BSc CSIT (TU) Science Cryptography (BSc CSIT, CSC316) Question Paper 2082 Nepal
This is the official BSc CSIT (TU) (Science stream) Cryptography (BSc CSIT, CSC316) question paper for 2082, as set in the annual (regular) examination. It carries 60 full marks and a time allowance of 180 minutes, across 12 questions. On Kekkei you can attempt this Cryptography (BSc CSIT, CSC316) past paper online with a timer, get instant AI feedback and step-by-step solutions, and track the topics where you lose marks — completely free. Whether you are revising for your BSc CSIT (TU) Cryptography (BSc CSIT, CSC316) exam or solving previous years' question papers, this 2082 paper is a great way to practise under real exam conditions.
| Level | BSc CSIT (TU) |
|---|---|
| Stream | Science |
| Subject | Cryptography (BSc CSIT, CSC316) |
| Year | 2082 BS |
| Exam session | Regular (annual) |
| Full marks | 60 |
| Time allowed | 180 minutes |
| Questions | 12, all with step-by-step solutions |
Section A: Long Answer Questions
Attempt any TWO questions.
Describe the Fiestel Cipher structure. Given the key {2B, 7E, 15, 16, 28, AE, D2, A6, AB, F7, 97, 66, 01, 02, 03, 04}, compute the first 4 byte of next key after first iteration, using the following S-Box in AES.
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76
Feistel Cipher Structure
A Feistel cipher is a symmetric structure used to build many block ciphers (e.g. DES). The plaintext block is split into two halves and processed through several rounds, in each of which one half is transformed by a round function keyed with a round subkey, and then XORed with the other half.
For round , given the halves :
Plaintext (split into L0 | R0)
|
+-------------+-------------+
| |
L0 R0 ---> F(R0, K1)
| | |
+------------ XOR <---------|--------+
| |
(swap) L1 = R0 R1 = L0 XOR F(R0,K1)
| |
... repeat for n rounds ...
|
Ciphertext (Rn | Ln)
Key features:
- Decryption uses the same structure, applying subkeys in reverse order — so encryption and decryption hardware/software are identical.
- The round function need not be invertible, giving great design freedom.
- Security depends on the number of rounds, the function , and the key schedule (Shannon's confusion and diffusion).
AES Key Expansion: First 4 Bytes of the Next Round Key
The AES key is grouped into 4-byte words. The given 16-byte key gives:
| Word | Bytes |
|---|---|
| 2B 7E 15 16 | |
| 28 AE D2 A6 | |
| AB F7 97 66 | |
| 01 02 03 04 |
The next round key starts with , and the first 4 bytes of the next key are exactly :
where = RotWord → SubWord → XOR Rcon(1).
Step 1 — RotWord(): cyclic left shift of (01 02 03 04) → (02 03 04 01).
Step 2 — SubWord (substitute each byte using the AES S-Box):
- 02 → 77
- 03 → 7B
- 04 → F2
- 01 → 7C
Result: (77 7B F2 7C).
Step 3 — XOR with Rcon(1) = (01 00 00 00):
So 76 7B F2 7C.
Step 4 — :
| byte 0 | byte 1 | byte 2 | byte 3 | |
|---|---|---|---|---|
| 2B | 7E | 15 | 16 | |
| 76 | 7B | F2 | 7C | |
| XOR | 5D | 05 | E7 | 6A |
So the first four bytes of the next round key after the first iteration are 5D 05 E7 6A.
Illustrate the man in middle attack in Diffie – Hellman key exchange protocol. Assume the prime number be 19 and 10 as its primitive root. Select 5 as private key and 4 as random integer. Find the cipher text of M = 2 using Elgamal crypto system.
Man-in-the-Middle Attack on Diffie–Hellman
The Diffie–Hellman (DH) key exchange has no authentication, so an active attacker (Eve) sitting between Alice and Bob can impersonate each to the other.
Alice Eve (attacker) Bob
| g^a -----------> | (intercepts) |
| | g^e ---------------> |
| | <--------------- g^b |
| <---------- g^e | (intercepts) |
| | |
shares g^(ae) with Eve | shares g^(be) with Eve
- Alice sends ; Eve intercepts it and sends her own to Bob.
- Bob sends ; Eve intercepts it and sends to Alice.
- Alice computes (thinking she shares it with Bob); Bob computes .
- Eve knows both and . She decrypts, reads/alters, and re-encrypts every message between them. Neither party detects the attack.
Countermeasure: authenticate the public values (e.g. signed DH, STS protocol, certificates) so Eve cannot substitute her keys.
ElGamal Encryption of M = 2
Given: prime , primitive root , private key , random integer , message .
