2. Consider the above Feistel cipher with r = 2 rounds. Imagine a key scheduling algorithm that works as follows. Given K € K = {0, 13256, set k₁ to be the leftmost 128 bits of K, and k₂ to be the rightmost 128 bits of K, then define f(x) = xk₁. Show that this block cipher is totally insecure that is, given a single plaintext-ciphertext pair (m, c), the secret key K can be easily recovered. Hint: linearity is the problem here.
2. Consider the above Feistel cipher with r = 2 rounds. Imagine a key scheduling algorithm that works as follows. Given K € K = {0, 13256, set k₁ to be the leftmost 128 bits of K, and k₂ to be the rightmost 128 bits of K, then define f(x) = xk₁. Show that this block cipher is totally insecure that is, given a single plaintext-ciphertext pair (m, c), the secret key K can be easily recovered. Hint: linearity is the problem here.
Computer Networking: A Top-Down Approach (7th Edition)
7th Edition
ISBN:9780133594140
Author:James Kurose, Keith Ross
Publisher:James Kurose, Keith Ross
Chapter1: Computer Networks And The Internet
Section: Chapter Questions
Problem R1RQ: What is the difference between a host and an end system? List several different types of end...
Related questions
Question
Cryptography

Transcribed Image Text:=
Consider a Feistel cipher with r rounds and n = 128 (half the block length); = 256 (the key
bit size). Then M {0, 13256 (the plaintext space), C = {0, 13256 (the ciphertext space), and
K = {0, 13256 (the key space). A key scheduling algorithm determines subkeys k₁, k₂ from a key
KEK = {0, 13256. Each subkey k, determines a function f {0, 11128 {0, 1}128. Encryption
takes r rounds:
Plaintext is m = (mo, m₁) with mo, m₁ = {0, 1}128,
Round 1: (mo, m₁)→ (m₁, m₂) with m₂ = mo
fi(m₁).
Round 2: (m₁, mą₂)→ (m₂, ma) with m3 = m₁ f2(m₂).
⠀
Round r: (m,-1, mr) → (Mr, Mr+1) with mr+1= mr-1 fr(mr).
The ciphertext is c = (mr, mr+1).
For the Feistel cipher described above:

Transcribed Image Text:2. Consider the above Feistel cipher with r = 2 rounds. Imagine a key scheduling algorithm
that works as follows. Given K € K = {0, 13256, set k₁ to be the leftmost 128 bits of K, and
k₂ to be the rightmost 128 bits of K, then define f(x) = rk. Show that this block cipher
is totally insecure that is, given a single plaintext-ciphertext pair (m, c), the secret key K
can be easily recovered.
Hint: linearity is the problem here.
Expert Solution

This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 2 steps

Recommended textbooks for you

Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON

Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science

Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning

Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON

Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science

Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning

Concepts of Database Management
Computer Engineering
ISBN:
9781337093422
Author:
Joy L. Starks, Philip J. Pratt, Mary Z. Last
Publisher:
Cengage Learning

Prelude to Programming
Computer Engineering
ISBN:
9780133750423
Author:
VENIT, Stewart
Publisher:
Pearson Education

Sc Business Data Communications and Networking, T…
Computer Engineering
ISBN:
9781119368830
Author:
FITZGERALD
Publisher:
WILEY