SFS-

Cryptography May 21, 2012

Hands-on
Learning
University of Tennessee at Chattanooga
Table of Contents
1.1 Lab - Encryption Using Classical Techniques ........................................................................................... 2
Solution of Play Fair Cipher ........................................................................................................................... 3
1.2 Lab on Frequency Analysis ...................................................................................................................... 4
Getting Started.......................................................................................................................................... 5
Fill In The Code… ....................................................................................................................................... 6
Lab Questions............................................................................................................................................ 6
What To Turn in: ....................................................................................................................................... 7
2.1 Lab on encryption using binary/byte addition...................................................................................... 11
2.2 Encryption using binary Exclusive-OR (XOR) ......................................................................................... 18
2.3 Triple DES with CBC mode and Weak DES keys .................................................................................... 22
2.4 Lab on Testing Different Modes in Symmetric Ciphers ........................................................................ 27
Lab Tasks ................................................................................................................................................. 27
Task 1 Implement DES and AES ciphers............................................................................................. 28
Task 2 Investigate Properties of Modes in DES and AES ................................................................... 28
3.1 Lab on RSA Encryption and Factorization Attacks ................................................................................ 32
Attack on RSA encryption with short RSA modulus .................................................................................... 42
3.2 Lab on Short Message RSA Attacks and Padding .................................................................................. 53
3.3 Lab on RSA Timing Attacks .................................................................................................................... 54
RSA Timing Attacks.............................................................................................................................. 54
4.1 Lab on hash generation and sensitivity of hash functions to plaintext modifications ......................... 56
4.2 Lab on Hash Function ............................................................................................................................ 60
5.1 Lab on Digital Signature Visualization ................................................................................................... 61
5.2 Lab on RSA Signature ............................................................................................................................ 67
5.3 Lab on Attack on Digital Signature/Hash Collision................................................................................ 74
5.4 Lab on Digital Signature ........................................................................................................................ 77

υ
 1.1 Lab - Encryption Using Classical Techniques
In this project you will develop a program to encrypt plaintext text given a keyword. The plaintext will
be encrypted by Playfair cipher and the cipher text is displayed for a user.

Playfair Cipher (description taken from William Stallings “Cryptography and Network Security, Principles
and Practice) is the best-known multiple letter encryption cipher, which treats diagrams in the plaintext
as single units and translates these units into cipher text diagrams. (This cipher was actually invented by
British scientist Sir Charles Wheatstone in 1854, but it bears the name of his friend Baron Playfair of St.
Andrews, who championed the cipher at the British foreign office.)

The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using a keyword. Here
is an example:

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the
matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is
encrypted two letters at a time according to the following rules:

1. Repeating plaintext letters that would fall in the same pair are separated with a filler letter, such
as x, so that balloon would be enciphered as ba lx lo on.

2. Plaintext letters that fall in the same row of the matrix are each replaced by the letter to the
right, with the first element of the row circularly following the last. For example ar, is encrypted
as RM.

3. Plaintext letters that fall in the same column are each replaced by the letter beneath, with the
top element of the row circularly following the last. For example, mu is encrypted as CM.

4. Otherwise, each plaintext letter is replaced by the letter that lies in its own row and column
occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM).

φ
 Solution of Play Fair Cipher
1. Double-click to Open NetBeans
2. Click File > Open Project and browse to Play Fair project under \Desktop\Crypto\Programming-
Sol\1.1-Playfair-(Java)
3. Select NetBeans Project and Click Open Project.
4. Browse playfair > Source Packages > playfair
5. Double-click to look at code in playfair.java
6. Right click PlayfairGUI.java and click Run File. Enter KEYWORD as Keyword and click Generate
Key Table.

7. Enter HELLO HAPPY FEET in Plaintext Message and click Encrypt

8. Close the Window of Playfair Encrypter

χ
 1.2 Lab on Frequency Analysis
The cryptanalyst can benefit from some inherent characteristics of the plaintext language to
launch a statistical attack. For example, we know that the letter E is the most frequently used
letter in English text. The cryptanalyst finds the mostly-used character in the ciphertext and
assumes that the corresponding plaintext character is E. After finding a few pairs, the analyst
can find the key and use it to decrypt the message. To prevent this type of attack, the cipher
should hide the characteristics of the language. Table 1 contains frequency of characters in
English.

