IITH and CRRao AIMSCS
M.Tech. in Information Security
CS6160: Cryptology, Fall2013
Monday 11:30am12:55pm, Classroom 123
Tuesday 2:30pm3:55pm, Classroom 123
Instructor: Vishal Saraswat, Email: vishal.saraswat@gmail.com
Office Hours: Mondays, 10:00am  11:15am or by appointment
(Visiting Faculty Room / Server Room)
Feedback Form (Anonymous)
Back to Class Page
Announcements
 12Nov:
 Endsem exam is on Monday, 18 November 2013 from 9:00am11:00am in LH1
 12Nov:
 Homework 12 and 13 solutions are now available
 28Oct:
 Homework 9, 10 and 11 solutions are now available
 28Oct:
 Homework 13 submission deadline is Friday 08Nov 11:59pm
 28Oct:
 Homework 12 submission deadline is Sunday 03Nov 11:59pm
 07Oct:
 Slides updated (Covers lectures upto 08Oct and HW 11).
 07Oct:
 Homework 8 solutions uploaded
 01Oct:
 Homework 8 submission deadline extended again (to Sunday 06Oct 11:59pm)
 01Oct:
 Homework 7 submission deadline extended again (to Wednesday 02Oct 11:59pm)
 01Oct:
 Midterm info available
 21Sep:
 Slides updated.
 21Sep:
 Midterm is on Friday, 27 September 2013, from 3:00pm5:00pm
 21Sep:
 Homework 8 submission deadline extended to Wednesday 02Oct 11:59pm
 21Sep:
 Homework 7 submission deadline extended to Tuesday 01Oct 11:59pm
 19Sep:
 Solutions to Homework 6
 17Sep:
 Test Vectors for HW 13.
 17Sep:
 Slides updated.
 03Sep:
 Slides uploaded.
 29Aug:
 Homework 3 info updated.
 12Aug:
 Grading policy and exam schedule updated in the syllabus.
 02Aug:
 Welcome to Cryptology: Fall 2013.
Back to Class Page
Homeworks
All the programming assignments are to be done in C
or C++
. Submit one single text (.c or .cpp) file with the "readme" section on the top. The name of the file must be of the format "id1id2id3hw1.c" or "id1id2id3hw1.cpp". The file should be emailed to me by the submission deadline with heading "Cryptology Homework #".
 Homework 1: (Due Tuesday 13Aug 11:59pm)
 Implement Euclidean and extended Euclidean algorithm to find the inverse, if any, of an integer a modulo another integer m.
Your program should take as user inputs a and m and output a^{1} mod m.
 Homework 2: (Due Tuesday 20Aug 11:59pm)
 Implementation of Vigenere Cipher.
Your program should do both encryption and decryption. It should take as user inputs, the task to be performed, a key k and a text m and output the encryption or decryption e.
The input case could be upper or small or mixed. Convert all and output in upper case for encryption and in lower case for decryption.
 Homework 3: (Due Monday 2Sep 11:59pm)
 Implement the Euclidean algorithm to find the GCD of two polynomials f and g with integers coefficients. Your program should take as user inputs f and g and output a polynomial h = gcd(f,g).
 Extra Credit: Same as above but for polynomials with coefficients from Z_{m} for some integer m > 1.

 The greatest common divisor (GCD) of two integers a and b is an integer d > 0, denoted d = gcd(a,b) with the following properties:
 d divides a and b.
 c divides a and b ⇒ c divides d.
 The definition of the GCD, h, of two polynomials, f and g, is similar to that for integers with the exception that the condition 'h > 0' is not there.
 The GCD of two polynomials is not unique BUT it is unique upto a multiplication by an invertible element. That is, if both h_{1} and h_{2} satisfy the conditions for gcd, then h_{1} = d_{1}h_{2} and h_{2} = d_{2}h_{1} for some polynomials d_{1} and d_{2} so that d_{1}d_{2} = 1, implying that both d_{1} and d_{2} are invertible polynomials.
 For your main homework,

