\documentclass[12pt,ifthen]{article}
\usepackage{url}

\newcommand{\lf}{\left\lfloor}
\newcommand{\rf}{\right\rfloor}
\newcommand{\lc}{\left\lceil}
\newcommand{\rc}{\right\rceil}
\newcommand{\Ceil}[1]{\left\lceil {#1}\right\rceil}
\newcommand{\ceil}[1]{\left\lceil {#1}\right\rceil}
\newcommand{\floor}[1]{\left\lfloor{#1}\right\rfloor}
\newcommand{\abit }{\hat{a}}
\newcommand{\bbit }{\hat{b}}
\newcommand{\bits}[1]{\{0,1\}^{{#1}}}

\newcommand{\nth}{n^{th}}

\newif{\ifshowsoln}
\showsolntrue
\newcommand{\und}{\_\_\_\_\_\_\_\_\_}
\newcommand{\Z}{\mathbb{Z}}
\usepackage{amsmath}
\usepackage{amssymb}  % for \nmid

\begin{document}

\centerline{\textbf{HW 11 CMSC 456. MORALLY DUE Dec 3}}

\ifshowsoln
\centerline{\textbf{SOLUTIONS}}
\fi

{\textbf{NOTE- THE HW IS FIVE LONG}}


\begin{enumerate}
\item
(0 points)
READ the syllabus- Content and Policy.
What is your name?  Write it clearly.
What is the day of the final?
READ the slides and notes on Perfect and Comp Secrecy.

\centerline{\bf GOTO NEXT PAGE}

\newpage

\item
(30 points) 
In this problem we will guide you through a proof that a bad
random string generator will result in a 1-time pad
that is NOT secure in that Eve has prob $>\frac{1}{2}$ of winning
the security game.

Alice and Bob are using a 1-time pad.
But their random bit generator is terrible!
It outputs $0^n$ with probability $\frac{1}{2}+\frac{1}{2^{n+1}}$,
and every other string of length $n$ with probability $\frac{1}{2^{n+1}}$.
Answer the following questions which will lead up to a proof that
Alice and Bob's 1-time pad leads to an insecure cipher.
You can assume $n$ is odd and large.

\begin{enumerate}
\item
(0 points)
Eve picks $m_0=0^n$ and $m_1=1^n$.
\item
(3 points)
What is $\Pr(m=m_0)$? $\Pr(m=m_1)$?
\item
(0 points)
Recall that Alice picks $m\in \{m_0,m_1\}$
and then generates the key $k$ (very badly!)
and sends Eve $c=m\oplus k$.
\item
(0 points)
Let MAJ0 be the event: {\it $c$ is over half 0's}.
Let MAJ1 be the event: {\it $c$ is over half 1's.}.
We will take $n$ odd so that either MAJ0 or MAJ1 occurs.
\item
(3 points)
What is $\Pr( MAJ0 | m=m_0)$?
(Do not use the definition of Cond Prob- use instead that IF $m=m_0$, what is the
prob that the key $k$ is such that $c=m\oplus k$ has majority 0's.)
(You can approximate by taking $\frac{1}{2^{n+1}}$ to be 0. We are assuming $n$ is large.)
\item
(3 points)
What is $\Pr( MAJ1 | m=m_1)$?
(Do not use the definition of Cond Prob- use instead that IF $m=m_1$, what is the
prob that the key $k$ is such that $c=m\oplus k$ has majority 1's.)
(You can approximate by taking $\frac{1}{2^{n+1}}$ to be 0. We are assuming $n$ is large.)
\item
(3 points)
What is $\Pr( MAJ0 | m=m_1)$?
(Do not use the definition of Cond Prob- use instead that IF $m=m_1$, what is the
prob that the key $k$ is such that $c=m\oplus k$ has majority 0's.)
(You can approximate by taking $\frac{1}{2^{n+1}}$ to be 0. We are assuming $n$ is large.)
\item
(3 points)
What is $\Pr( MAJ1 | m=m_0)$?
(Do not use the definition of Cond Prob- use instead that IF $m=m_0$, what is the
prob that the key $k$ is such that $c=m\oplus k$ has majority 1's.)
(You an approx by taking $\frac{1}{2^{n+1}}$ to be 0. We are assuming $n$ is large.)

