University of Virginia, Department of Computer Science
CS551: Security and Privacy on the Internet, Fall 2000

Problem Set 1: Classical Ciphers Out: 30 August 2000
Due: 11 September 2000, before class

Collaboration Policy

You may work with up to two other students on this problem set. You must write up your answers independently, and understand completely everything you turn in. Working together means discussing the questions and criticing possible solutions; it does not permit splitting up questions in a group.

You may consult any outside resources you wish including books, papers, web sites and people. If you use resources other than the class materials, indicate what you used along with your answer.

Problem set answers may be hand-written, but only if your hand writting is neat enough for us to read it.

For full credit, answers must be clear and concise.

1. Security Principles

a. (5) Use two examples from the Feynman story, Safecracker Meets Safecracker to illustrate the tradeoff between security and convenience.

b. (5) What (if anything) should the army have done differently?

2. Cryptogram

(20) Decrypt the encrypted message below. It is known to be English. Show your work and explain the process you used, including any programs you wrote.
VPTGN YIFWF HDETO UNTJS NOHKK VDGUZ IOCCH NVIPZ UYTQZ
UQECK OKETK OKETK UAECF XCAFH YJPNW AJTQS FGTJS NORQM
VGEVG BJIUL NCEVZ CIGWH CITQZ CNOHX CXECF XCEFA XITGN
YIBQL BZRVG MZTVZ YXOOT CIAVA II
The ciphertext letter frequencies are:
    *                                               
    *                                 *             
    *           *                     *             
    *           *                     *             
    *   *       *         * *         *   *         
    *   *   *   *         * *         *   *       * 
    *   * * *   *   *     * *         *   *       * 
*   *   * * * * *   *     * *   *     * * *   *   * 
*   *   * * * * * * *     * *   *     * * *   * * * 
*   *   * * * * * * *     * *   *     * * *   * * * 
* * *   * * * * * * *     * * * *   * * * * * * * * 
* * * * * * * * * * * * * * * * * * * * * * * * * * 
* * * * * * * * * * * * * * * * * * * * * * * * * * 
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 

3. Jefferson's Cipher

While serving as George Washington's secretary of state, Thomas Jefferson invented the wheel cipher. Cryptographically, it was much more advanced than most ciphers in use at the time. The US Army used a variant of the Jefferson Wheel cipher from 1923-1942.

Jefferson's Wheel Cipher consisted of 26 wheels, each containing the letters of the alphabet around their rim in random order. The wheels are arranged on a spindle in a order agreed to between the sender and recipient.

To encode, the operator roates the wheels to spell out the plaintext message along a row. One row of text is choosen as the ciphertext. To decode, the operator must have the same wheels and know the key for ordering the wheels on the spindle. When the wheels are aligned, one row should stand out as the correct plaintext.

a. (5) Assuming the arrangement of the letters on the wheels is known by a potential attacker (that is, the only secret is the order of the wheels on the spindle), how large is the search space for a brute-force attack?

b. (5) If the arrangement of letters on the wheels is also unknown to the attacker, how large is the search space for a brute-force attack?

c. (5) Suggest a known-plaintext attack: determine the key given known wheels and a known plaintext. Estimate how much plaintext is necessary for a successful attack.

d. (10) Describe a ciphertext-only attack.

Note: Try Challenge Problem #1 (http://www.cs.virginia.edu/cs551-security/challenges/challenge1.html) to see if your attack works in practice.

e. (10) Jefferson Wheel operators tend to be careless and always choose either the 3rd line above the plaintext for the ciphertext. How much easier is a ciphertext-only attack if this is done?

4. Padding Cakes

Maury Bond, Secret Agent 000, wants to give the directions to the super ray gun to his colleagues Sly McCraken, Cript O'Hacker and Trey Tor. The message M is n-bits long. He suspects one of them may be a double agent, so he divides the message as follows: a. (5) How can Sly, Cript and Trey determine M?

b. (10) Is the scheme secure? Argue convincingly that either (1) it is secure - no two people can determine any bit of M with probability greater than 1/2; or (2) is it insecure - two peoople can conspire to determine a bit of M with probability greater than 1/2.

c. (10) Sly, Cript and Trey gather in Borneo to combine their messages and track down the super ray gun. Sly reveals K_1, Cript reveals K_2, and Trey reveals a n-bit random sequence. They combine the keys to determine M, but a meaningless bit sequence results. Sly and Cript leave the island befuddled, while Trey uses K_1, K_2 and C (which he kept to himself) to construct M and locate the super ray gun for himself. What could be done to prevent this?

d. (10) Maury is worried that if one agent is killed, the others will never be able to find the super ray gun. He believes it is unlikely that more than one agent will be killed, however. Suggest a scheme Maury can use to distribute the message so that any two agents can combine their shares to determine the message, but no one agent alone can decipher the message.

e. (up to 20 bonus points) Suggest a scheme that scales to 99 out of 100 agents that doesn't require an unreasonable about of key data.

5. Feedback

Your answers to these questions are optional and will not effect your grade in any way, but may help the course staff improve future problem sets.

a. How long did you spend on this problem set?
b. Did any problem seem unfairly hard?
c. Did any problem seem like too much tedious work?


CS 655 University of Virginia
Department of Computer Science
CS 551: Security and Privacy on the Internet
David Evans
evans@virginia.edu