Table 1 Frequency of characters in English

Cryptogram puzzles are solved for enjoyment and the method used against them is usually some form of
frequency analysis. This is the act of using known statistical information and patterns about the plaintext
to determine it. In cryptograms, each letter of the alphabet is encrypted to another letter. This table of
letter-letter translations is what makes up the key. Because the letters are simply converted and nothing
is scrambled, the cipher is left open to this sort of analysis; all we need is that ciphertext. If the attacker
knows that the language used is English, for example, there are a great many patterns that can be
searched for. Classic frequency analysis involves tallying up each letter in the collected ciphertext and
comparing the percentages against the English language averages. If the letter "M" is most common
then it is reasonable to guess that "E"-->"M" in the cipher because E is the most common letter in the
English language. These sorts of clues can be bounced off each other to derive the key and the original
plaintext. The more collected cipher text the attacker has, the better this will work. As the amount of
information increases, its statistical profile will draw closer and closer to that of English (for example).
This sort of thing can also be applied to groups of characters ("TH" is a very common combination in
English for example). The example frequency analysis image above was performed on the first three
sentences of this paragraph turned into a cryptogram. As you can see, the English language is very
predictable with regard to letter frequency and this can exploited in some situations to break ciphers.

ψ
The goal of this lab is to gain a better understanding of a statistical attack by programming some of the
important components to analyze/manipulate arrays of characters. You will be given an almost fully
working C# .NET application (contained in CPSC4600-Lab1.zip). To get this application fully working, you
will need to implement the empty methods. After these methods are complete, the program can then
be used to complete the remainder of the lab. You do not need to change any of the UI code to get this
working, only methods in the Encryption.cs class.

Getting Started
-Open up Visual Studio 2008. (If you do not have a copy for your own computer, it is available through
the Microsoft Academic Alliance Program as well as Microsoft’s Dreamspark web site)

-Open up the .sln file in StatisticalAnalysis folder with Visual Studio 2008

-The project’s contents will be listed on the right-hand side of the IDE.

-MainForm.cs is the UI code that can be left alone (if you would like to tinker with it, you may want to
work on a copy)

-StatisticalAnalysis.cs contains the methods you will need to implement in order to finish the lab. C# is
very much like Java, if you have any questions about the language MSDN is a great resource
(http://msdn.microsoft.com/en-us/vcsharp/aa336809.aspx)

ω
Fill In The Code…
Read the descriptions and hints carefully and fill in the missing methods in StatisticalAnalysis.cs.

// Pre-conditions: a class char[] called Transformation exists

// in the class; the value p is an input parameter
// Post-conditions: the contents of the class char[] called
// Transformation has been shifted by p characters
// (make sure it wraps around!)
// HINT: the modulus operator is %
public void ShiftTransformationArray(int p)

// Pre-conditions: a static char[] called Alphabet of length 26

// containing the alphabet (in UPPER CASE!!),
// and the string inputStr is an input parameter
// Post-conditions: an int[] of length 26 is calculated, where
// each value in the integer array is the
// number of occurrences (the frequency)
// the corresponding letter occurred in InputStr
public static int[] DetermineLetterFrequencies(String InputStr)

// Pre-conditions: character p is the character to be found arr1

// arr1 is the array to search through
// arr2 is the array to return a character from
// Post-conditions: Search through arr1 to find the character p, and
// return the corresponding character in arr2
private char FindInCorrArray(char p, ref char[] arr1, ref char[] arr2)

Lab Questions
1. What type of cipher is this program useful for breaking?

2. In this type of cipher, the relationship between characters in the plaintext and characters in the
ciphertext is __________.