Step 1 — public key :
So . Public key: .
Step 2 — :
Step 3 — :
Ciphertext:
(Verification: . ; ; . ✓)
List the properties of hash function. Describe the algorithm for SHA-1.
Properties of a Cryptographic Hash Function
A hash function maps an arbitrary-length message to a fixed-length digest. To be cryptographically secure it must satisfy:
- Fixed output length: any input size produces a fixed-size digest (e.g. 160 bits for SHA-1).
- Efficiency: is fast to compute for any .
- Preimage resistance (one-way): given a hash , it is infeasible to find any with .
- Second preimage resistance (weak collision resistance): given , it is infeasible to find with .
- Collision resistance (strong): it is infeasible to find any two distinct inputs with .
- Avalanche effect: a small change in input (even one bit) changes the output drastically.
- Deterministic: the same input always yields the same digest.
SHA-1 Algorithm
SHA-1 takes a message of length bits and produces a 160-bit message digest. It processes the message in 512-bit blocks over 80 rounds per block.
Step 1 — Padding
The message is padded so its length : append a single 1 bit, then 0 bits, then a 64-bit representation of the original message length. Total length becomes a multiple of 512.
Step 2 — Initialize Buffer (five 32-bit words)
H0 = 67452301 H1 = EFCDAB89 H2 = 98BADCFE
H3 = 10325476 H4 = C3D2E1F0
Step 3 — Process each 512-bit block
For each block:
- Expand the sixteen 32-bit words into eighty words:
- Set working variables .
- Run 80 rounds; for :
The round function and constant depend on the round group:
| Rounds | ||
|---|---|---|
| 0–19 | 5A827999 | |
| 20–39 | 6ED9EBA1 | |
| 40–59 | 8F1BBCDC | |
| 60–79 | CA62C1D6 |
- Add the working variables back into the buffer:
Step 4 — Output
After the last block, the digest is the concatenation:
Note: SHA-1 is now considered broken for collision resistance (practical collisions found in 2017) and is replaced by SHA-2/SHA-3 in modern systems.
Section B: Short Answer Questions
Attempt any EIGHT questions.
Describe any three types of malicious logic.
Types of Malicious Logic
Malicious logic is code that performs unauthorized, harmful actions. Three common types:
1. Virus A program fragment that attaches itself to a host file or program and replicates by inserting copies of itself into other programs when the infected host runs. It requires a host and usually some user action to spread, and carries a payload that may corrupt or delete data.
2. Worm A stand-alone, self-replicating program that spreads across networks on its own, without attaching to a host or needing user action. It exploits system/network vulnerabilities to copy itself to other machines, consuming bandwidth and resources (e.g. the Morris worm).
3. Trojan Horse A program that masquerades as legitimate or useful software but secretly performs malicious actions such as data theft or installing a backdoor. It does not self-replicate and relies on deceiving the user into running it.
| Feature | Virus | Worm | Trojan |
|---|---|---|---|
| Self-replicating | Yes | Yes | No |
| Needs a host file | Yes | No | No |
| Spreads over network alone | No | Yes | No |
| Relies on deception | Sometimes | No | Yes |
(Other examples of malicious logic include logic bombs, rootkits, spyware and ransomware.)
Given the key "HELLOWORLD", encrypt the plaintext "TURINGTEST" using Play fair cipher.
Playfair Cipher Encryption
Key: HELLOWORLD Plaintext: TURINGTEST
Step 1 — Build the 5×5 key matrix (I/J share a cell)
Write the key letters left-to-right (dropping repeats), then fill with the remaining alphabet. Unique key letters: H E L O W R D.
| H | E | L | O | W |
| R | D | A | B | C |
| F | G | I/J | K | M |
| N | P | Q | S | T |
| U | V | X | Y | Z |
Step 2 — Split plaintext into digraphs
TURINGTEST → TU · RI · NG · TE · ST (no repeated-letter or odd-length padding needed).
Step 3 — Apply Playfair rules
Same row → take letter to the right; same column → take letter below; rectangle → take letter in the same row but the other pair's column.
| Pair | Positions | Rule | Cipher |
|---|---|---|---|
| TU | T(r3,c4), U(r4,c0) | rectangle → (r3,c0),(r4,c4) | N Z |
| RI | R(r1,c0), I(r2,c2) | rectangle → (r1,c2),(r2,c0) | A F |
| NG | N(r3,c0), G(r2,c1) | rectangle → (r3,c1),(r2,c0) | P F |
| TE | T(r3,c4), E(r0,c1) | rectangle → (r3,c1),(r0,c4) | P W |
| ST | S(r3,c3), T(r3,c4) | same row → right of each | T N |
(rows/cols numbered from 0)
Result
Explain any two modes of block cipher encryption.
