Cryptography II Flashcards
What is a block cipher?
- symmetric encryption scheme for messages (blocks) of a given fixed length
- The length of the block is independent from the length of the key
Describe ECB Mode
= Electronic Code Book
if message longer than block size b => partition P in m blocks
- assume N is multiple of b
- encryption : C[i] = Ek(P[i])
Properties of ECB Mode
- docs/ images not suitable for ECB
- ECB works well with random strings
- Encryption can be done in parallel
Describe CBC Mode
= Cipher Block Chaining
-prev C block is combined with current P block
C[i] = EK (C[i −1] ⊕ P[i])
-C[−1] = V is a random block (initialization vector)
Properties of CBC Mode
- works well with any input P
- requires reliable transmission of all blocks (so cant work on things with packet loss)
- CANNOT be parallelized
Describe Counter Mode
- counter t
- Encryption: C[i] = EK (t+i) ⊕ P[i]
- no need to implement decryption, ( since decryption process only requires reapplying the encryption function of the block cipher to generate the same keystream )
How does padding work in block ciphers?
- adding identical bytes, each indicating the length (in bytes) of the padding
- ALWAYS need to pad the last block, which might consist only of padding
Describe a Stream Cipher
- key stream: pseudo-random bit sequence generated from K, SK = SK[0], SK[1], SK[2], …
- encrypt: XOR the plaintext with the key stream C[i] = SK[i] ⊕ P[i]
Advantages and disadv of Stream Cipher
+ Fixed-length secret key
+ Plaintext can have arbitrary length
+ Incremental encryption and decryption
+ Works for packets sent over an unreliable channel
- Key stream cannot be reused
How do you generate key stream?
-> Block cipher in counter mode
– Use a block cipher EK with block size b
– The secret key is a pair (K, t), K - key, t - counter with b bits
– The key stream is the concatenation of ciphertexts: EK (t), EK (t + 1), EK (t + 2), …
What are adv and disadv of key stream generation
+Simple
+Fast
- Very long key streams can be distinguished from random
How to use initialization vectore for stream encryption? Describe the process
– Use a two-part key (U, V)
– Part U -fixed
– Part V - transmitted together with ciphertext
– V= initialization vector
Process:
– Alex and Harm share secret U
- Encryption
– Alex picks V and creates K = (U, V)
– Alex creates stream ciphertext C and sends (V, C) - Decryption
– Harm reconstructs key K = (U, V)
– Harm decrypts the message
What are the attacks on stream ciphers?
- Repetition attack:
- stream reuse yields XOR of Ps
- you can recover original plaintexts - Replacement attack:
– P = A B C, attacker knows B
– Enc(P) = K L M
– By computing B ⊕ L, part of key stream is revealed
– attacker can derive the ciphertext of Q = A D C
Describe public key cryptography
- public key- shared with everyone
- secret key - secret
Protocol:
- sender encrypts with recipient’s public key
- recipient decrypts with his own secret key
=> no keys are exchanged
adv/disadv of Public Key Encryptions
+ A single public-secret key pair allows receiving confidential messages from multiple parties
– Conceptually complex
– Slower performance than symmetric cryptography
What is IND-CPA?
= Indistinguishability under Chosen Plaintext Attack
- attacker has access to encryption oracle
- attacker can get the Cs of any Ms he wants
=> does it help attacker break encryption?
What is IND-CCA?
= Indistinguishability under Adaptive Chosen Ciphertext Attack
- attacker has access to encryption oracle and decryption oracle, Even AFTER the challenge phase