3. List the frequencies for the top 4 characters found in the given ciphertext:

MKLAJZHAIUQWKHJABZNXBVHAGKFASDFGALQPIWRYIOQYWIERMASVZMNBZXCKJASDFGLKJFHWQERYI
OQWTYIOASUDYFLASKJDHFZMZVBCXMVQLWERYIQRASDFQIWUERYIHKMFMAKHLSDFYUIOQWYREIORYI
WQEUFHAKDFHLKASHFKVBBBNASMDFSADFWQEUYRUUEYRUUUQKASJHFKJDSHFSNBNBNBNBABABAAA
SKJFHLKJSADHFIDUASFOYDASIYFQWERBQWBRKLJLKASSADFDFDASDA

4. Break the cipher text given in the following. What is the plaintext? What is the key?

ϊ
OTWEWNGWCBPQABIZVQAPMLJGZWTTQVOBQUMAPMIDGZCAB

EQVBMZLZIXMLAXZQVOQVLMMXAVWEIVLLIZSNZWAB

JQZLWNLMTQOPBVIUMLGWCBPAEQNBTGTMNBBPMVMAB

ITIAKWCTLVBBQUMQBEPQTMQBEIAQVUGBZCAB

What To Turn in:

A zip file named lastname_firstname_Lab1.2.zip, containing:

- StatisticalAnalysis.cs

- A text file or Word document containing yours answers to the Lab Questions

- If you changed any other files in your project, please include them as well

Solution of Frequency Analysis

1. Browse to C:\Documents and Settings\Administrator\Desktop\Crypto\Programming-Sol\1.2-
Frequency-Analysis-(C#)\VS-Project\StatisticalAnalysis and double-click StatisticalAnalysis C#
project

ϋ
 2. Select Program.cs and click Run and copy the following to Ciphertext box

OTWEWNGWCBPQABIZVQAPMLJGZWTTQVOBQUMAPMIDGZCAB
EQVBMZLZIXMLAXZQVOQVLMMXAVWEIVLLIZSNZWAB
JQZLWNLMTQOPBVIUMLGWCBPAEQNBTGTMNBBPMVMAB
ITIAKWCTLVBBQUMQBEPQTMQBEIAQVUGBZCAB

ό
3. Click Examine Ciphertext

4. Repeatedly click Shift Up button until you see below

ύ
5. Observe source code and close the project.

υτ
 2.1 Lab on encryption using binary/byte addition
Under this encryption algorithm, the key entered is added character by character (byte by byte) to the
data to be encrypted. Here addition modulo 256 is used, i.e. so that any carry-overs are ignored. The key
is applied cyclically (as under the Vigenère encryption algorithm and also with the Exclusive-OR), i.e.
once all the characters (bytes) of the key have been used, the algorithm reverts to the first character
until the text has been completely encrypted.

To decrypt the text, the characters of the key have to be subtracted from the encrypted text modulo
256.

If one knows the characters which occur most frequently in the plaintext, it is then possible to work out
the key with the aid of a computer (and hence also the plaintext) (see Automatic analysis, Byte
Addition).

The key used for Binary Addition is entered in the Key entry dialog.

This encryption algorithm can be easily broken with a Ciphertext-Only attack (see Automatic analysis,
Byte Addition). An example of this will be found in the Examples chapter.

1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.

2. Click “Analysis\Tools for Analysis\Histogram”.

υυ
We can see from the histogram that the character which occurs most frequently is the letter E. This is
true of many German and English texts. This information will be used later on during our attack.

3. Close the histogram dialog. Choose from menu “Encrypt/Decrypt\Symmetric\Byte Addition”.

4. Enter 12 34 AB CD as the key and click Encrypt.

The encrypted message shows up:

υφ
5. cipher text only attack will be performed. Choose from menu “Analysis\Symmetric\Ciphertext-
only\Byte Addition”.

We are told that key length is calculated to be 4. The commonest character is E with hexadecimal value
of 45. If we look at the plaintext, the most frequently character is e with hexadecimal value of 65. We
enter into the Expected most common character field in the Byte-by-byte Addition Analysis box 20 (=65-
45).

6. Click “Continue”, CrypTool has been able to find the key. The only information was needed to do this
was the fact that the character which occurred most frequently in the plaintext was the lower case
letter e.

7. Click the “Decrypt” button shows the plaintext.

υχ
8. If the text is compressed prior to encryption then we will not be able to draw any conclusions from
the frequency distribution of the characters in the text about the frequency distribution of the
compressed text, since the compression process not only reduces size of a file but alters the frequencies
of the individual characters so that they no longer reflect the frequencies of the characters in the
original text. To compress the document, we make startingexample-en.txt active again. And select
“Indiv. Procedure\Tools\Compress\Zip”, the rate of compression is displayed.

