3.5.2 Analytical AttacksAs was shown in the first chapter, analytical attacks can be very powerful. Sincethe introduction of DES in the mid-1970s, many excellent researchers in academia(and without doubt many excellent researchers in intelligence agencies) tried to findweaknesses in the structure of DES which allowed them to break the cipher. It isa major triumph for the designers of DES that no weakness was found until 1990.In this year, Eli Biham and Adi Shamir discovered what is called differential crypt-analysis (DC). This is a powerful attack which is in principle applicable to any blockcipher. However, it turned out that the DES S-boxes are particularly resistant againstthis attack. In fact, one member of the original IBM design team declared after thediscovery of DC that they had been aware of the attack at the time of design. Al-legedly, the reason why the S-box design criteria were not made public was that thedesign team did not want to make such a powerful attack public. If this claim is trueand all circumstances support it - it means that the IBM and NSA team was15years ahead of the research community. It should be noted, however, that in the1970s and 1980s relatively few people did active research in cryptography.In 1993 a related but distinct analytical attack was published by Mitsuru Matsui,which was named linear cryptanalysis (LC). Similar to differential cryptanalysis,the effectiveness of this attack also heavily depends on the structure of the S-boxes.What is the practical relevance of these two analytical attacks against DES? Itturns out that an attacker needs 247 plaintext-ciphertext pairs for a successful DCattack. This assumes particularly chosen plaintext blocks; for random plaintext 255pairs are needed! In the case of LC, an attacker needs 243 plaintext-ciphertext pairs.All these numbers seem highly impractical for several reasons. First, an attackerneeds to know an extremely large number of plaintexts, i.e., pieces of data whichare supposedly encrypted and thus hidden from the attacker. Second, collecting andstoring such an amount of data takes a long time and requires considerable memoryresources. Third, the attack only recovers one key. (This is actually one of manyarguments for introducing key freshness in cryptographic applications.) As a resultof all these arguments, it does not seem likely that DES can be broken with eitherDC or LC in real-world systems. However, both DC and LC are very powerfulattacks which are applicable to many other block ciphers. Table 3.13 provides anoverview of proposed and realized attacks against DES over the last three decades.Some entries refer to what is known as the DES Challenges. Starting in 1997, severalDES-breaking challenges were organized by the company RSA Security.3.1. As stated in Sect. 3.5.2, one important property which makes DES secure is thatthe S-boxes are nonlinear. In this problem we verify this property by computing theoutput of S₁ for several pairs of inputs.Show that S₁ (x₁) © S₁ (x2) ‡ S₁ (x1 © x2), where “” denotes bitwise XOR, for:1. x₁ = 000000, x2 = 0000012. x₁ = 111111, x₂ = 1000003. x₁ = 101010, x₂= = 010101

To verify the property of the S-boxes in DES, we need to compute the output of S1 for several pairs…

3.1. As stated in Sect. 3.5.2, one important property which makes DES secure is that the S-boxes are nonlinear. In this problem we verify this property by computing the output of S₁ for several pairs of inputs. Show that S₁ (x₁) S1 (x2) ‡ S₁ (x1 x2), where "" denotes bitwise XOR, for: 1. x₁ = 000000, x₂ = 000001 2. x₁ = 111111, x₂ = 100000 3. x₁ = = 101010, x2 = 010101

3.1. As stated in Sect. 3.5.2, one important property which makes DES secure is that the S-boxes are nonlinear. In this problem we verify this property by computing the output of S₁ for several pairs of inputs. Show that S₁ (x₁) S1 (x2) ‡ S₁ (x1 x2), where "" denotes bitwise XOR, for: 1. x₁ = 000000, x₂ = 000001 2. x₁ = 111111, x₂ = 100000 3. x₁ = = 101010, x2 = 010101

