Applications of Cryptography

Question 1

What are the goals of cryptography ?

Answer 1

• Protection of data in transfer over insecure channel
• Protection of data in storage on untrusted media
• Confidentiality (prevent attacks)
• Integrity (detect attacks)
• Authenticity, origin of data (detect attacks)

Question 2

What is a hash function ?

Answer 2

Take input of arbitrary length and map it to output with fixed length, e.g. 512 bits

Question 3

What are the requirements for a hash function ?

Answer 3

Requirements for one-way hash function h
(easy to compute image, hard to compute source)
1. Ease of computation: given x, it is easy to compute h(x)
2. Compression: h maps inputs x of arbitrary bitlength to
outputs h(x) of a fixed bitlength n
3. One-way: given a value y, it is computationally infeasible to find an input x so that h(x) = y
4. Collision resistance: it is computationally infeasible to
find x and x’ where x /= x’ with h(x) = h(x’)

Question 4

Name some frequentliy used hash functions.

Answer 4

• MD5: 128 bit digest
  Has been broken; no longer recommended for cryptography
  (But still good for e.g. fast file comparisons)
• SHA-1 (“Secure Hash Algorithm”): 160 bit digest
  Attacks exist; replacement recommended
• SHA-2 (SHA-256/384/512), RIPEMD-160:
  Still considered secure
• SHA-3 as potential replacement for SHA-2 in case SHA-2 turns out to be broken

Question 5

What is the differnces between a symetric and an asymetric cryptosystem ?

Answer 5

Symmetric cryptosystem
– Both parties use same (secret) key
Trusted channel needed to distribute key
– Fast

Asymmetric cryptosystem
– Parties have a public key (for encryption) and a private key (for decryption)
Public key can be announced in a public directory
– Slow

Question 6

How does a hybrid of symetric and asymetric work ?

Answer 6

Generate a secret session key for a symmetric cryptosystem

Use asymmetric encryption to transmit session key

Encrypt further messages with received session key

Question 7

How does the key distribution in a symetric system work ?

Answer 7

n parties ->
𝑛 𝑥 (𝑛−1)
2
keys (1 key per pair of parties)

Distribute secret keys in advance over trustworthy channel

Question 8

How does the key distribution in a asymetric system work ?

Answer 8

n parties -> 2 𝑥 𝑛 keys (1 public, 1 private key per party)

Distribute only public keys in advance

Integrity+authenticity of public keys essential

Question 9

How does the key distribution in a hybrid system work ?

Answer 9

n parties -> 2 𝑥 𝑛 keys (1 public, 1 private key per party)

Secret session key generated when needed
needs good random number generator

Question 10

What is an electronic signature ?

Answer 10

Proof of authenticity and integrity of data

Legal recognition on same level as handwritten signature

Question 11

Where are electronic signatures used ?

Answer 11

• Email integrity and authenticity (e.g. S/MIME, PGP)
• Submission of tax returns
• Electronic invoices
• Communication between lawyers and courts
• Emission trading
• Certificates of origin (cross-border transports)
• E-BAföG