\centerline{\bf GOTO NEXT PAGE FOR MORE OF THIS PROBLEM}

\newpage

\item
(3 points)
What is $\Pr(MAJ0)$?
(Hint: its 

$$\Pr(MAJ0 | m=m_0)\Pr(m=m_0) + \Pr(MAJ0 | m=m_1)\Pr(m=m_1)$$ 

and you have all of those parts.)
\item
(3 points)
What is $\Pr(MAJ1)$?
(Hint: its 

$$\Pr(MAJ1 | m=m_0)\Pr(m=m_0) + \Pr(MAJ1 | m=m_1)\Pr(m=m_1)$$

 and you have all of those parts.)
\item
(3 points)
What is $\Pr( m=m_0 | MAJ0)$
(Hint: Use Bayes's theorem)
\item
(3 points)
What is $\Pr( m=m_1 | MAJ1)$
(Hint: Use Bayes's theorem)
\item
(3 points) Show that Eve has a winning strategy. Describe the strategy and use the parts above to
show it has prob $>\frac{1}{2}$ of winning. What is the prob of Eve winning?
\end{enumerate}




\centerline{\bf GOTO NEXT PAGE}

\newpage


\item
(30 points)
In this problem we will make what we said about the Randomized Shift rigorous
lay the groundwork for being able to apply the technique elsewhere.
\begin{enumerate}
\item
(10 points)
(Look up THE BIRTHDAY PARADOX on the web though you will need to adjust it some.)
Find a number $a$ such that, for large $N$, 
$a\sqrt N$ elements from $\{1,\ldots,N\}$ with replacement 
then the probability that two are the same is $\ge \frac{3}{4}$
(the traditional birthday Paradox is $\frac{1}{2}$ so you will need to adjust this.)
You have to hand in a self-contained account, you can't say {\it see website BLAH}.
\item
(10 points)
Assume you are doing randomized shift with an alphabet of size $N$.
Show that the randomized shift is not computationally secure by giving a strategy
in the comp sec game where Eve wins with prob much bigger than $\frac{1}{2}$.
(You may use part 1 above.)
\item
(10 points)
Assume the alphabet size $N$ is prime. Hence the number of $(a,b)$ such
that $ax+b$ is a valid Affine Cipher is $N^2$ (we will not let $b=0$).
Recall the RANDOMIZED AFFINE CIPHER:
\begin{enumerate}
\item
Alice and Bob both have the key which is a function $f:\{1,\ldots,N^2\}\rightarrow \{1,\ldots,N\}\times \{1,\ldots,N\}$.
\item
For Alice to send Bob a message $\sigma_1,\sigma_2,\ldots,\sigma_L$ he
(1) generates RANDOM $r_1,\ldots,r_L\in \{1,\ldots,N^2\}$,
(2) for $1\le i\le L$ Alice finds $f(r_i)=(a_i,b_i)$.
(3) sends

$$
(r_1, a_1\sigma_1 + b_1),
(r_2, a_2\sigma_2 + b_2),
\ldots,
(r_L, a_L\sigma_L + b_L)
$$
\item
We leave it to you for how Bob decodes, but note that since he has $r_i$'s he can find
$a_i$'s and $b_i$'s.
\end{enumerate}


Show that the randomized affine is not computationally secure by giving a strategy
in the comp sec game where Eve wins with prob much bigger than $\frac{1}{2}$.
(You may need to reason a bit informally towards the end of the proof.)
\end{enumerate}


\centerline{\bf GOTO NEXT PAGE}

\newpage

\item
(40 points)
State two facts you learned from Lloyd's talk on the NSA.

\end{enumerate}

\end{document}