9. Click “OK”, the compressed document is shown.

10. Click “Analysis\Tools for Analysis\Histogram” to see its histogram. The compression produces a
quite different histogram profile from the one previously obtained for the uncompressed document.
The characters are much more evenly distributed than in the unencrypted document.

υψ
11. Make the compressed document the active window once again and the encrypt it using the same
key 12 34 AB CD.

12. Click “Encrypt”.

13. We invoke the analysis again by choosing from menu “Analysis\Symmetric\Ciphertext-only\Byte

Addition”.

υω
CrypTool returns an incorrect key length of 12.

Given this key length, it is not possible to find the correct key either.

14. We will check whether it is possible to arrive at a readable version of the text document from the
compressed and then encrypted document. We will provide the key and then unzip.

We will make the compressed and encrypted document the active window again. Choose from menu
“Encrypt/Decrypt\Symmetric\Byte Addition”.

15. Enter 12 34 AB CD as the key and click Decrypt.

υϊ
16. Choose from menu “Indiv. Procedure\Tools\Compress\UnZip”, and the original text is displayed.

υϋ
 2.2 Encryption using binary Exclusive-OR (XOR)
1. Open file CrypTool.bmp from “C:\Program Files (x86)\CrypTool\examples”.

2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \
Histogram”.

You can see from the histogram that the character which occurs most frequently has the value 255. In
hexadecimal notation this corresponds to FF. This information will be used later on during our attack.

3. Click on the window of “CrypTool.bmp”. And click “Encrypt\Decrypt/Symmetric/XOR” from menu.

υό
4. Enter 12 34 56 78 as the key.

5. Click “Encrypt”

6. We will perform the cipher-text only attack. Select “Analysis\Symmetric Encryption\Ciphertext-

Only\XOR”.

υύ
The autocorrelation is calculated and displayed. We are told that the key length is calculated to be 4. As
we have seen in step 2, the most commonest character is FF. This we enter in the Expected most
common character field.

7. Click “Continue”.

8. Click “Decrypt”.

φτ
9. If we compress the document before encryption. By clicking “Indiv. Procedure\Tools\Compress\Zip”.

10. Select “Analysis\Tools for Analysis \ Histogram”, which produces a quite different histogram from
the one previously obtained for the uncompressed picture in bitmap format.

11. Encrypt the compressed document by selecting “Encrypt\Decrypt/Symmetric/XOR” from menu and
use 12 34 56 78 as the key.

12. We will perform the analysis. Select “Analysis\Symmetric Encryption\Ciphertext-Only\XOR”.

CrypTool returns incorrect key length.

φυ
 2.3 Triple DES with CBC mode and Weak DES keys
1. Open file “CrypTool-en.txt” from “C:\Program Files (x86)\CrypTool\examples”.

2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \
Histogram”.

3. Encrypt the document by selecting “Encrypt/Decrpt\Symmetric (modern)\Triple DES (CBC)”.

4. Use 12 34 AB CD as the key.

5. Click the Encrypt button.

φφ
6. Look at histogram of the encrypted document, which bears no resemblance to the histogram of the
unencrypted document.

7. The autocorrelation exhibits no regularity which may provide a clue as to the key length.

φχ
8. The decryption of the document functions like encryption except that the Decrypt button is clicked.

9. We want to determine the key from the encrypted document using a brute-force attack.

Select “Analysis\Symmetric Encryption (modern)\Triple DES (CBC)” from menu. Enter ** ** AB CD 00

00 00 00 00 00 00 00 00 00 00 00 as the key.

10. Click “Start”.

φψ
11. The first one returns readable results. Click “Accept selection”. The original plaintext shows up.

Weak DES Keys

1. Click Encrypt/Decrypt\Symmetric(modern)\DES(ECB) when CrypTool-en.txt is open. Enter 01 01 01 01

01 01 01 01 as the key.

φω
2. Click “Encrypt” button.

