Security & Cryptography I - Exercises 2023/2024

Exercises

Extra Slides for the Exercises (.pptx)

Extra Slides for the Exercises (.pdf)

02.11.2023

Question 1, 2, 3, 4 from "Test questions"

Exercises 1-1, 1-2, 1-3, 1-4, 1-6  from "Material for the Exercises"

16.11.2023

Exercises 2-2, 2-3  from "Material for the Exercises"

30.11.2023

Question 7, 8, 9, 10, 13, 15, 16 from "Test questions"

Exercises 3-4, 3-6 from "Material for the Exercises"

Find the flaws in the symmetric/asymmetric version of the Needham-Schroeder-Protocols.

14.12.2023

Exercises 3-13a, b, c, d, e , f from "Material for the Exercises"

18.01.2024

 17, 18, 20 from "Test questions"

Exercises 3-17, 3-18a,b, 3-20a from "Material for the Exercises"

01.02.2024

Modes of Operation

1) What are the requirements with respect to the nonce / initialisation vector then using CBC mode (and why)? Try to thing in attacks: imagine possible attacks, if the required IV properties are not fullfilled.

2) Assume your task is to design whole disk encryption. What are general requirements? How would your algorithm work (think about the modes of operation you have learned)? What would be your attacker model and which protection goals could you achieve?

Insecure Hash Functions

(taken from Enes Pasalic, https://www.famnit.upr.si/sl/resources/files/knjiznica/studijsko-gradivo/epasalic-hashfunc-zbirka-nalog-2.pdf)

a) Let h(x) be a second-preimage and collision resistant hash function, which produces hash values of size n bits. Let h'(x) a hash function which outputs:

  • 0|x, if len(x)≤n  
  •  1|h(x) otherwise.

Show what h'(x) is not preimage resistant, but second-preimage and collision resistant.

Other Exercises

Exercises 3-8, 3-11, 3-22a,b,e, 3-23, 3-27 from "Material for the Exercises"

About this page

Stefan Köpsell
Last modified: Feb 01, 2024