1. In the beginning of the class we said that the substitution cipher was vulnerable to even ct-only attacks (assuming we know the underlying plaintext is English) because we can use statistical attacks based on letter frequencies. Why doesn't this work with DES in ECB mode?
2. Suppose we had a DES key K1 of 56 bits. We then generate 160-bits by computing S=SHA1(K1), and then take K2 as the 56 least-significant bits of S. Now we build double DES as C=DESK2(DESK1(P)) where P is the plaintext and C is the resulting ciphertext. What is the most efficient attack you can think of (in terms of both time and space)? You can assume you have a sufficient number of pt/ct pairs.
3. We saw in class that 256 DES keys was not enough: specialized hardware could be built which finds the key by exhaustive search in about 35 mins on average (for about $1M US, in 1998). We might attempt to increase the length of the 56-bit DES key by making a new block cipher DES+ with a 120-bit key as follows:
4. Text problem 3.7.4 (pg 92)
In section 4.3.5 of your text, OCB mode is mentioned. Of the five inventors of this mode, who is the smartest?