密码编码学与网络安全(第五版)英文答案

Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performancespecifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).1.5 See Table 1.3.C HAPTER 2C LASSICAL E NCRYPTION T ECHNIQUESR2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.2.2 Permutation and substitution.2.3 One key for symmetric ciphers, two keys for asymmetric ciphers.2.4 A stream cipher is one that encrypts a digital data stream one bit or one byte at atime. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.2.5 Cryptanalysis and brute force.2.6 Ciphertext only. One possible attack under these circumstances is the brute-forceapproach of trying all possible keys. If the key space is very large, this becomesimpractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. Known plaintext. The analyst may be able to capture one or more plaintext messages as well as their encryptions.With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chosen plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pickpatterns that can be expected to reveal the structure of the key.2.7 An encryption scheme is unconditionally secure if the ciphertext generated by thescheme does not contain enough information to determine uniquely thecorresponding plaintext, no matter how much ciphertext is available. Anencryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the timerequired to break the cipher exceeds the useful lifetime of the information.2.8 The Caesar cipher involves replacing each letter of the alphabet with the letterstanding k places further down the alphabet, for k in the range 1 through 25.2.9 A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertextalphabet, so that each letter of the plaintext alphabet maps to a single unique letter of the ciphertext alphabet.2.10 The Playfair algorithm is based on the use of a 5 5 matrix of letters constructedusing a keyword. Plaintext is encrypted two letters at a time using this matrix.2.11 A polyalphabetic substitution cipher uses a separate monoalphabetic substitutioncipher for each successive letter of plaintext, depending on a key.2.12 1. There is the practical problem of making large quantities of random keys. Anyheavily used system might require millions of random characters on a regularbasis. Supplying truly random characters in this volume is a significant task.2. Even more daunting is the problem of key distribution and protection. For everymessage to be sent, a key of equal length is needed by both sender and receiver.Thus, a mammoth key distribution problem exists.2.13 A transposition cipher involves a permutation of the plaintext letters.2.14 Steganography involves concealing the existence of a message.2.1 a. No. A change in the value of b shifts the relationship between plaintext lettersand ciphertext letters to the left or right uniformly, so that if the mapping isone-to-one it remains one-to-one.不，在b值变化之间的关系和明文字母转换密文字母到左或右一致，所以，如果映射是一对一的它仍然是一对一的。

《密码编码学与网络安全》复习题－朱铁英2006-4-16 《计算机安全与密码学》复习题1( 信息安全(计算机安全)目标是什么,答:机密性(confidentiality):防止未经授权的信息泄漏完整性(integrity):防止未经授权的信息篡改可用性(avialbility):防止未经授权的信息和资源截留抗抵赖性、不可否认性、问责性、可说明性、可审查性(accountability): 真实性(authenticity):验证用户身份2( 理解计算安全性(即one-time pad的理论安全性)使用与消息一样长且无重复的随机密钥来加密信息，即对每个明文每次采用不同的代换表不可攻破，因为任何明文和任何密文间的映射都是随机的，密钥只使用一次3( 列出并简要定义基于攻击者所知道信息的密码分析攻击类型。

(1)、唯密文分析(攻击)，密码分析者取得一个或多个用同一密钥加密的密文;(2)、已知明文分析(攻击)，除要破译的密文外，密码分析者还取得一些用同一密钥加密的密文对;(3)、选择明文分析(攻击)，密码分析者可取得他所选择的任何明文所对应的密文(不包括他要恢复的明文)，这些密文对和要破译的密文是用同一密钥加密的;(4)、选择密文分析(攻击)，密码分析者可取得他所选择的任何密文所对应的明文(要破译的密文除外)，这些密文和明文和要破译的密文是用同一解密密钥解密的，它主要应用于公钥密码体制。

4( 传统密码算法的两种基本运算是什么,代换和置换前者是将明文中的每个元素映射成另外一个元素;后者是将明文中的元素重新排列。

5( 流密码和分组密码区别是什么,各有什么优缺点,分组密码每次处理一个输入分组，对应输出一个分组;流密码是连续地处理输入元素，每次输出一个元素流密码Stream: 每次加密数据流的一位或者一个字节。

连续处理输入分组，一次输出一个元素，速度较快6( 已知密文ILPQPUN使用的是移位密码，试解密(提示:明文为有意义的英文)。

密码编码学与网络安全课后习题答案全YUKI was compiled on the morning of December 16, 2020密码编码学与网络安全（全）1.1 什么是OSI安全体系结构？OSI安全体系结构是一个架构，它为规定安全的要求和表征满足那些要求的途径提供了系统的方式。