3. Repeat step 1 using the same key. Plaintext shows up on the right.

φϊ
 2.4 Lab on Testing Different Modes in Symmetric Ciphers

Symmetric key cryptography provides several modes of operation, including Electronic Codebook (ECB),
Cipher-Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode (CTR),
as shown in Figure 1. Modes of operation have been devised to encipher text of any size employing
either DES or AES. Two important properties of these encryption modes that this lab will explore are
pattern preservation and error propagation. Pattern preservation means that a block of plaintext is
encrypted into a block of cipher text the same way every time; e.g. if Eve finds out that cipher text
blocks 1, 5, and 10 are the same, she knows that plaintext blocks 1, 5, and 10 are the same. Error
propagation means that a single bit error in transmission of a cipher text block creates errors in not only
the decryption of the affected block, but propagates to the following blocks of the message.

Figure 1. Modes of Operation

Lab Tasks
Create an application to encrypt and decrypt messages using DES or AES ciphers using a programming
language/cryptographic package of your own choice. Java has a mature offering in the form of its Java
Cryptography Extension, which is integrated with the Java 2 SE SDK. An article on using AES with Java
can be found here:

http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html. BSAFE from RSA is available

under share project. You can choose a language/package that allows for the selection of operation
mode (ECB, CBC, etc.) for encryption/decryption.

φϋ
Task 1 Implement DES and AES ciphers.
Create an application in the language of your choice that implements encryption of a plaintext series of
bytes, and decryption of the created cipher text.

Task 2 Investigate Properties of Modes in DES and AES

Your application should use either AES or DES encryption, and employ each of the following algorithm
modes: ECB, CBC, CFB, OFB, and CTR. Your application should test pattern preservation by encrypting
plaintext that includes a pattern, and examining the cipher text to see if the pattern is preserved. Your
program should test error propagation by modifying one byte of the cipher text prior to decryption, and
then examining the decrypted plaintext. The output from your program should resemble the following:

opmode: CFB

input : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 00 01 02 03 04 05 06 07

cipher: 61 a1 f8 86 ff 9b c7 09 4f c0 bc 1b 17 3a d7 bb c7 d7 1a 36 61 45 dd a8

Modifying random byte: bb->ba

plain : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0e 34 8b 0c bf fb 7f 9c de

Prepare a written report of your examination of the two discussed properties of the different
cryptographic modes of operation. Include a completed version of the table below in your report (fill in
each block with a yes, no, or other comment). Include the source code of your application with your
report.

ECB CBC CFB OFB CTR

Pattern
preservation

Error propagation

Hint:

To test pattern preservation property, you can include repeated blocks in your plaintext and observe the
results of cipher text.

To test error propagation property, you can encrypt plaintext first and then modify one bit in ciphertext
and check the decryption results.

φό
 Solution of Different Modes in Symmetric Ciphers
1. Open Microsoft Visual C# 2010 Express if it is not opened
2. Click File > Open Project and Browse to \Desktop\Crypto\Programming-Sol\2.4-Symmetric-
Modes-(C#)\VS-Project
3. Select Crypt10-a3 and Open Project
4. Click Run when program.cs is selected

5. select DES and ECB and click PP Test

φύ
6. Save the output with name of DES-ECB-PP

7. click Save and Browse to the location of DES-ECB-PP and use Word Pad to Open it

χτ
8. the Pattern Propagation showed above
9. return to AES/DES Encryption Tool Window
10. select DES, ECB and click EP Test
11. Output file with name of DES-ECB-EP
12. Browse to file of DES-ECB-EP and use Word Pad to open it
13. The Error propagates one or a few blocks.

χυ
 3.1 Lab on RSA Encryption and Factorization Attacks
Encryption or decryption of messages using the RSA key pair.

1. Select Individual Procedures/RSA Cryptosystem/RSA Demonstration

2. Enter the RSA key p=47, q=79, e=37. The parameters N = p*q=3713 and phi(N)=3588 and d=97 are
calculated.

χφ
3. Click Alphabet and number system options

4. Choose specify alphabet under Alphabet Options and number system under Method for coding of
text into number. Enter 2 in Block length in characters.

χχ
5. To confirm your entries, click on OK. You can now enter the input the text, “WORKSHOP AT
CHATTANOOGA”, in the input line and click on the Encrypt button.

χψ
6. To decrypt, copy text in Encryption into ciphertext 1999 # 3408 # 2545 # 2798 # 0001 # 3284 # 3613 #
1404 # 2932 # 0208 # 1095 # 3306 to input text area. And click Decrypt button.

