密码编码学与网络安全(第五版)英文答案.doc

A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO Q QQ QUESTIONSUESTIONSUESTIONSUESTIONS 1.1 The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security attacks, mechanisms, and services, and the relationships among these categories. 1.2Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems. 1.3Passive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service. 1.4 Authentication: The assurance that the communicating entity is the one that it claims to be. Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). Data confidentiality: The protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Chapter 1:Introduction.5 Chapter 2:Classical Encryption Techniques.7 Chapter 3:Block Ciphers and the Date Encryption Standard.13 Chapter 4:Finite Fields.21 Chapter 5:Advanced Encryption Standard .28 Chapter 6:More on Symmetric Ciphers .33 Chapter 7:Confidentiality Using Symmetric Encryption.38 Chapter 8:Introduction to Number Theory.42 Chapter 9:Public-Key Cryptography and RSA.46 Chapter 10:Key Management; Other Public-Key Cryptosystems.55 Chapter 11:Message Authentication and Hash Functions.59 Chapter 12:Hash and MAC Algorithms .62 Chapter 13:Digital Signatures and Authentication Protocols.66 Chapter 14:Authentication Applications.71 Chapter 15:Electronic Mail Security.73 Chapter 16:IP Security.76 Chapter 17:Web Security.80 Chapter 18:Intruders.83 Chapter 19:Malicious Software .87 Chapter 20:Firewalls.89 -2- Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them). 1.5 See Table 1.3. -3- A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO P P P P ROBLEMSROBLEMSROBLEMSROBLEMS 1.1Release of message contents Traffic analysis MasqueradeReplayModification of messages Denial of service Peer entity authentication Y Data origin authentication Y Access controlY ConfidentialityY Traffic flow confidentiality Y Data integrityYY Non-repudiationY AvailabilityY 1.2Release of message contents Traffic analysis MasqueradeReplayModification of messages Denial of service EnciphermentY Digital signatureYYY Access controlYYYYY Data integrityYY Authentication exchange YYYY Traffic paddingY Routing controlYYY NotarizationYYY CHAPTER 2 CLASSICAL ENCRYPTION TECHNIQUESR -4- A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO Q QQ QUESTIONSUESTIONSUESTIONSUESTIONS 2.1Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm. 2.2Permutation and substitution. 2.3One key for symmetric ciphers, two keys for asymmetric ciphers. 2.4A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. 2.5Cryptanalysis and brute force. 2.6Ciphertext only. One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. Known plaintext. The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chosen plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key. 2.7An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An encryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the time required to break the cipher exceeds the useful lifetime of the information. 2.8The Caesar cipher involves replacing each letter of the alphabet with the letter standing k places further down the alphabet, for k in the range 1 through 25. 2.9A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertext alphabet, so that each letter of the plaintext alphabet maps to a single unique letter of the ciphertext alphabet. 