该文件定义了安全攻击、安全机理和安全服务，以及这些范畴之间的关系。

1.2 被动安全威胁和主动安全威胁之间的差别是什么？被动威胁必须与窃听、或监控、传输发生关系。

电子邮件、文件的传送以及用户/服务器的交流都是可进行监控的传输的例子。

主动攻击包括对被传输的数据加以修改，以及试图获得对计算机系统未经授权的访问。

1.4验证：保证通信实体之一，它声称是。

访问控制：防止未经授权使用的资源（即，谁可以拥有对资源的访问，访问在什么条件下可能发生，那些被允许访问的资源做这个服务控制）。

数据保密：保护数据免受未经授权的披露。

数据完整性：保证接收到的数据是完全作为经授权的实体（即包含任何修改，插入，删除或重播）发送。

不可否认性：提供保护反对否认曾参加全部或部分通信通信中所涉及的实体之一。

可用性服务：系统属性或访问和经授权的系统实体的需求，可用的系统资源，根据系统（即系统是可用的，如果它提供服务，根据系统设计，只要用户要求的性能指标它们）。

第二章1.什么是对称密码的本质成分？明文、加密算法、密钥、密文、解密算法。

4.分组密码和流密码的区别是什么？流密码是加密的数字数据流的一个位或一次一个字节。

块密码是明文块被视为一个整体，用来产生一个相同长度的密文块......分组密码每次处理输入的一组分组，相应的输出一组元素。

流密码则是连续地处理输入元素，每次输出一个元素。

6.列出并简要定义基于攻击者所知道信息的密码分析攻击类型。

惟密文攻击：只知道要解密的密文。

这种攻击一般是试遍所有可能的密钥的穷举攻击，如果密钥空间非常大，这种方法就不太实际。

因此攻击者必须依赖于对密文本身的分析，这一般要运用各种统计方法。

第二章2.1什么是对称密码的本质成分？Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.明文加密算法密钥密文解密算法2.2 密码算法中两个基本函数式什么？Permutation and substitution.代换和置换P202.3用密码进行通信的两个人需要多少密钥？对称密码只需要一把，非对称密码要两把P202.4 分组密码和流密码的区别是什么？A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.分组密码每次输入的一组元素，相应地输出一组元素。

流密码则是连续地处理输入元素，每次输出一个元素。

P202.5攻击密码的两种一般方法是什么？Cryptanalysis and brute force.密码分析和暴力破解2.6列出并简要定力基于攻击者所知道信息的密码分析攻击类型。

Ciphertext only. One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it.Known plaintext.The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed.Chosen plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key.惟密文已知明文选择明文2.7无条件安全密码和计算上安全密码的区别是什么？An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An encryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the time required to break the cipher exceeds the useful lifetime of the information.书本P212.8简要定义Caesar密码The Caesar cipher involves replacing each letter of the alphabet with the letter standing k places further down the alphabet, for k in the range 1 through 25.书本P222.9简要定义单表代换密码A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertext alphabet, so that each letter of the plaintext alphabet maps to a single unique letter of the ciphertext alphabet.书本P232.10简要定义Playfair密码The Playfair algorithm is based on the use of a 5 5 matrix of letters constructed using a keyword. Plaintext is encrypted two letters at a time using this matrix.书本P262.11单表代换密码和夺标代换密码的区别是什么？A polyalphabetic substitution cipher uses a separate monoalphabetic substitution cipher for each successive letter of plaintext, depending on a key.书本P302.12一次一密的两个问题是什么？1. There is the practical problem of making large quantities of random keys. Any heavily usedsystem might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task.2. Even more daunting is the problem of key distribution and protection. For every message to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem exists.书本P332.13什么是置换密码？A transposition cipher involves a permutation of the plaintext letters. 书本P332.14什么是隐写术？Steganography involves concealing the existence of a message.书本P362.7.3习题 2.1a.对b 的取值是否有限制？解释原因。