χω
Encryption of the message with block length 1 v.s. encryption of the message with block length 2.

1. Create the RSA key p=251, q=269, e=65537. The value of N is , the value of phi(N) is
, the value of private key d is .

χϊ
2. Click Alphabet and number system options

Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block
into numbers and 1 in Block length in characters.

χϋ
3. To confirm your entries, click on OK. You can now enter the input the text, “RUBY FALLS!”, in the
input line and click on the Encrypt button.

χό
The encrypted version of this is the number sequence is

The number “#” serves here to visually split up the individual numbers. If you insert these numbers into
the input line and then choose Decrypt, the original plaintext will be restored.

4. Click Alphabet and number system options

χύ
Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block
into numbers and 2 in Block length in characters.

5. To confirm your entries, click on OK.

ψτ
6. You will receive a cipher text that is only half as long:

ψυ
 Attack on RSA encryption with short RSA modulus
The analysis is performed in two stages: first of all the prime factorization of the RSA modulus is
calculated using factorization, and then in the second stage the secret key for encryption of the message
is determined. After this, the cipher text can be decrypted with the cracked secret key.

We will figure out plaintext given

RSA modulus n = 63978486879527143858831415041

Public exponent e = 17579

Cipher text = 45411667895024938209259253423, 16597091621432020076311552201,

46468979279750354732637631044, 32870167545903741339819671379

1. Factorization of the RSA modulus with the aid of prime factorization.

To break down the natural number, select menu sequence Indiv. Procedure/RSA Cryptosystem /
Factorization of a Number.

2. The two components of the public key is

RSA modulus n = 63978486879527143858831415041

Public exponent e = 17579

Enter n=63978486879527143858831415041 as input and click Continue.

ψφ
It is interesting to see which procedure broke down the RSA modulus the fastest.

2. Calculate the secret key d from the prime factorization of n and the public key e:

With the knowledge of the prime factors p = 145295143558111 and q = 440334654777631 and the
public key e = 17579, we are in a position to decrypt the ciphertext.

3. Open the next dialog box via menu selection Indiv. Procedure/RSA Cryptosystem/RSA
Demonstration:.

4. Enter p = 145295143558111 and q = 440334654777631 and the public key e = 17579.

5. Click on Alphabet and number system options and make the following settings:

ψχ
Alphabet options: Specify alphabet

RSA variant: Normal

Method for coding a block into number: Number system

Block length: 14

Number system: Decimal

6. Enter the following cipher text in the input text field. And click Decrypt button.

45411667895024938209259253423,
16597091621432020076311552201,
46468979279750354732637631044,
32870167545903741339819671379

ψψ
Check your results: “NATURAL NUMBERS ARE MADE BY GOD”

ψω
Side Channel Attack to RSA:

1. Select from menu: “Analysis” \“Asymmetric Encryption” \“Side-Channel Attack on Textbook RSA”

2. Click “Introduction to the scenario”.

ψϊ
3. Click “Perform preparation” and click “OK”

4. Click “OK” again.

ψϋ
5. Click “Generate session key” and “Session Key”. The generated session key is “9E B7 61 D9 E4 F9
34 AA 91 F7 C4 CB 56 7D 98 88”.

6. Click “Select asymmetr. key”.

7. Select Bob’s key and click “OK”.

ψό
8. Click “Encrypt document symmetry.”, “Encrypt session key asymmetry.” and “Save”.

ψύ
9. Click “Transmit message” and “Decrypt message”.

10. Enter 1234 and click “OK”.

11. Click “Intercept message” and “Start attack cycle”.

ωτ
12. Click “All steps at once” button.

13. Click “OK” and icon of Trudy (Attacker).

ωυ
The session key is 9EB761D9E4F934AA91F7C4CB567D9888 which matches the one generated in Step 5.

ωφ
 3.2 Lab on Short Message RSA Attacks and Padding
In short message attack of RSA, if it is known that Alice is sending a four-digit number to Bob, Eve can
easily try plaintext numbers from 0000 to 9999 to find the plaintext. Therefore, short message must be
padded with random bits. If you are Eve, show that you are able to find the plaintext containing four
digit numbers given ciphertext.

