課程名稱︰密碼學 課程性質︰ 課程教師︰陳君明 開課學院： 開課系所︰數學系 考試日期（年月日）︰2010/04/27c 考試時限（分鐘）：180 是否需發放獎勵金：是 （如未明確表示，則不予發放） 試題 : Part I (3 points each) 1. α belongs to GF8 is a root of x^3+x^2+1. Whose minimal polynomial is x^3+x+1? A.α^2 B.α^4 C.α^4+α^2 D.α^4+α^3 E.None of the above 2. Which is NOT a finalist of the AES selection? A.MARS B.Rijndael C.Twofish D.IDEA E.None of the above 3. Which irreducible polynomial over GF5 is primitive? A.x^2+2 B.x^2+x+1 C.x^2+2x+3 D.x^2+4x+1 E.None of the above 4. In the "Mix Columns" operation of AES, each column is treated as a polynomial over GF256 and is multiplied modulo r(x) with fixed 3x^3+x^2+x+2. What is r(x)? A.x^4 B.x^4+1 C.x^4+x+1 D.x^4+x^2+1 E.None of the above 5. Which statement about the one-time pad(OTP) is FALSE? A.XOR operation is often used to combine the plaintext and the key elements B.It is information-theoretically secure with the so-called perfect secrecy C.To be unbreakable, its key has to be truly random and never reused D.Such system with the perfect secrecy property is widely used in practice E.None of the above 6. For a group homomorphism f:(Z16, + mod 16)→(Z17*, ×mod 17), which assignment of the value of f(1) makes f an isomorphism? A.2 B.4 C.6 D.8 E.None of the above 7. Which ideal is NOT a principal ideal in the specified ring? A.<x,y> in Z[x,y] B.<x^2-1> in Q[x,y] C.<6,15,33> in Z D.<x+1,x^2> in Q[x] E. None of the above 8. Which quotient ring is isomorphic to GF64? A.GF2[x]/<x^6+x^5+x^4+x^3+x^2+x+1> B.GF2[x]/<x^6+x^4+x^3+x^2+1> C.GF2[x]/<x^6+x^2+1> D.GF2[x]/<x^6+x^4+x^3+1> E.None of the above 9. Which multiplicative group is NOT of order 36? A.Z37* B.Z63* C.Z108* D.Z126* E.None of the above 10.Which mode of operation for decryption does the diagram below show? A.OFB B.CFB C.ECB D.CBC E.None of the above initialization Vector(IV) ↓ ┌───────┐ Block Cipher │ ↓ Key→ Encryption │ Block Cipher ↓───────┘ Key→ Encryption Ciphertext→＋ ↓ ↓ Ciphertext→＋ Plaintext ↓ Plaintext Part II (3 points each) In the multiplicative group(Z65*,×): 17^-1(the multiplicative inverse of 17)= [11] o(3)(the order of 3)=[12] Complete the table: Block Cipher Block size(bits) Key size(bits) Triple-DES 64 112 of [13] IDEA 64 128 AES 128 128,192, or [14] SMS4 [15] 128 To prove that x is a primitive element in Z63, it is sufficient to show x^m!=1 and x^n!=1 where 0<m<n. We have (m,n)=([16],[17]). Since P(x)=x^5+2x+2 is reducible over F3, the quotient ring K=F3[x]/(P(x)) is a finite field. Let Q(x)=x^2+2x+1. The number of elements in K is |K|=[18]. Q(x)^1213 = [19] in K. Q(x)^-1 = [20] in K. x=[21](mod [22]) is the solution to the system of congruences 2x=1(mod 3) x=3(mod 10) 5x=4(mod 67) GL3(Z7) is the group of invertible 3 ×3 matrices with entries in Z7, and SL3(Z7) is its subgroup consisting of the matrices with diterminant1. Their group orders are |GL3(Z7)|=[23] and |SL3(Z7)|=[24]. Consider the affine cipher c=mp+s mod 50, where c and p denote the ciphertext and the plaintext respectively: The size of its key space(possibilities of (m,s)) is [25]. Given the encryption formula c=7p+11 mod 50, the corresponding decryption formula is p=[26] mod 50. The S-box of AES is constructed as follows. a[i,j]→a[i,j]^-1→b[i,j] a[i,j]×a[i,j]^-1=1(mod x^8+x^4+x^3+x+1) but 0^-1=0 Affine transformation:a[i,j]^-1→b[i,j] Finish the mappings: 00000000→00000000→01100011 00000001→00000001→01111100 00000011→ [27] → [28] b[i,j] a[i,j] ┌ ┐ ┌ ┐┌ ┐ ┌ ┐ │y0│ │1 0 0 0 1 1 1 1││x0│ │1│ │y1│ │1 1 0 0 0 1 1 1││x1│ │1│ │y2│ │1 1 1 0 0 0 1 1││x2│ │0│ │y3│=│1 1 1 1 0 0 0 1││x3│+│0│ │y4│ │1 1 1 1 1 0 0 0││x4│ │0│ │y5│ │0 1 1 1 1 1 0 0││x5│ │1│ │y6│ │0 0 1 1 1 1 1 0││x6│ │1│ │y7│ │0 0 0 1 1 1 1 1││x7│ │0│ └ ┘ └ ┘└ ┘ └ ┘ Applying the secret the permutation (123456) belongs to S6 on the plaintext (346215) CRYPTO, we obtain the ciphertext TPCROY. Suppose the permutation σ belongs to S6 is applied on CRYPTO to obtain POCTYR, then σ^2=[29] and σ^-1=[30] Part III (Write down all details of your work) [31](4 points)Find integers a and b such that 31a+53b=1. [32](6 points)Explain why a block cipher of Feistel structure has the same algorithm for both encryption and decryption. -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 59.117.65.208