#### CSCI 7000 - Cryptography - Spring 2008

### Problem Set #1

#### Due: Jan 31st, 2008 at 11am

1. How many permutations are there on the set A={1,...,10}?
2. Go look up "cycle notation" for permutations (if you don't already know
it). Write down all permutations, in cycle notation, on the set B={1,2,3}.

3. What is the probability that a random permutation on set A (see problem 1)
is represented by one cycle?

4. (Harder.) What is the probability that a random permutation on A is
an involution?

5. Learn Python. (Just learn a little bit... we'll use it later.) You can
do this online or buy a book if you like. As a warm up, write a program to
generate a random permuation on A and output it in cycle notation. Please
run your program 5 times and include the output and along with your source
code.

6. Run you program again, but on the set C={1,...,1000}. Do not output
your random permutation this time; instead quietly run your program
10,000 times and give the average length of the longest cycle.

7. Consider blockcipher F, which has a 64-bit blocksize and keysize.
Blockcipher F is defined as follows: F(K, P) = P + K mod 2^{64}.
What is the minimum number of queries required to break F in the IND-CPA
model?

8. (Extra Credit. Quite Hard.)
Define blockcipher X as follows: X has a 128-bit blocksize and
a 12800-bit key K. K is broken into 100 chunks of 128-bits each,
K_{1} through K_{100}.
Round i of X goes like this: C_{0}=P_{0} and
on input P_{i-1},
compute C_{i}=S(C_{i-1}) xor K_{i}, where S() is the
inversion of its input in GF(2^{128}) (and 0 goes to 0 as usual).
The output of the blockcipher is C_{100}.

Break this thing. Use a chosen-plaintext attack and show that you can
quickly distinguish X
from random. Or better, show that you can decipher any given ciphertext block
(which is equivalent to having the key, tho you won't be able to actually
recover the full key here).