Optimal asymmetric encryption padding (OAEP) is recommended when short messages are encrypted
with RSA algorithms. The following is the encryption and decryption processes of OAEP.

Encryption

Pad the message to make m-bit message M, if M is less than m-bit

Choose a random number r

User one-way function G that inputs r-bit integer and outputs m-bit integer. This is the
mask.

P1 = M ⊕ G®

P2 = H(P1) ⊕ r, function H inputs m-bit and outputs k-bit

C = E(P1 || P2). User RSA encryption here

Decryption

P = D (P1 || P2)

Bob first recreates the value of r:
H(P1) ⊕ P2 = H(P1) ⊕ H(P1) ⊕ r = r

Bob recreates msg:

G(r) ⊕ P1 = G(r) ⊕ G(r) ⊕ M = M

Pad your message with OAEP padding and then encrypt by RSA.

What to submit:

A report describes how you find the unpadded short plaintext (50 points), describes what you have
observed after you apply OAEP padding (20 points), and discusses feasibility of short message attack
after padding (30 points).

Solution of RSA Short Message Attack and Padding

ωχ
 3.3 Lab on RSA Timing Attacks
RSA Timing Attacks

Brief Description
A timing attack is an attack which cleverly uses the fourth dimension, time. If an algorithm is not
specifically designed to thwart this attack, then an attacker can observe the required amount of time for
a calculation to be done and monitor the differences in calculation times. For example, the calculation of
converting a “0” in plain text to cipher text versus converting a “1” in plain text to cipher text may
require less time. This measured amount of time can be used to rebuild the key or figure out the plain
text.

Lab Overview

RSA Encryption is complicated and also has protections against timing attacks, so we will be using a
more simple example for this lab. We have performed two operations many, many times, specifically
the add and multiply operation. The add is performed much faster than the multiply especially when
scaled across many iterations. We will use this as our test case; a shorter operation will represent the
processing of a zero and the long operation would represent the processing of a one. So given a stream
of output times from a program which monitors these operations, you should be able to reconstruct a
string ones and zeroes.

Different machines will require a different amount of time to process. So our implementation will take
this into account by not using specific time values when processing the times from our “gathered” data.
It may be a good approach to calculate an average time, and then compare each time value against this
value to determine if it is a “1” or a “0”. After we have created a string of ones and zeroes, we will
process these to generate our ASCII output (Google “ascii table”, if you are confused)

To Complete...

Using Visual Studio, open the provided “TimingAttackLab.sln”. This project was used to create the file
“time_data”, which should be located in “....\TimingAttackLab\bin\Debug\”. Have a look at the
“time_data” file; it is simply the number of ticks used to calculate a 1 or a 0. We assume a 1 takes more
time to calculate than a 0.

The project only has a few functions that are left to be implemented in order for you to decrypt the
super-secret message.

Turn in a lab report containing:

-Your implementation of the functions “public static String BinStr2ASCII(String BinStr)” and

“public static String LongToBinStr(long[] TimeData)”

-The decoded message from running the complete program.

ωψ
And answers to the following questions:

1) What are some possible ways an algorithm could be designed to thwart timing attacks?

2) What assumptions must be true for an attacker to be able to perform a timing attack?

3) As a machine increases in processing power, is the difference in processing time between inputs (for
example a one and a zero) likely to be greater or smaller?

ωω
 4.1 Lab on hash generation and sensitivity of hash functions to plaintext
modifications
Keyed-Hash Message Authentication Code (HMAC) ensures integrity of a message and authentication of
the message. It requires a common key for sender and recipient.

1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.

2. Select from Menu “Indiv. Procedures” \“Hash” \“Generation of HMACs”.

3. Select SHA-1 as hash function and double hashing as HMAC variants.

4. Enter your key “chattanooga”. The HMAC code generated from the message and the key is

66 C2 2E BA 41 36 6D EB EA FB 8E B1 7D B1 3B 42 5A 15 98 E1

ωϊ
5. Select from menu “Indiv. Procedures” \“Hash” \“Hash Demonstration”.

ωϋ
6. Select a hash function from Selection of hash function.

7. add a space after CrypTool in plaintext. We will see 49.22% bits differ (63 of 128). A good hash
function should react highly sensitively to even the smallest change in the plaintext –“Avalanche effect”
(small change, big impact).