Modes of Block Cipher Encryption
A block cipher only encrypts one fixed-size block; a mode of operation defines how to securely encrypt messages longer than one block. Two important modes:
1. Electronic Codebook (ECB)
Each plaintext block is encrypted independently with the same key:
P1 ->[E_K]-> C1 P2 ->[E_K]-> C2 P3 ->[E_K]-> C3
- Pros: simple, blocks can be processed in parallel, random access.
- Cons: identical plaintext blocks produce identical ciphertext blocks, so data patterns leak (the classic "ECB penguin"). Insecure for structured data.
2. Cipher Block Chaining (CBC)
Each plaintext block is XORed with the previous ciphertext block before encryption, using an Initialization Vector (IV) for the first block:
P1 -XOR(IV)->[E_K]-> C1
P2 -XOR(C1)->[E_K]-> C2
P3 -XOR(C2)->[E_K]-> C3
- Pros: identical plaintext blocks give different ciphertext (hides patterns); each block depends on all previous blocks.
- Cons: encryption is sequential (cannot parallelize); a transmission error in corrupts two decrypted blocks; requires a random IV.
(Other modes include CFB, OFB and CTR, which turn the block cipher into a stream cipher.)
State Fermat's theorem with example. What is the implication of discrete logarithm?
Fermat's Theorem (Fermat's Little Theorem)
Statement: If is a prime and is an integer with , then
Equivalently, for any integer : .
Example: Let , :
It is widely used for modular exponentiation, computing inverses, and primality testing (Fermat test) in cryptography.
Implication of the Discrete Logarithm
Given a prime , a generator of , and a value , the discrete logarithm problem (DLP) is to find the exponent .
- Forward direction is easy: computing is fast (modular exponentiation).
- Reverse direction is hard: recovering from is computationally infeasible for large — it is a presumed one-way / trapdoor function.
Implication: This asymmetry is the security foundation of several public-key schemes — Diffie–Hellman key exchange, ElGamal encryption, the Digital Signature Algorithm (DSA), and elliptic-curve cryptography (ECDLP). Their secrecy holds only as long as the discrete logarithm remains intractable; an efficient DLP solver (e.g. a large quantum computer running Shor's algorithm) would break all of them.
Describe the working mechanism of digital signature algorithm.
Digital Signature Algorithm (DSA)
DSA is a standard (FIPS 186) for generating and verifying digital signatures. Its security relies on the discrete logarithm problem. A signature provides authentication, integrity, and non-repudiation, but (unlike RSA signing) DSA is used only for signing, not encryption.
Parameter & Key Generation
- Choose a large prime and a prime that divides .
- Choose (an element of order ).
- Private key: random with .
- Public key: .
- Public parameters: .
Signing a message (signer with private key )
- Pick a fresh random secret , .
- Compute .
- Compute the hash and
- The signature is the pair , sent with .
Verification (verifier with public key )
- Compute .
- Compute and .
- Compute .
- Accept the signature if and only if .
Sign: M -> H(M) -> (r,s) using x, k
Send: (M, r, s)
Verify: recompute v from H(M), r, s, y -> v == r ? -> valid
Key points: the hash binds the signature to the message (integrity); only the holder of can produce a valid (authentication & non-repudiation); the random must be unique and secret for every signature — reusing leaks the private key.
List and explain the types of firewall.
Firewall
A firewall is a hardware or software system placed between a trusted internal network and an untrusted external network (e.g. the Internet) that filters traffic according to a security policy, allowing or blocking packets/connections.
Types of Firewalls
1. Packet-Filtering Firewall Operates at the network/transport layer. It inspects each packet's header — source/destination IP, port, and protocol — and accepts or drops it based on a rule set (ACL).
- Pros: fast, cheap, transparent.
- Cons: stateless; cannot see application content; vulnerable to spoofing.
2. Stateful Inspection Firewall Keeps a state table of active connections and evaluates packets in the context of the whole session (e.g. only allows reply packets that belong to an established connection).
- Pros: more secure than simple packet filters; tracks connection state.
- Cons: more resource-intensive.
3. Application-Level Gateway (Proxy Firewall) Works at the application layer; a proxy relays traffic for specific applications (HTTP, FTP). It inspects the actual content of requests/responses.
- Pros: deep inspection, hides internal hosts, strong control.
- Cons: slow; needs a separate proxy per application.
4. Circuit-Level Gateway Operates at the session layer; it validates the TCP handshake/session setup (e.g. SOCKS) and then relays data without inspecting content.
- Pros: low overhead, hides internal network.
- Cons: no content inspection.
