課程名稱︰密碼學 課程性質︰ 課程教師︰陳君明 開課學院： 開課系所︰數學系 考試日期（年月日）︰2008.04.07 考試時限（分鐘）：180 是否需發放獎勵金：是 （如未明確表示，則不予發放） 試題 : Cryptography Midterm Exam I 2008/04/07 Part I (3 points each) 1. α belongs to GF8 is a root of x^3 + x + 1. Whose minimal polynomial is x^3 +x^2 + 1? A.α^2 B.α^4 C.α^3 + α^2 D.α^4 + α^2 E.None of the above 2. Which is a generator of the multiplicative group GF13*? A.4 B.5 C.8 D.9 E.None of the above 3. Which is a primitive polynomial over GF5? A.x^2 + 3 b.x^2 + 2x + 3 C.x^2 + 4 D.x^2 + 2x + 4 E.None of the above 4. Which quotient ring is isomorphic to GF125? A.GF5[x]/<x^3 + 2x + 2> B.GF5[x]/<x^3 + 3x + 3> C.GF5[x]/<x^3 + 2x + 3> D.GF5[x]/<x^3 + 3x + 4> E.None of the above 5. In a Feistel cipher, every encryption round consists of Li = Ri-1 and A.Ri = Ri-1⊕f(Li-1,ki) B.Ri = Ri-1⊕f(Ri-1,ki) C.Ri = Li-1⊕f(Ri-1,ki) D.Ri = Li-1⊕f(Li-1,ki) E.None of the above 6. Which is NOT a finalist of the AES selection? A.Serpent B.Twofish C.Rijndael D.RC4 E.None of the above 7. GF2[x]/(x^8 + x^4 + x^3 + x + 1)is selected to represent GF(s^8) in AES. In hexadecimal expressions, which is the multiplicative inverse of '3A' represented by x^5 + x^4 + x^3 + x? A.'0E' B.'16' C.'20' D.'3B' E.None of the above 8. In many implementations of AES, decryptions are faster than encryptions. It is mainly caused by which operation? A.MixColumn B.AddRoundKey C.ShiftRow D.SubByte E.None of the above 9. Which can NOT replace the square matrix in the affine transformation constructing the S-box of AES to become a new block cipher? A.┌0 1 0 1 0 0 1 0┐ B.┌1 1 0 1 0 1 1 0┐ │0 0 1 0 1 0 0 1│ │0 1 1 0 1 0 1 1│ │1 0 0 1 0 1 0 0│ │1 0 1 1 0 1 0 1│ │0 1 0 0 1 0 1 0│ │1 1 0 1 1 0 1 0│ │0 0 1 0 0 1 0 1│ │0 1 1 0 1 1 0 1│ │1 0 0 1 0 0 1 0│ │1 0 1 1 0 1 1 0│ │0 1 0 0 1 0 0 1│ │0 1 0 1 1 0 1 1│ └1 0 1 0 0 1 0 0┘ └1 0 1 0 1 1 0 1┘ C.┌1 0 0 0 1 0 0 1┐ D.┌1 0 0 0 1 1 1 0┐ E.None of the above │1 1 0 0 0 1 0 0│ │0 1 0 0 0 1 1 1│ │0 1 1 0 0 0 1 0│ │1 0 1 0 0 0 1 1│ │0 0 1 1 0 0 0 1│ │1 1 0 1 0 0 0 1│ │1 0 0 1 1 0 0 0│ │1 1 1 0 1 0 0 0│ │0 0 1 0 0 1 1 0│ │0 1 1 1 0 1 0 0│ │0 0 0 1 0 0 1 1│ │0 0 1 1 1 0 1 0│ └ ┘ └0 0 0 1 1 1 0 1┘ 10. Which statement is FALSE about the self-synchronizing stream cipher? A.The keystream is independent of the ciphertext string B.The remaining decryption fails if the synchronization is lost C.Encryption in small quantities, such as bit or byte D.No protection against message manipulation E.None of the above Part II (3 points each) #In the multiplicative group(Z35*.X): 24^(-1) (the multiplicative inverse of 24) = <11> |Z35*|(the order of the group) = <12> o(3) (the order of 3) = <13> #In the symmetric group S6: |S6| = <14> (16425)^(-1) = <15> (15364)(253)(14) = <16> ["Left-to-right" product here. For example, (123)(24) = (1423)] #Consider the affine cipher c = mp + s mod 40, where c and p denote the ciphertext and the plaintext respectively: The size of its key space(possibilities of (m,s)) is <17> Given the encryption formula c = 3p + 16 mod 40, the corresponding decryption formula is p = <18> mod 40 #The solution to the congruence equation 75x = 10 (mod 505) is x = <19> (mod <20>) #To prove that α is a generator of the multiplicative group GF625*, it is sufficient to show that α^a != 1, α^b != 1, and α^c != 1. If 1<a<b<c<625, then a = <21> and c = <22> #Consider the sequence generated by an LFSR of linear complexity 4: 1,1,0,1,0,1,1,0,0,1,... The corresponding connection polynomial is <23> The period of the sequence is <24> The next three bits (11th ~ 13th bit) of the sequence are <25> #GL2(GF5) = The group of invertible 2x2 matrices with entries in GF5. |GL2(GF5)|(the order of the group) = <26> |SL2(GF5)|(the order of the subgroup with determinant 1) = <27> #Fill in the data block size of DES and AES, and the number of different S-boxes of DES: ┌──────────────┬───┬──────┐ │ │ DES │ AES │ ├──────────────┼───┼──────┤ │Key Size(bits) │ 56 │128 192 256 │ ├──────────────┼───┼──────┤ │Block Size(bits) │ <28> │ <29> │ ├──────────────┼───┼──────┤ │Number of Rounds │ 16 │ 10 12 14 │ ├──────────────┼───┼──────┤ │Number pf Different S-box(s)│ <30> │ 1 │ └──────────────┴───┴──────┘ Part III (Write down all details of your work) <31>.(4points) Introduce one of the wSTREAM phase 3 candidates, Write down the name of the stream cipher. Sketch its algorithm, analysis, performance, etc. <32>.(3points) Find integers a and b such that 28a+37b=1. <33>.(3points) Over GF2,find polynomials f(x) and g(x) such that f(x)(x^2+x) + g(x)(x^4+x+1) = gcd(x^2+x,x^4+x+1) -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 59.117.65.33