ωό
ωύ
 4.2 Lab on Hash Function
Either SHA-1, HMAC, or MD5 can be selected to finish the following problems.

Problem One (50):

Use an example to show that Hash function can help to protect integrity of your message. You can
encrypt your plaintext message, tamper the cipher text and use hash function to check whether the
decrypted messaged is changed.

Problems Two (50):

Use an example to show that if you tamper both ciphertext and hashcode properly, you can escape from
the integrity check of hash function.

ϊτ
 5.1 Lab on Digital Signature Visualization
1. Select from menu of CrypTool “Digital Signatures/PKI” \ “Signature Demonstration (Signature
Generation)”

2. Click on “Select hash function”. Choose MD5 (or others) and click OK.

3. Click “Generate Key” and “Generate prime numbers” in step by step Signature Generation dialog.

ϊυ
4. Enter 2^150 as the lower limit and 2^151 as upper limit. And click Generate prime numbers and
apply primes.

5. Click Store key button.

ϊφ
6. Click Provide certificate button. Enter

Name: Smith

First name: Mary

Key identifier: Mary key

PIN: cryptool

PIN verification: cryptool

7. And click “Create Certificate and PSE”.

ϊχ
8. click “Compute hash value”.

9. Click “Encrypt hash value”.

ϊψ
10. Click “Generate signature”.

11. Click “Store signature”.

ϊω
12 click “OK”, you will see RSA (md5)signature of <startingexample-en.txt>.

ϊϊ
 5.2 Lab on RSA Signature
1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.

2. Click from menu Digital Signatures/PKI\PKI\Generate/Import Keys.

3. Enter the following

Last name: Smith

First name: John

Key identifier: Smith Key

PIN code: cryptool

PIN: cryptool

And click on the Generate new key pair button.

ϊϋ
4. The following window shows up and click OK:

5. Click Show Key Pair, you will see

ϊό
6. The certificate is displayed by clicking on the Show certificate pushbutton.

7. Close both dialogs on Certificate Data and Available Asymmetric Key Pairs.

8. To sign the document of CrypTool-en.txt, select Digital Signatures/PKI\Sign Message. Enter the
following

ϊύ
Choose hash function: RIPEMD-160

Choose signature algorithm: RSA

Choose a key/PSE to be used when signing: Smith John

PIN code: cryptool

And click on Sign button.

ϋτ
9. Click OK button. The dialog box closes and the signed document is displayed.

10. The signature is at the start of the document and the document to be signed is at the end, as can be
verified easily by comparing with the original document. A clearer presentation, with the separation of
the signature and the document, can be obtained by selecting Digital Signature/PKI\Extract Signature.

ϋυ
11. Select Digital Signature/PKI\Verify Signature to check that the document has not been altered.

ϋφ
12. Select John Smith from the list of signatures and click on the Verify signature button. The following
dialog appears.

13. Modify the message by deleting “What”.

14. Select Digital Signature/PKI\Verify Signature, the following dialog box appears:

ϋχ
 5.3 Lab on Attack on Digital Signature/Hash Collision
Find two messages with the same hash value.

1. Select “Analysis” \“Hash” \“Attack on the Hash Value of the Digital Signature” from the menu.

2. Click “Options”.

ϋψ
3. Choose MD5 under Hash function and 40 for Significant bit length, and click Apply.

4. Click “Start Search” in dialog of Attack on the Hash Value of the Digital Signature.

5. Click “OK” and “Print Statistics”.

6. After modifying the two messages, the hash value of them are the same. The message will not appear
to change, since only unprintable characters will be used to modify them.

ϋω
A 72-bit partial collision (i.e., the first 72 hash value bits are identical) was found in a couple of days
using a single PC. Today signatures with hash values of 128 bits or less are vulnerable to a massive
parallel search. It is therefore recommended to use hash values with a length of at least 160 bits.

ϋϊ
 5.4 Lab on Digital Signature

Problems One:

Generate keys and a digital signature for data using the private key and to export the public key and the
signature to files. Verify a digital signature by importing a public key and a signature that is alleged to be
the signature of a specified data file and to verify the authenticity of the signature.

ϋϋ