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

Similar questions

In the notes on amortized analysis, we gave a “toy example” of a binary counter with the operationscreate and increment. We showed that the amortized times for the create and incement operationswere O(n) and O(1), respectively. To do this, we defined the potential function of the counter to bethe number of 1-bits, counting all bits and not just the rightmost bits.Suppose that instead we were to choose the potential function to be the number of rightmost 1-bits(i.e., the number of 1-bits before the first 0-bit). Show that with this definition of the potentialfunction, the amortized time of the increment operation is not O(1).
Solve last part of this question using MATLAB. Also attach the output of this program with it.
Solve part d using Matlab software. Also attach the output of the program with this question below. Dont reject it please
17 Given that A=0, B=0, C=1, what are the values of F an Y in the following circuit? (3 Points) D D2 F D3 Low Active D, Decoder D 3 X 8 B 4X1 MUX D7 1-1, A B O F=0, Y=1 OF=1, Y=0 F=1, Y=1 O F=0, Y=0 O O O
Q5. A. A Mealy sequential circuit has one input (X) and one output (Z). The circuit should transmit its input, except that it should prevent the sequence 00110 from occurring. So Z should be the same as X, except that if the input sequence 00110 occurs, Z should be 1 rather than 0 when the last 0 is received, so that the sequence X = 00110 is replaced with Z= 00111. Derive only the state graph, and the state table. Solution:
I need the answer as soon as possible
7. Consider the following NFA (M): 0,1 0,1 start 1 0, : 1 9z Scanned by CamScanner с. What does M, do?
In this and the following question, consider those TMs that satisfy all of the following properties: Q={90,91,9a9r}: there are exactly two states besides the accept state and the reject state. • Σ={1}: the input alphabet has just one symbol. • [={1,_}: the tape alphabet has two symbols, where is the blank symbol. • The head is moved in every step, that is, 8 uses only L and R, but not N. • If the machine is started on the completely empty tape, it will halt after a finite number of steps, that is, it will reach qa or qr. If such a TM is started on the completely empty tape, it will leave a certain number of 1 symbols on the tape after it halts. What is the maximum number of 1 symbols on the tape, among all of these TMs? Answer: Check Consider again the TMs of the preceding question. If such a TM is started on the completely empty tape, it will make a certain number of transition steps. What is the maximum number of steps, among all those TMs? Answer: Check
7.26. The sampling theorem, as we have derived it, states that a signal x(t) must be sam- pled at a rate greater than its bandwidth (or equivalently, a rate greater than twice its highest frequency). This implies that if x(t) has a spectrum as indicated in Figure P7.26(a) then x(t) must be sampled at a rate greater than 2w2. However, since the signal has most of its energy concentrated in a narrow band, it would seem reason- able to expect that a sampling rate lower than twice the highest frequency could be used. A signal whose energy is concentrated in a frequency band is often referred to as a bandpass signal. There are a variety of techniques for sampling such signals, generally referred to as bandpass-sampling techniques. x(t) X(jw) 1 -02-01 (a) +00 p(t) 8(t-nT) Xp (t) W1 W2 W H(jw) x(t) p(t) H(jw) 1 T дід. Wa (b) Wa w Figure P7.26 Chap. 7 Problems 565 To examine the possibility of sampling a bandpass signal as a rate less than the total bandwidth, consider the system shown in…
Solve this please
(b) Consider the following 4-bit image: 1 0 0 2 1 9 0 2 1 2 3 0 5 1 15 5 6 2 3 3 1 4 3 3 3 12 2 2 2 2 5 7 6 3 7 2 (ii) Given v={0,2,1,3}, using 4-adjacency determine the shortest path if exits between p(5,2) and q(5,1). 3 12 1 0 2 3 1 4 ان 9 5 12 0 10 14 23
1) Given an O/S with soft timers using a single clock, consider a situation where the event list looks like this: Current time = 4105; Next Signal = 6; Clk Header → 6 → 1 → 3 → 12 → 5 a. What will current time be when the “12” signal is dispatched = b. At time 4113 a new signal arrives to be scheduled for 4125, fill in the following to reflect this signal being added at that time: Current time = ; Next Signal = ; Clk Header → 2) Given a disk with 100 tracks, Consider the following disk request sequence (track numbers): 45, 20, 90, 10, 50, 60, 80, 25, 70. The initial position of the R/W head is on track 50. Determine the distance that will be traversed by the R/W head when the Shortest Seek Time First (SSTF) algorithm is used and the Elevator algorithm (note -the Elevator algorithm will move towards 100 when it starts execution). Which algorithm will move the fewest tracks , SSTF or Elevator: , and by how many fewer tracks: tracks less than the other algorithm.