In troduct ion 5Classical Encryp tio n Tech niq ues ........Block Cip hers and the Date Encryp ti on Stan dard .... Fi nite FieldsAdva need Encryp ti on Stan dard ........... More on Symmetric Cip hers ................ Con fide ntiality Using Symmetric Encryp ti on In troducti on to Number Theory ........... P ublic-Key Cryp togra phy and RSA .........Key Man ageme nt; Other P ublic-Key Cryp tosystems Message Authe nticati on and Hash Fun cti ons ..............................Hash and MAC Algorithms ...................Digital Sign atures and Authe nticati on P rotocols Authe nticatio n App lications ...........................................Electr onic Mail Security .................IP Security ...............................Web Security .............................Intruders ................................Malicious Software ........................Firewalls .................................A NSWERS TO Q UI S'TIO NSThe OSI Security Architecture is a framework that p rovides a systematic way of defi ning the requirements for security and characteriz ing the app roaches to satisfy ing those requireme nts. The docume ntdefi nes security attacks, mecha ni sms, and services, and the relatio nships among these categories. Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electro nic mail, file tran sfers, and clie nt/server excha nges are exa mples of transmissions that can be monitored. Activeattacks include the modification of tran smitted data and attem pts to gai n un authorized access tocompu ter systems.Passive attacks: release of message contents and traffic analysis. Active attacks:masquerade, re play, modificatio n of messages, and denial of service.Authe nticati on: The assura nee that the com muni cati ng en tity is the one that it claims to be. Access con trol: The p reve nti on of un authorized use of a resource (i.e., this service con trols who can have access to a resource, un der what con diti ons access can occur, and what the access ing the resource are allowed to do).Data con fide ntiality: The p rotecti on of data from un authorized disclosure.Data integrity: The assuranee that data received are exactly as sent by an authorized entity (i.e., contain no modificati on, in serti on, deleti on, or rep lay).Nonrepudiation: Provides protection against denial by one of the entities involved in a communicationCha pter 1: Cha pter 2: Cha pter 3: Cha pter 4: Chap ter 5: Cha pter 6: Cha pter 7: Cha pter 8: Cha pter 9: Cha pter 10: Cha pter 11: Cha pter 12: Cha pter 13: Cha pter 14: Cha pter 15: Cha pter 16: Cha pter 17: Cha pter 18: Cha pter 19: Cha pter 20:.......7 ..13 ..... 21 ....28 .....33 38 .... 42 ...46 .......55 (59)....62 ... (66)■ ...71 . (73) (76) (80) (83) (87) (89)1.1 1.2 1.3 1.4seof having participated in all or part of the communication.Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).1.5 See Table 1.3.。

Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).Data confidentiality: The protection of data from unauthorized disclosure.Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).1.5 See Table 1.3.2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryptionalgorithm.2.2 Permutation and substitution.2.3 One key for symmetric ciphers, two keys for asymmetric ciphers.2.4 A stream cipher is one that encrypts a digital data stream one bit or one byteat a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.2.5 Cryptanalysis and brute force.2.6 Ciphertext only . One possible attack under these circumstances is thebrute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. Known plaintext. The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chosen plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key.2.7 An encryption scheme is unconditionally secure if the ciphertext generatedby the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An encryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the time required to break the cipher exceeds the useful lifetime of the information.C HAPTER 2C LASSICAL E NCRYPTION T ECHNIQUESR2.8 The Caesar cipher involves replacing each letter of the alphabet with theletter standing k places further down the alphabet, for k in the range 1 through25.2.9 A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertextalphabet, so that each letter of the plaintext alphabet maps to a single unique letter of the ciphertext alphabet.2.10 The Playfair algorithm is based on the use of a 5 5 matrix of lettersconstructed using a keyword. Plaintext is encrypted two letters at a time using this matrix.2.11 A polyalphabetic substitution cipher uses a separate monoalphabeticsubstitution cipher for each successive letter of plaintext, depending on a key.2.12 1. There is the practical problem of making large quantities of random keys.Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is asignificant task.2. Even more daunting is the problem of key distribution and protection. Forevery message to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem exists.2.13 A transposition cipher involves a permutation of the plaintext letters.2.14 Steganography involves concealing the existence of a message.A NSWERS TO P ROBLEMS2.1 a. No. A change in the value of b shifts the relationship between plaintextletters and ciphertext letters to the left or right uniformly, so that if the mapping is one-to-one it remains one-to-one.b. 2, 4, 6, 8, 10, 12, 13, 14, 16, 18, 20, 22, 24. Any value of a larger than25 is equivalent to a mod 26.c. The values of a and 26 must have no common positive integer factor otherthan 1. This is equivalent to saying that a and 26 are relatively prime, or that the greatest common divisor of a and 26 is 1. To see this, first note that E(a, p) = E(a, q) (0 ≤ p≤ q< 26) if and only if a(p–q) is divisible by 26. 1. Suppose that a and 26 are relatively prime. Then, a(p–q) is not divisible by 26, because there is no way to reduce the fractiona/26 and (p–q) is less than 26. 2. Suppose that a and 26 have a common factor k> 1. Then E(a, p) = E(a, q), if q = p + m/k≠ p.2.2 There are 12 allowable values of a (1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23,25). There are 26 allowable values of b, from 0 through 25). Thus the totalnumber of distinct affine Caesar ciphers is 12 26 = 312.2.3 Assume that the most frequent plaintext letter is e and the second most frequentletter is t. Note that the numerical values are e = 4; B = 1; t = 19; U = 20.Then we have the following equations:1 = (4a + b) mod 2620 = (19a + b) mod 26Thus, 19 = 15a mod 26. By trial and error, we solve: a = 3.Then 1 = (12 + b) mod 26. By observation, b = 15.2.4 A good glass in the Bishop's hostel in the Devil's seat—twenty-one degreesand thirteen minutes—northeast and by north—main branch seventh limb east side—shoot from the left eye of the death's head— a bee line from the tree through the shot fifty feet out. (from The Gold Bug, by Edgar Allan Poe)2.5 a. The first letter t corresponds to A, the second letter h corresponds toB, e is C, s is D, and so on. Second and subsequent occurrences of a letter in the key sentence are ignored. The resultciphertext: SIDKHKDM AF HCRKIABIE SHIMC KD LFEAILAplaintext: basilisk to leviathan blake is contactb. It is a monalphabetic cipher and so easily breakable.c. The last sentence may not contain all the letters of the alphabet. If thefirst sentence is used, the second and subsequent sentences may also be used until all 26 letters are encountered.2.6The cipher refers to the words in the page of a book. The first entry, 534,refers to page 534. The second entry, C2, refers to column two. The remaining numbers are words in that column. The names DOUGLAS and BIRLSTONE are simply words that do not appear on that page. Elementary! (from The Valley of Fear, by Sir Arthur Conan Doyle)2.7 a.2 8 10 7 9 63 14 5C R Y P T O G A H I4 2 8 1056 37 1 9ISRNG BUTLF RRAFR LIDLP FTIYO NVSEE TBEHI HTETAEYHAT TUCME HRGTA IOENT TUSRU IEADR FOETO LHMETNTEDS IFWRO HUTEL EITDSb. The two matrices are used in reverse order. First, the ciphertext is laidout in columns in the second matrix, taking into account the order dictated by the second memory word. Then, the contents of the second matrix are read left to right, top to bottom and laid out in columns in the first matrix, taking into account the order dictated by the first memory word. Theplaintext is then read left to right, top to bottom.c. Although this is a weak method, it may have use with time-sensitiveinformation and an adversary without immediate access to good cryptanalysis(e.g., tactical use). Plus it doesn't require anything more than paper andpencil, and can be easily remembered.2.8 SPUTNIK2.9 PT BOAT ONE OWE NINE LOST IN ACTION IN BLACKETT STRAIT TWO MILES SW MERESU COVEX CREW OF TWELVE X REQUEST ANY INFORMATION。

