CI7100 Cryptography and Applications
1. This assessment was designed to be completed within the time specified on the front cover. However, Canvas will remain open for a further two hours to allow for any additional time for modified arrangements or any technical difficulties.
2. If you experience technical difficulties, e.g. access and upload issues, or identify a potential error in a question please email the module leader who will be available throughout the exam.
3. You must not collaborate with anyone on this assessment, it should be wholly your own work. Your work will be checked for evidence of plagiarism and/or collusion using Turnitin. Submission Guidance
1. You should submit your answers as a single word document via Canvas. Add your ID to the top of each page and indicate the questions you have answered on the first page of your document.
2. If you include graphics in your answer please embed these into the word document (e.g. a photograph of a hand-drawn graphic). The source of any copied and pasted figures should be cited.
3. Please make sure to save your work regularly and leave plenty of time to upload your work before the deadline. Late submissions will not be marked. Continued…
This section contains THREE questions.
1. Secret sharing and secret splitting are techniques that can provide confidentiality without the use of keys.
(a) Explain the concept of secret splitting. In particular, elaborate on the notions of dealer, shares and shareholders. What is a (k,n) threshold scheme, and how does it relate to secret splitting?
(b) Shamir introduced secret sharing based on polynomial interpolation.
(i) Explain how to use this scheme generically in order to create a secret splitting scheme for n=2 shareholders.
(ii) Using the secret splitting scheme designed in the previous question part, share the secret s=d where d is the last non-zero digit of your student ID number. Give all the three shares that need to be distributed.
(c) The goal of a Public Blockchain system is to enable users to anonymously send transactions stored on a public ledger. These transactions can be read by anyone, but cannot be modified once stored. Sketch a security architecture for a multi-blockchain application based on secret sharing, where transactions can be sent using several, different Blockchain systems (you do not have to mention any specific systems). This architecture would provide transaction confidentiality, without the use of encryption. Provide a diagram and a description of the security architecture, without going into details.
2. The RSA algorithm remains a popular method for implementing public key encryption.
(a) Outline the different steps for computing the public and private key, based on the initial choice of suitable numbers.
(b) Describe under which circumstances the algorithm is considered to be secure.
(c) Discuss attacks on RSA that could arise in real-world application scenarios. For each attack, describe a suitable control.
Between 1997 and 2000, the National Institute of Standards and Technology (NIST) held a competition to choose an algorithm for the proposed Advanced Encryption Standard (AES) intended to replace the existing Data Encryption Standard (DES).
(a) In 2001 “Rijndael” was selected from amongst 15 competing algorithms as the new AES standard.
(i) Briefly describe some of the similarities and differences between Rijndael and the DES algorithm.
(ii) Explain why AES was an improvement upon the existing Data Encryption Standard (DES) cipher.
(b) A supercomputer performing 1013 decryptions/second performs bruteforce cryptanalysis of the following two messages:
· A message encrypted in DES
· A message encrypted in AES using a 128 bit key.
Explain, using calculations where necessary, whether each of these attacks is viable.
(c) S-AES is a simplified version of the Rijndael algorithm based on the finite field GF(24
(i) If the cipher is supplied with the 16-bit key 1011001001001101, find (using the AES worksheets in Appendix 1) the three 16-bit round keys.
(ii) Using the round keys that you obtained in part (i) above, use the
iii) may be performed using the lookup tables in Appendix 2.)