# Understanding Cryptography by Christof Paar and Jan Pelzl - All Problems and Solutions

- 6 mins## Useful links

- Official Website for “Understanding Cryptography” - crypto-textbook.com
- University Lecture Series Covering the Material from the Book - taught by Christof Paar
- Problem sets from the book:
- Solutions for Odd-Numbered Questions

## Introduction

During my self-study on the topic of cryptography, I’ve found that the textbook “Understanding Cryptography” by Christof Paar and Jan Pelzl, and the accompanying YouTube lectures, are the most accessible introductory material I have found. The book contains a great many exercises related to the material.

There is a solution manual freely available from the website called Solutions for Odd-Numbered Questions, however the even numbered questions are unavailable. I have contacted the authors, but licensing restrictions prevent them providing the full manual to anyone except instructors in educational institutions. It does not appear that anyone has leaked the manual to the internet either.

As such, I have decided to create a comprehensive solution set to all problems in the book.

## List of Questions and Answers

- Chapter 1 - Introduction to Cryptography and Data Security
- Ex 1.1 - Breaking a Substitution Cipher by Frequency Analysis
- Ex 1.2 - Breaking a Caesar/Shift Cipher by Frequency Analysis
- Ex 1.3 - Calculating the Length of Brute-Force Attacks against AES
- Ex 1.4 - Password Length and Key Sizes in Bits
- Ex 1.5 - Multiplication in Finite Sets
- Ex 1.6 - Division in Finite Sets
- Ex 1.7 - Computing Addition and Multiplication Tables in Finite Sets
- Ex 1.8 - Computing Multiplicative Inverses of 5 in Several Finite Sets
- Ex 1.9 - Computing Large Exponents in Finite Sets
- Ex 1.10 - Computing Euler's Phi Function
- Ex 1.11 - Decrypting with the Affine Cipher
- Ex 1.12 - Decrypting with the Extended German-Alphabet Affine Cipher
- Ex 1.13 - Breaking the Affine Cipher with a Chosen Plaintext Attack
- Ex 1.14 - Proving that Double Encryption with the Affine Cipher is Equivalent to Single Encryption
- Chapter 2 - Stream Ciphers
- Ex 2.1 - Developing a Stream Cipher which Operates on the Latin Alphabet
- Ex 2.2 - Discussion of Key Management Issues with One Time Pads (OTPs)
- Ex 2.3 - The Dangers of Key Reuse with One Time Pads (OTPs)
- Ex 2.4 - The Impossibility of Brute Force Attacks on One Time Pads (OTPs)
- Ex 2.5 - Calculating the Output and State of Linear Feedback Shift Registers (LFSRs)
- Ex 2.6 - Chosen Plaintext Attacks Against Stream Ciphers with Short Periods
- Ex 2.7 - Computing the First Two Bytes of Output from an LSFR with an 8th Degree Polynomial
- Ex 2.8 - Computing All Sequences from Reducible, Irriducible and Primitive Polynomial LFSRs
- Ex 2.9 - Discussion of Attacks Against LFSRs
- Ex 2.10 - Performing a Chosen Plaintext Attack to Break an LFSR and Reveal its Feedback Coefficients
- Ex 2.11 - Performing Another Chosen Plaintext Attack to Break an LFSR and Reveal the Full Plaintext
- Ex 2.12 - Calculating the First 70 Bits of Output During Trivium's Warm-up Phase
- Chapter 3 - The Data Encryption Standard (DES) and Alternatives
- Ex 3.1 - Verifying the Non-Linearity of the DES S-boxes
- Ex 3.2 - Veryifying that IP and IP-1 are Each Other's Inverse
- Ex 3.3 - Calculating the Output of the First Round of DES Encryption with All 0s
- Ex 3.4 - Calculating the Output of the First Round of DES Encryption with All 1s
- Ex 3.5 - Demonstrating the Avalanche Effect of a 1-bit Input Change in DES
- Ex 3.6 - Demonstrating the Avalanche Effect of a 1-bit Key Change in DES
- Ex 3.7 - Discussion of What Constitutes a "Weak Key" in DES
- Ex 3.8 - Proving that When the DES Key and Input are Bitwise Inverted, So is the Output
- Ex 3.9 - Discussion of Number of Key Checks Required to Brute-Force a DES Key from a Chosen Plaintext
- Ex 3.10 - Discussion of Clock Frequency Requirements for DES Hardware Implementations
- Ex 3.11 - Using COPACOBANA to Brute-Force DES Keys
- Ex 3.12 - Calculating Equivalent Key Lengths for DES Keys With Flawed Generation Procedures
- Ex 3.13 - Calculating the State After Round 1 for the PRESENT-80 Block Cipher
- Chapter 4 - The Advanced Encryption Standard (AES)
- Ex 4.1 - The AES Development Process and How that Differed from DES
- Ex 4.2 - Computing Addition and Multiplication Tables in Galois Prime Fields
- Ex 4.3 - Computing Addition and Multiplication Tables in Galois Extension Fields
- Ex 4.4 - Performing Addition and Reduction in GF(2⁴)
- Ex 4.5 - Performing Multiplication and Reduction in GF(2⁴)
- Ex 4.6 - Calculating a Division in GF(2⁸) and Reducing via the AES Irreducible Polynomial
- Ex 4.7 - Finding Multiplicative Inverses in GF(2⁴)
- Ex 4.8 - Finding Irreducible Polynomials in GF(2)
- Ex 4.9 - Calculating the Output of the First Round of AES Encryption with All 1s
- Ex 4.10 - Calculating the State After One Round for AES
- Ex 4.11 - Deriving Equations for the Constant Multiplications Done in the MixColumn GF Computations
- Ex 4.12 - Calculating the Number of XOR Gates Required for AES Diffusion
- Ex 4.13 - Checking Multiplicative Inverses in GF(2⁸)
- Ex 4.14 - Calculating the AES S-box for Certain Values Using the Affine Mapping
- Ex 4.15 - Derive RC Constants in AES Key Schedule
- Ex 4.16 - Calculating the Length of Brute-Force Attacks against AES
- Chapter 5 - More about Block Ciphers
- Ex 5.1 - Selecting the Appropriate Mode of Operation for a Block Cipher in a Specific Use-Case
- Ex 5.2 - Comparison of Brute-force Costs for Ciphers in ECB or CBC Modes
- Ex 5.3 - Discussion of Deriving the IV of a Cipher in CBC Mode where Key is Known
- Ex 5.4 - Why Keeping the IV Secret Does not Increase Security for Ciphers in OFB Mode
- Ex 5.5 - The Problems of IV Reuse with Ciphers in OFB Mode
- Ex 5.6 - Designing an OFB Mode Scheme for Byte Encryption
- Ex 5.7 - Weakening an OFB Mode Scheme by Truncating the Feedback Bytes
- Ex 5.8 - Designing a CFB Mode Scheme for Byte Encryption
- Ex 5.9 - Discussion of the Number of IV Bits Available in AES CTR (Counter) Mode for 1TB of Plaintext
- Ex 5.10 - Propagation of Errors in Various Block Cipher Modes of Operation
- Ex 5.11 - Reestablishing Synchronisation and Correctness in the Case of Bit Insertion/Deletion during Transmission
- Ex 5.12 - Calculating the Length of Brute-Force Attacks against 2DES with "Meet in the Middle" Attack