Consider a very simple symmetric block encryption algorithm in which 32-bits blocks of
plainext are encrypted using a 64-bit key. Encryption is defined as
C = (P⊕K0 ) ⊞ K1
where C = ciphertext, K = secret key, K0 = leftmost 64 bits of K, K1 = rightmost 64 bits of K,
⊕ = bitwise exclusive OR, and ⊞ is addition mod 264
.
a) Show the decryption equation. That is, show the equation for P as a function of C, K0,
and K1.
b) Suppose and adversary has access to two sets of plaintexts and their corresponding
ciphertexts and wishes to determine K. We have the two equations:
C = (P⊕K0 ) ⊞ K1 ; C’
= (P’⊕K0 ) ⊞ K1
First, derive an equation in one unknown (e.g., K0). Is it possible to proceed further to
solve for K0?