3.8A因为有用二进制表示为: 0000 1011 0000 0010 0110 01111001 1011 0100 1001 1010 0101 第一轮的子密钥为: 0 B 0 2 6 7 9 B 4 9 A 5b. L0, R0是64位的明文则有L0 = 1100 1100 0000 0000 1100 1100 1111 1111R0 = 1111 0000 1010 1010 1111 0000 1010 1010c. 将R0扩展为48 bits:E(R0) = 01110 100001 010101 010101 011110 100001 010101 010101d. A = 011100 010001 011100 110010 111000 010101 110011 110000e. S100(1110) = S10(14) = 0 (base 10) = 0000 (base 2)S201(1000) = S21(8) = 12 (base 10) = 1100 (base 2)S300(1110) = S30(14) = 2 (base 10) = 0010 (base 2)S410(1001) = S42(9) = 1 (base 10) = 0001 (base 2)S510(1100) = S52(12) = 6 (base 10) = 0110 (base 2)S601(1010) = S61(10) = 13 (base 10) = 1101 (base 2)S711(1001) = S73(9) = 5 (base 10) = 0101 (base 2)S810(1000) = S82(8) = 0 (base 10) = 0000 (base 2)f. B = 0000 1100 0010 0001 0110 1101 0101 0000g. P(B) = 1001 0010 0001 1100 0010 0000 1001 1100h. R1 = 0101 1110 0001 1100 1110 1100 0110 0011i.L1 = R0. 密文的内容为L1和R1串联3.10a.从内到外的计算过程T16(L15|| R15) = L16|| R16T17(L16|| R16) = R16|| L16IP [IP–1 (R16|| L16)] = R16|| L16TD1(R16|| L16) = R15|| L15b.T16(L15|| R15) = L16|| R16IP [IP–1 (L16|| R16)] = L16|| R16TD1(R16 || L16) = R16|| L16⊕ f(R16, K16)≠ L15|| R151≤I≤128，字符串c1{0，1}128字符串，其第i位为1其余各位都为0获取这128密文解密。