For an integer polynomial f let d_{f} denote the gcd of the integer coefficients of f and let f = d_{f}f_{d}.
 Find the GCD H_{Q} of the two polynomials f_{d} and g_{d} as if you were working over rationals (so division is allowed).
 Convert the rational coefficients of H_{Q} to integer coefficients by multiplying a suitable integer and call this polynomial H.
 Let H = d_{H}H_{d} where d_{H} is the gcd of the coefficients of H.
 Finally, h = gcd(f,g) = gcd(d_{f},d_{g}) H_{d} where gcd(d_{f},d_{g}) is the GCD of integers.
 Homework 4: (Due Tuesday 3Sep 11:59pm)
 Write a comparative report on the five modes of operation of block ciphers.
 Homework 5: (Due Tuesday 10Sep 11:59pm)
 Write a report on the meetinthemiddle attack on DDES.
 Write a report on the security of two key 3DES.
 Homework 6: (Due Tuesday 17Sep 11:59pm)

Assume that function f: {0,1}^{m} → {0,1}^{m} is bijective, but oneway. Let h: {0,1}^{2m} → {0,1}^{m} as follows. Given x ∈ {0,1}^{2m}, we can write x = x_{l}  x_{r}, where x_{l} and x_{r} are in {0,1}^{m}. We define h(x) = f(x_{l} ⊕x_{r}). Prove or disprove: h is second preimage resistant.

When there is a lot of data to encrypt, using DES ECB mode is insecure because of the block permutation attack. In other words, blocks of encrypted data can be swapped without the receiver (decryptor) noticing. Suggest a secure way to address these issues.
 Let DES_{K}(m) represent the encryption
of plaintext m with key K using the DES cryptosystem. Suppose
y=DES_{K}(m) and y′=DES_{c(K)} (c(m)), where
c(·) denotes the bitwise complements of its argument. Prove that y′ = c(y)

Consider the following ways to "strengthen" DES:
 (i) DES_{1}: E_{K2}(K_{1} ⊕ M)
 (ii) DES_{2}: K_{1} ⊕ E_{K2}(M)
where K_{1} and K_{2} are two different keys 
K_{1} is a 64 bit key and K_{2} is a 56 bit key.
Show that both these proposals do not increase the work needed to break the
cryptosystem using bruteforce key search. That is, show how to break these
schemes using on the order of 2^{56} DES encryptions/decryptions. You may
assume that you have a moderate number of (plaintext, ciphertext) pairs.
 Homework 7: (Due Wednesday 02Oct 11:59pm)
 Homework 7
 Homework 8: (Due Sunday 06Oct 11:59pm)
 Homework 8
 Homework 9: (Due Tuesday 08Oct 11:59pm)
 Homework 9
 Homework 10: (Due Tuesday 15Oct 11:59pm)
 Homework 10
 Homework 11: (Due Tuesday 22Oct 11:59pm)
 Homework 11
 Homework 12: (Due Sunday 03Nov 11:59pm)
 Homework 12
 Homework 13: (Due Friday 08Nov 11:59pm)
 Homework 13
Back to Class Page
Exams
 12Nov:
 Endsem exam is on Monday, 18 November 2013 from 9:00am11:00am in LH1
 01Oct:
 Midterm solution sketch
 The scores on the exam are as follows
 22.25, 22.00, 21.50, 20.50, 20.50, 20.25, 20.00, 20.00, 19.25, 18.75, 18.75, 18.50, 18.25, 18.00, 17.75, 17.50, 17.50, 17.00, 16.50, 16.25, 16.00, 15.75, 15.50, 15.25, 15.00, 15.00, 14.75, 14.75, 14.50, 14.50, 14.00, 14.00, 13.00, 13.00, 12.50, 12.50, 12.50, 12.25, 10.50, 10.50, 10.00, 10.00, 10.00, 9.50, 9.50, 9.25, 9.00
The average was 15.40 and the median was 15.25.
 21Sep:
 Midterm is on Friday, 27 September 2013, from 3:00pm5:00pm
Back to Class Page
Useful Links
 CSCI 5471  Modern Cryptography
 Handbook of Applied Cryptography