(Modern "Next-Generation Firewalls" combine stateful inspection with deep-packet inspection, IPS and application awareness.)
Decrypt the ciphertext "HI" using Hill Cipher where the key is [5/4 3/3].
Hill Cipher Decryption
Ciphertext: HI Key matrix (columns 5,4 and 3,3):
with letter values , so , , and .
Decryption uses the inverse key matrix mod 26: .
Step 1 — Determinant of K (mod 26)
Step 2 — Modular inverse of the determinant
Find : , so .
Step 3 — Adjugate of K
Step 4 — Inverse key matrix
Step 5 — Recover plaintext
(Check by re-encrypting: )
What is digital certificate? Discuss the certificate life cycle.
Digital Certificate
A digital certificate is an electronic document that binds a public key to the identity of its owner, and is digitally signed by a trusted third party called a Certificate Authority (CA). It lets a relying party trust that a given public key really belongs to the named subject (preventing public-key substitution / MITM).
The common standard is X.509, whose fields include: version, serial number, signature algorithm, issuer (CA) name, validity period (not-before / not-after), subject name, subject's public key, extensions, and the CA's digital signature.
Certificate Life Cycle
- Key generation: the subject (or CA) generates a public/private key pair.
- Registration / Enrollment: the applicant submits a Certificate Signing Request (CSR) with their public key and identity to a Registration Authority (RA).
- Verification (Identity validation): the RA/CA verifies the applicant's identity and ownership of the key.
- Issuance: the CA creates the certificate, signs it with the CA private key, and delivers it to the subject.
- Distribution / Publication: the certificate is published (directory, LDAP) and used to establish secure communication.
- Usage / Validation: relying parties verify the CA's signature, the validity period, and revocation status (via CRL or OCSP) before trusting it.
- Renewal: before expiry, the certificate is re-issued (usually with a new validity period / key).
- Revocation: if the private key is compromised or details change, the CA revokes the certificate early and lists it on a CRL (Certificate Revocation List) / OCSP.
- Expiration / Destruction: after the validity period ends, the certificate expires and associated keys are securely archived or destroyed.
Key-gen -> Enroll(CSR) -> Verify -> Issue -> Distribute -> Use
|
Renew <------+------> Revoke -> Expire
Define authentication system. Discuss about challenge response system.
Authentication System
An authentication system is a mechanism that verifies the claimed identity of an entity (user, host, or process) before granting access. It answers "are you who you say you are?" and is based on one or more factors:
- Something you know — password, PIN, passphrase.
- Something you have — smart card, token, OTP device.
- Something you are — biometrics (fingerprint, iris, face).
Combining two or more factors gives multi-factor authentication (MFA), which is far stronger than a single factor. A good authentication system also resists eavesdropping and replay of credentials.
Challenge–Response System
A challenge–response authentication scheme proves identity without transmitting the secret itself, defeating eavesdropping and replay attacks.
Working mechanism:
- The claimant requests access to the verifier.
- The verifier sends a random, one-time challenge (a nonce) to the claimant.
- The claimant computes a response by applying a secret-keyed function to the challenge — e.g. encrypting it or hashing it together with the shared secret:
- The verifier performs the same computation (or verifies it) and grants access only if the response matches.
Claimant Verifier
| request access -------------> |
| <----------- random challenge |
| response = f(secret,challenge)->|
| verify | -> grant / deny
Advantages:
- The secret is never sent over the network.
- Because the challenge is fresh each time, an attacker who records an old response cannot replay it.
- Used in CHAP, Kerberos, OTP/token systems and smart-card authentication.
Frequently asked questions
- Where can I find the BSc CSIT (TU) Cryptography (BSc CSIT, CSC316) question paper 2082?
- The full BSc CSIT (TU) Cryptography (BSc CSIT, CSC316) 2082 (Regular (annual)) question paper is available free on Kekkei. You can read every question online and attempt the paper under timed exam conditions.
- Does the Cryptography (BSc CSIT, CSC316) 2082 paper come with solutions?
- Yes. Every question on this Cryptography (BSc CSIT, CSC316) past paper includes a step-by-step solution, plus instant AI feedback when you attempt it on Kekkei.
- How many marks is the BSc CSIT (TU) Cryptography (BSc CSIT, CSC316) 2082 paper?
- The BSc CSIT (TU) Cryptography (BSc CSIT, CSC316) 2082 paper carries 60 full marks and is meant to be completed in 180 minutes, across 12 questions.
- Is practising this Cryptography (BSc CSIT, CSC316) past paper free?
- Yes — reading and attempting this Cryptography (BSc CSIT, CSC316) past paper on Kekkei is completely free.