7.Whose size of the key space is approximately equal to the complexity of finding a collision of SHA-224? A.193-bit AES B.256-bit AES C.2-key TripleDES D.3-key TripleDES E.none of the above 8.Which statement is FALSE about the eSTREAM project? A.The gola is to identify new stream ciphers that might become suitable for widespread adoption B.Profile1 contains submissions of streams ciphers for hardware applications with high throughput requirement C.Profile2 contains submissions of stream ciphers for hardware gate count, or power consumption. D.Profile 1A or 2A contains stream ciphers satisfying Profile 1 or 2 with an associated authentication method respectively E.none of the above 9.Which is true about the symmetric group S5? A.|S5|=60 B.<1,2,3,4,5> is a normal subgroup C.(S5:S4)=10 D.(S5:<(1,2,3),(1,2)>)=30 E none of the above 10.In a Fiestel cipher, every encryption round consists of L_i=R_i-1 and A.R_i=L_i-1 XOR f(R_i-1,k_i) B.R_i=L_i-1 XOR f(L_i-1,k_i) C.R_i=R_i-1 XOR f(L_i-1,k_i) D.R_i=R_i-1 XOR f(R_i-1,k_i) E.none of the above Part.II (3 points each) ●Consider the ecciptic curve group defined by y^2=x^3+x over F23. There are 23 points satisfying the equation as the graph below (試卷上有附圖) Let P=(1,5) and Q=(9,18) ■The order of the eeliptic curve group is _____ ■P+Q=______ ■-Q=______ ■2P=______ ■4P=______ ■2007P=______ ●Since P(x)=x^5+2x+1 is irreducible over F3, the quotient ring K=F3[x]/P(x) is a finite field. Let Q(x)=x^2+2x+1 ■The number of elements in K is ______ ■Q(x)^1213 = 2x^3+______ in K ■Q(x)^-1 = x^4+______ in K ■To prove that P(x) is primitive, it is sufficient to show x^m≠1 and x^n≠1 in K where m,n>0. We have min(m,n)=______ ●Assume the periodic sequence 1,0,1,1,1,0,0,1,0,1,1,1,0,0,... of period 7 is generated by an LFSR (Linear Feedback Shift Register) ■If the connection polynomial is primitive, it is ______ ■The linear complexity of the sequence is ______ ●Determine the period of the sequence generated by LFSR of register length 8 with non-zero initial state and connection polynomial C(x) ■C(x)=x^8+x^5+x^3+x^2+1 (primitive), then the period is ______ ■C(x)=x^8+x^5+x^4+x^3+1 (irreducible but not primitive), then the period is ______ ■C(x)=x^8+x^5+x^3+1 (reducible), then the maximal possible period is _____ (本題後來送分) ●Consider the integer values of x satisfying x≡11(mod27) and x≡10(mod29) ■The smallest positive solution is x=______ ■The largest negative solution is x=______ ●For a set G, we denote (G,+) as an additive group and (G,×) as a multiplicative group respectively. Consider the homomorphism h:(Z,+) -> (Z31*,×) defined by h(x)=4^x (mod31) ■(Z/Ker(h),+) is isomorphic to (Z_n,+) where n=______ ■The index ((Z31*,×):(Im(h),×) = ______ ■Apparently 4 is not a generator of the cyclic group (Z31*,×). The smallest positive integer generating (Z31*,×) is ______. PartIII. (Write down all details of your work) (2 pts) Sketch the flow chart of CBC-MAC (3 pts) Sketch the flow chart of OFB mode (Output Feedback),including both encryption and decryption. ● A cryptographic hash function should satisfy these three assumptions: (A)Pre-image Resistant Given y, hard to find x such that h(x)=y (B)Collision Resistant Hard to find any x≠x' such that h(x)=h(x') (C)Second Pre-image Resistant Given h(x), hard to find x' (≠x) with h(x)=h(x') Denote "M>N" as "M is a stronger assumption than N" (2 pts) Order the strength of the assumptions (A)(B)and(C). That is,answer in the form of "L>M>N" (3 pts) Prove your claim between (A) and (B) -- <( ￣▽￣)/ 你知道嗎？ ╭═════════════════════════════╮ ║ 如果你平均一年感冒三次的話 ║ ║ 你明天就感冒的機率是0.82% 今年不得感冒的機率是4.98% ║ ╰═════════════════════════════╯ 　　　　 原來如此...筆記筆記ψ(–﹏– )> -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 61.228.101.132