2.10 The Playfair algorithm is based on the use of a 5 5 matrix of letters constructed using a keyword. Plaintext is encrypted two letters at a time using this matrix. -5- 2.11 A polyalphabetic substitution cipher uses a separate monoalphabetic substitution cipher for each successive letter of plaintext, depending on a key. 2.12 1. There is the practical problem of making large quantities of random keys. Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task. 2. Even more daunting is the problem of key distribution and protection. For every message to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem exists. 2.13 A transposition cipher involves a permutation of the plaintext letters. 2.14 Steganography involves concealing the existence of a message. A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO P P P P ROBLEMSROBLEMSROBLEMSROBLEMS 2.1a. No. A change in the value of b shifts the relationship between plaintext letters and ciphertext letters to the left or right uniformly, so that if the mapping is one-to-one it remains one-to-one. 不，不，在在 b b 值变化之间的关系和明文字母转换密文字母到左或右一值变化之间的关系和明文字母转换密文字母到左或右一 致，所以，如果映射是一对一的致，所以，如果映射是一对一的 它它仍然是一对一的。仍然是一对一的。 b. 2, 4, 6, 8, 10, 12, 13, 14, 16, 18, 20, 22, 24. Any value of a larger than 25 is equivalent to a mod 26. 任何一个大于任何一个大于 2525 的值是相当于一个的值是相当于一个 modmod 2626。 c.The values of a and 26 must have no common positive integer factor other than 1. This is equivalent to saying that a and 26 are relatively prime, or that the greatest common divisor of a and 26 is 1. To see this, first note that E(a, p) = E(a, q) (0 p q 1. Then E(a, p) = E(a, q), if q = p + m/k p. 一个一个 2626 的值必须没有共同的正整数因子大于的值必须没有共同的正整数因子大于 1 1。这等于说，和。这等于说，和 2626 互质，或一个和互质，或一个和 2626 的最大公约数为的最大公约数为 1 1。看到这一点，首先注意。看到这一点，首先注意 E E（A A，P P）= = E E（a a，q q）（）（0Pq0Pq2626）当且仅当（）当且仅当（P PQ Q）能被）能被 2626 整整 除。除。1 1。假设一个和。假设一个和 2626 互质。然后，一个（互质。然后，一个（P PQ Q）是不能被）是不能被 2626 整除，整除， 因为没有办法降低分数因为没有办法降低分数/ / 2626（P PQ Q）小于）小于 2626。2 2。假设一个。假设一个 2626 有一有一 个共同的因子个共同的因子 K K1 1。然后，。然后，E E（A A，P P）= = E E（a a，q q），如果），如果 q q = = P P + + M M / / KP.KP. 2.2There are 12 allowable values of a (1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25). There are 26 allowable values of b, from 0 through 25). Thus the total number of distinct affine Caesar ciphers is 12 26 = 312. -6- 有一个有一个 1212 的允许值（的允许值（1 1，3 3，5 5，7 7，9 9，1111，1515，1717，1919，2121，2323，2525）。）。 有有 B B 2626 的允许值，从的允许值，从 0 0 到到 2525）。因此，不同的仿射凯撒密码的总数是）。因此，不同的仿射凯撒密码的总数是 1212 2626 = = 312312。 2.3Assume that the most frequent plaintext letter is e and the second most frequent letter is t. Note that the numerical values are e = 4; B = 1; t = 19; U = 20. Then we have the following equations: 假设最频繁的明文字母是假设最频繁的明文字母是 E E 和第二个最常见的字母和第二个最常见的字母 T.T.注意值注意值 E E = = 4 4；乙；乙= = 1 1；t t = = 1919；U U = = 2020。然后我们有以下方程：。然后我们有以下方程： 1 = (4a + b) mod 26 20 = (19a + b) mod 26 Thus, 19 = 15a mod 26. By trial and error, we solve: a = 3. 因此，因此，1919 = = 15a15a modmod 2626。通过试验和错误，我们解决：。通过试验和错误，我们解决：= = 3 3。 Then 1 = (12 + b) mod 26. By observation, b = 15. 然后然后 1 1 = =（1212 + + B B）国防部）国防部 2626。通过观察，。通过观察，B B = = 1515。 2.4A good glass in the Bishops hostel in the Devils seattwenty-one degrees and thirteen minutesnortheast and by northmain branch seventh limb east side shoot from the left eye of the deaths head a bee line from the tree through the shot fifty feet out. (from The Gold Bug, by Edgar Allan Poe) 一个好的玻璃在主教的宿舍在魔鬼的座二零一度十三分东北偏北的主要一个好的玻璃在主教的宿舍在魔鬼的座二零一度十三分东北偏北的主要 分支的第七肢芽从东边的死亡的头分支的第七肢芽从东边的死亡的头- -左眼直线从树上通过五十脚射出去。左眼直线从树上通过五十脚射出去。 （从黄金的错误，埃德加爱伦坡）（从黄金的错误，埃德加爱伦坡） 2.5a. The first letter t corresponds to A, the second letter h corresponds to B, e is C, s is D, and so on. Second and subsequent occurrences of a letter in the key sentence are ignored. The result 第一个字母第一个字母 T T 对应一个，第二个字母对应一个，第二个字母 H H 对应于对应于 B B，是，是 C C，S S D D，等等。