Consider GF(28) used in AES with the irreducible polynomial p(x) = x8+x4+x3+x+1. You are expected to query the server “cryptlygos.pythonanywhere.com/poly/<your_id”, which will send you two binary polynomials a(x) and b(x) in GF(28). Polynomials are expressed as bit strings of their coefficients. For example, p(x) is expressed as '100011011'. You can use the Python code “py” given in the assignment package to communicate with the server.
You are expected to perform c(x) = a(x)×b(x) in GF(28) and return c(x) as bit string.
You are expected to compute the multiplicative inverse of a(x) in GF(28) and return a-1(x).
Consider the Geffe generator of three LFRSs (LFSR1, LFSR2, and LFSR3) with the following connection polynomials:
C1(x) = x14 + x5 + 1
C2(x) = x17 + x3 + 1
C3(x) = x11+ x2 + 1
You also observed the following output sequence of the Geffe generator:
z = [0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1]
Can you find the initial states of LFSR1, LFSR2, and LFSR3?
Consider the combining function given in the following table, that is used to combine the outputs of three maximum-length LFSR sequences:
F(x1, x2, x3) = x1x2 Å x1x3 Å x2x3 Å x1x2x3.
The lengths of LFSRs are 79, 85, and 97, respectively. Compute the linear complexity and the period of the output sequence.
Analyze the function F in terms of three criteria:
Nonlinearity degree
Balance
Correlation
Is this a good combining function? Explain your answer.
Consider a modified AES without ShiftRow and Mixcolumn layers, where the secret key length is 128-bit. Show that with moderate effort you can break it.
The cipher block chaining (CBC) mode has the property that it recovers from the errors (corruption, deletion, and insertion) in ciphertext blocks. Its encryption schemes are given as follows
Encryption primitive: Ci = EK(Pi Å Ci-1)
Decryption primitive: Pi = DK(Ci) Å Ci-1
How many blocks decrypt incorrectly if the ciphertext block Ci is corrupted during transmission? Show which plaintext blocks are corrupted.