，等等。 在关键句的一封信，第二，随后出现被忽略。结果在关键句的一封信，第二，随后出现被忽略。结果 ciphertext密文: SIDKHKDM AF HCRKIABIE SHIMC KD LFEAILA plaintext明文: basilisk to leviathan blake is contact b. It is a monalphabetic cipher and so easily breakable. 这是一个这是一个 monalphabeticmonalphabetic 密码等易碎的。密码等易碎的。 c.The last sentence may not contain all the letters of the alphabet. If the first sentence is used, the second and subsequent sentences may also be used until all 26 letters are encountered. -7- 最后一句话可能不包含所有的字母。如果第一句的使用，第二和随最后一句话可能不包含所有的字母。如果第一句的使用，第二和随 后的句子也可以使用直到遇到所有的后的句子也可以使用直到遇到所有的 2626 个字母。个字母。 2.6The cipher refers to the words in the page of a book. The first entry, 534, refers to page 534. The second entry, C2, refers to column two. The remaining numbers are words in that column. The names DOUGLAS and BIRLSTONE are simply words that do not appear on that page. Elementary! (from The Valley of Fear, by Sir Arthur Conan Doyle) 密码是指词在一本书的页面。第一项，密码是指词在一本书的页面。第一项，534534，是指，是指 534534 页。第二项，页。第二项，C2C2， 指的是两列。剩下的数字是该列中的话。名称道格拉斯和伯尔斯通只是指的是两列。剩下的数字是该列中的话。名称道格拉斯和伯尔斯通只是 词没有出现在那一页。小学！（从恐惧的山谷，词没有出现在那一页。小学！（从恐惧的山谷，SirSir 亚瑟柯南道尔）亚瑟柯南道尔） 2.7a. 28107963145 CRYPTOGAHI BEATTHETHI RDPILLARFR OMTHELEFTO UTSIDETHEL YCEUMTHEAT RETONIGHTA TSEVENIFYO UAREDISTRU STFULBRING TWOFRIENDS 42810563719 NETWORKSCU TRFHEHFTIN BROUYRTUST EAETHGISRE HFTEATYRND IROLTAOUGS HLLETINIBI TIHIUOVEUF EDMTCESATW TLEDMNEDLR APTSETERFO ISRNG BUTLF RRAFR LIDLP FTIYO NVSEE TBEHI HTETA EYHAT TUCME HRGTA IOENT TUSRU IEADR FOETO LHMET NTEDS IFWRO HUTEL EITDS -8- b. The two matrices are used in reverse order. First, the ciphertext is laid out in columns in the second matrix, taking into account the order dictated by the second memory word. Then, the contents of the second matrix are read left to right, top to bottom and laid out in columns in the first matrix, taking into account the order dictated by the first memory word. The plaintext is then read left to right, top to bottom. 两个矩阵是用相反的顺序。首先，密文是奠定在列中的第二矩阵，考两个矩阵是用相反的顺序。首先，密文是奠定在列中的第二矩阵，考 虑到由第二记忆单词的顺序。然后，第二矩阵的内容是从左到右，顶虑到由第二记忆单词的顺序。然后，第二矩阵的内容是从左到右，顶 部和底部放置在列中的第一个矩阵，考虑到由第一记忆单词的顺序。部和底部放置在列中的第一个矩阵，考虑到由第一记忆单词的顺序。 明文是从左到右，顶部底部明文是从左到右，顶部底部 c.Although this is a weak method, it may have use with time-sensitive information and an adversary without immediate access to good cryptanalysis (e.g., tactical use). Plus it doesnt require anything more than paper and pencil, and can be easily remembered. 虽然这是一个弱的方法，它可以使用的时间敏感的信息和一个对手没虽然这是一个弱的方法，它可以使用的时间敏感的信息和一个对手没 有立即获得良好的密码分析（例如，战术运用）。再加上它不需要任有立即获得良好的密码分析（例如，战术运用）。再加上它不需要任 何比纸和铅笔，并可以很容易地记住。何比纸和铅笔，并可以很容易地记住。 2.8 SPUTNIK 2.9 PT BOAT ONE OWE NINE LOST IN ACTION IN BLACKETT STRAIT TWO MILES SW MERESU COVE X CREW OF TWELVE X REQUEST ANY INFORMATION 2.10 a. LARGE STBCD FHI/JKM NOPQU VWXYZ b. OCURE NABDF GHI/JKL MPQST VWXYZ -9- 2.11 a. UZTBDLGZPNNWLGTGTUEROVLDBDUHFPERHWQSRZ b. UZTBDLGZPNNWLGTGTUEROVLDBDUHFPERHWQSRZ c.A cyclic rotation of rows and/or columns leads to equivalent substitutions. In this case, the matrix for part a of this problem is obtained from the matrix of Problem 2.10a, by rotating the columns by one step and the rows by three steps. 一个循环旋转的行和一个循环旋转的行和/ /或柱的等效替换。在这种情况下，对这个问题或柱的等效替换。在这种情况下，对这个问题 的一部分是从问题的一部分是从问题 2.10a2.10a 矩阵的矩阵，通过一步和三步行旋转柱。矩阵的矩阵，通过一步和三步行旋转柱。 2.12 a. 25! 284 b. Given any 5x5 configuration, any of the four row rotations is equivalent, for a total of five equivalent configurations. For each of these five configurations, any of the four column rotations is equivalent. So each configuration in fact represents 25 equivalent configurations. Thus, the total number of unique keys is 25!/25 = 24! 给出任何给出任何 5x55x5 配置，任何四行的旋转是等效的，一共有五个等效组态。配置，任何四行的旋转是等效的，一共有五个等效组态。 对于这五种配置，任何四列的旋转是等价的。所以事实上每个配置代对于这五种配置，任何四列的旋转是等价的。所以事实上每个配置代 表表 2525 等效组态。因此，独特的键的总数是等效组态。因此，独特的键的总数是 2525！2525 2424。 2.13 A mixed Caesar cipher. The amount of shift is determined by the keyword, which determines the placement of letters in the matrix. 一种混合的恺撒密码。偏移量是由关键字确定，这决定了字母在矩阵中一种混合的恺撒密码。偏移量是由关键字确定，这决定了字母在矩阵中 的位置。的位置。 2.14 a. Difficulties are things that show what men are. b. Irrationally held truths may be more harmful than reasoned errors. 2.15 a. We need an even number of letters, so append a q to the end of the message. Then convert the letters into the corresponding alphabetic positions: 我们需要一个偶数的信件，所以添加一个我们需要一个偶数的信件，所以添加一个“Q”“Q”消息的结束。然后将消息的结束。然后将 信件放入相应的字母位置：信件放入相应的字母位置： Meetmeattheusual 1355201351202085211921112 Placeattenrather 161213512020514181208518 Thaneightoclockq 208114597820153121531117 The calculations proceed two letters at a time. The first pair: 进行计算的两个字母的时候。第一对：进行计算的两个字母的时候。第一对： -10- 22 7 26mod 100 137 26mod 5 13 75 49 2 1 C C The first two ciphertext characters are alphabetic positions 7 and 22, which correspond to GV. The complete ciphertext: 前两个密文字符是字母的位置前两个密文字符是字母的位置 7 7 和和 2222，对应于，对应于 GVGV。完整的密文：。完整的密文： GVUIGVKODZYPUHEKJHUZWFZFWSJSDZMUDZMYCJQMFWWUQRKR b. We first perform a matrix inversion. Note that the determinate of the encryption matrix is (9 7) (4 5) = 43. Using the matrix inversion formula from the book: 我们先进行矩阵求逆。我们先进行矩阵求逆。5 5）= = 4343。 7 7）（4 4 注意加密矩阵的行列式注意加密矩阵的行列式 （9 9 利用书中的矩阵求逆公式：利用书中的矩阵求逆公式： 2515 125 26mod 9115 92161 26mod 95 47 2326mod 95 47 43 1 75 49 1 Here we used the fact that (43)1 = 23 in Z26. Once the inverse matrix has been determined, decryption can proceed. Source: LEWA00. 2.16Consider the matrix K with elements kij to consist of the set of column vectors Kj, where: and The ciphertext of the following chosen plaintext n-grams reveals the columns of K: (B, A, A, , A, A) K1 (A, B, A, , A, A) K2 (A, A, A, , A, B) Kn 2.17 a. 7 134 b. 7 134 c.134 d. 10 134 e. 24 132 -11- f.24 (132 1) 13 g. 37648 h. 23530 i.157248 2.18 key:legleglegle plaintext:explanation ciphertext:PBVWETLXOZR 2.19 a. sendmoremoney 1841331214174121413424 9017231521141111289 141410931218232515127 BECKJDMSXZPMH b. cashnotneeded 201871314191344343 254223221519519211284 141410931218232515127 BECKJDMSXZPMH 2.20 your package ready Friday 21st room three Please destroy this immediately. 2.21 a. Lay the message out in a matrix 8 letters across. Each integer in the key tells you which letter to choose in the corresponding row. Result: He sitteth between the cherubims. The isles may be glad thereof. As the rivers in the south. b. Quite secure. In each row there is one of eight possibilities. So if the ciphertext is 8n letters in length, then the number of possible plaintexts is 8n. c.Not very secure. Lord Peter figured it out. (from The Nine Tailors) CHAPTER 3 BLOCK CIPHERS AND THE DATA ENCRYPTION STANDARD -12- A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO Q QQ QUESTIONSUESTIONSUESTIONSUESTIONS 3.1 Most symmetric block encryption algorithms in current use are based on the Feistel block cipher structure. Therefore, a study of the Feistel structure reveals the principles behind these more recent ciphers. 3.2 A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext