Final Exam Prep Flashcards

Question

What are the two requirements for a strong Symmetric encryption algorithm?

Answer 1

1. A strong encryption algorithm that cannot be broken even if an opponent knows the algorithm and ciphertexts 2. A secure key

Answer 2

Attacker tries every possible key one by one on ciphertext until the plaintext is found - it takes half the possible keys in the keyspace on average to succeed

Answer 3

Where the letters are shifted by 1-25 places, the cryptanalysis is just brute force trying all 25 different keys

Answer 4

Caesar but instead of shifting it, each letter is individually substituted with another one - permutation of 26! possibilities which is computationally secure but letter frequency analysis can be used to crack this

Answer 5

Treats digrams (2 letters together) as single units and translates these units into ciphertext digrams - done using a 5x5 matrix of letters structured using a keyword and the letters are made into digrams from the matrix, creating 26x26 possible combos instead of just 26

Answer 6

Cipher developed by lester Hill which uses matrices and row vectors - C = PK mod 26 where plaintext and cipher text are length 3 row vectors (e.g.(1, 2, 3)) and the key is a 3x3 matrix

Answer 7

Essentially a set of related monoalphabetic substitution rules is used and a key determines which particular rule is chosen

Answer 8

polyalphabetic cipher where a set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers with shifts 0-25 The first letter of the key is added to first letter of the plaintext mod 26, and so on until the key length is reached and then it is repeated C1 = (p1 + k1mod m) mod 26

Answer 9

Progress depends on determining the length of the keyword in order to look for repeats and ultimately determine the key. A way to strengthen a bit that is still vulnerable is to have the message become the key after the key is elapsed e.g. if key is fuck and message is "thiscourse" key: fuckthisco added to plaintext thiscourse

Answer 10

An extension to the vigenere cipher but the keyword is as long as the plaintext but has no statistical relationship. uses a key stream generator which is xor'ed with the message bits to create the ciphertext

Answer 11

Vernam cipher but the random key is as long as the cipher. this makes it unbreakable to cryptanalysis as it produces random ciphertext with no statistical relationship to the plaintext Even brute force doesn't work

Answer 12

1. making a truly random keys is difficult 2. Key distribution and protection is difficult since the keys must be very large if the message is

Answer 13

A permuatation on the plaintext letters. e.g. rail fence -> plaintext is written as a sequence of diagonals and then read off as a sequence of rows This philosiphy is taken further and the letters are written in rows, the rows are than moved around and the key is the order that the rows are displayed in

Answer 14

It uses a number of rotating cylinders, the cylinders have a connection in them for each of the letters with the output pins of a rotor connecting with the input pins of the next rotor e.g. 5 rotor is 26^5 different alphabets

Answer 15

Encrypts data one bit or byte at a time - it is a branch of symmetrical ciphers that uses a psuedorandom bit generator to produce a string of seemingly random bits called the keystream, the keystream is then xor'ed with the plaintext

Answer 16

A well known stream cipher with a key length of 1-256 bits

Answer 17

primes near n are spaced every ln(n) numbers so using an existing known prime you need to test 1/2(ln(n)) numbers e.g. 2^200 = 0.5(ln(2^200))

Answer 18

An approach to encryption where one alternates between substitution and permutation

Answer 19

Diffusion - aims to spread the influence of each plaintext digit over many ciphertext ones Confusion - seeks to make the relationship between key and cipher text as complex as possible to make determining statistical patterns difficult

Answer 20

An implementation of claude shannon using S-boxes which alternate between permuation and substitutions to map an n bit input block to an m-bit output one Goes substitution -> permutation -> xor with key

Answer 21

the avalanche effect creates diffusion -> changing one bit changes half the output bits and if this happens multiple times it is very hard to track

Answer 22

Same as diffusion changing one bit changes several of the round keys and with every change diffusing over multiple rounds it creates confusion

Answer 23

Changing any single bit of the input can change up to half the output bits - it holds if each s-box is designed so that if a single bit changes in the input at least 2 outputs will change and the permutation layers are designed so any output bits of any s-box are input to different s-boxes in the next layer

Answer 24

2^r where r is the number of rounds

Answer 25

Exactly what it sounds like, you perform DES on the output of another DES using a second key - key length of 112 bits (2x 52)

Answer 26

Key length: k bits block length: n bits transformations: 2^k possible transformations

Answer 27

Left3 = L1 ⊕ f(r1) = R0 ⊕ f(L0 ⊕ f(r1)) R3 = L0 ⊕ f(r0)

Answer 28

NSA asked public for a standardized algorithm to transmit sensitive information. they selected fiestels but made modifications

Answer 29

1. 64 bit plaintext -> 56 bit key for the s-boxes 2. No output bit of any s-box is close to a linear function of the input bits 3. each s-box row should include all 16 possible outputs 4. for any nonzero 6 bit difference between inputs no more than 8 of the 32 pairs of inputs exhibiting that difference may result in the same output difference 5. if 2 inputs differ by exactly one bit the output must differ by >= 2

Answer 30

only works if the attacker can choose specific plaintext messages and obtain the corresponding cipher text - It analyzes the differences between plaintext and cipher pairs to identify patterns and hopefully recover the key

Answer 31

Analyzes a large number of pt-ct pairs to find linear approximations of the non-linear parts of the cipher - by exploiting approximations the attacker might be able to deduce key bits or other information

Answer 32

It has the same problems as single DES if a K3 that provides the same output as the double des is found. It is vulnerable to a meet in the middle attack where given plaintext p and cipher text c: encrypt p for all possible K1 and decrypt c for all possible key 2 and see if they line up

Answer 33

Either encrypts 3 times with 3 keys or, encrypts, decrypts and then encrypts again using DES. It has a brute force attack cost of 2^112

Answer 34

specification for the encryption of data established by the US national institute of standards and technology in 2001 - much stronger than DES

Answer 35

Key lengths of 128, 192 or 256 - block cipher encrypts data in blocks of 128 bits - 128 bit key = 10 rounds - 192 = 12 rounds - 256 = 14 rounds

Answer 36

Uses different number of rounds -> each round has a unique key derived from a main key - operates in 128 bit blocks returning ciphertext of the same length

Answer 37

AES considers a 16 byte grid in matrix column arrangement 1. Subbytes -> each byte is substituted with another 2. ShiftRows -> left circular shift with each row doing an extra shift (R1+0, R2+1, R3+2, R4+3) 3. MixColumns -> each column is multiplied by a specific matrix thus position of each byte changes 4. RoundKey -> output of previous stage XOR with roundkey

Answer 38

Electronic codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR)

Answer 39

A block cipher mode of operation: each block of plaintex bits is encoded independently using the same key

Answer 40

The input to the encryption algorithm is the XOR of the next block of plaintext and the previous block of ciphertext. Initialization vector is used for the first block since there is no preceding cipher text

Answer 41

Input is processed s bits at a time. preceding ciphertext is used as input to the encryption to produce psuedorandom output which is xored with the plaintext to produce the next unit of ciphertext

Answer 42

Similar to CFB except that the input to the encryption algorithm is the preceding encryption output. Full blocks are used

Answer 43

- converts the block cipher into a stream cipher each block of plaintext is XORed with an encrypted counter. the counter is then incremented for each block

Answer 44

Should only be used to secure messages shorter than a single block of underlying cipher such as to encrypt a secret key -> vulnerabilities are created since it is the same key per block if and will return the same encoded phrase if it is present in both parts of the message

Answer 45

A psuedo-random number generator, but it is very poor for cryptography because it is extremely predictable if the attacker finds the parameters

Answer 46

Psuedo random number generation -> should use double DES or greater key space - if the master key is protected it is computationally infeasible to predict subsequent values

Answer 47

A publicly proven random number generator 1. Choose primes p and q where both are equivalent to 3 mod 4. 2. Compute n = p*q 3. choose s -> relatively prime to n 4. for each digit xi = x^2_(i-1)mod n and the return value bi = xi mod 2

Answer 48

1. physical delivery 2. trusted 3rd party physical delivery 3. use previously shared key to send next one 4. trusted online authority

Answer 49

Kerberos is a key distribution system If Alice wants to send a key to bob: 1. alice asks kerberos to gen key for Alice bob 2. Kerb sends alice key which she uses to encrypt 3. bob receives alice's key 4. Bob asks kerberos for key and uses it to decrypt

Answer 50

When a key is broken into shares, all of which are required for it to be used.

Answer 51

Introduction to public key cryptography: an alternate method of key distribution which proposes signing with a private key and verifying with a public one. -> all can encrypt for u but only you can decrypt -> all can verify your signature but only u can sign

Answer 52

1. key generation is computationally easy 2. decryption and encryption computationally easy 3. Infeasible to compute/derive private from public 4. infeasible to compute/derive message knowing public key and ciphertext

Answer 53

A function that has an inverse but calculating the inverse is computationally infeasible

Answer 54

Inverse is infeasible unless additional info is known (e.g. key)

Answer 55

first published algorithm for public key cryptography that could encrypt and decrypt Given a message m, where m is an integer: - c= m^2 mod n - c^d mod n = (m^e)^d mod n = m^{ed} mod n where m = pt, c = ct, e = public key and d = private key

Answer 56

It is based upon how difficult it is to factor n -> with n being the multiplication of two primes

Answer 57

Using a small base with exponent for the public key and using chinese remainder theorem for the private key -> using miller rabin to find probabilistic p and q primes

Answer 58

A process to ensure that plaintexts are randomized before encryption to prevent chosen ciphertext attacks: 1. message is padded with bits to meet desired length 2. Random seed r is generated 3. two has-based masks, on masking the message and the other the seed

Answer 59

1. Brute force -> large key negates 2. mathematical attack to find d by factoring n into p and q but factoring that has not been discovered yet 3. Timing attack, time the computational time to find 1's in d 4. Chosen ciphertext attack

Answer 60

Advantages 1. random seed r ensures unique ciphertext even for same plaintext 2. prevents chosen ciphertext Limitations 1. computationally intensive 2. relies on integer factorization hardness

Answer 61

A method of encryption that provides the same level of security as RSA with considerably shorter operands - based on generalized discreate logarithm problem

Answer 62

A set of points satisfying a specific equation: y^2 = x^3 + ax + b - Points on the curve form an abelian group under addition - if P and Q are on the curve so too is R= P+Q

Answer 63

Given P and Q = kp finding k is computationally infeasible for larger curves and k is the randomly chosen scalar k

Answer 64

1. Announcement - tell all public key 2. Directory - publish on a repo 3. Online Authority - another party controls distribution 4. Certificates - data structure containing an identifier of a user and that users public key signed by an authority 5. Diffie-Hellman

Answer 65

Tell all public key problems -> intended receiver might not see message and malicious other might replace message and private key

Answer 66

A online party controls key distribution (e.g. kerberos) - issues with workload and you need to completely trust online auth

Answer 67

A data structure containing an identifier of a user (e.g. digital signature) and the users public key signed off on by an auth - both an issue and a strength is you only need 1 authorize private key to access all private keys

Answer 68

take a prime p and a primitive root g 1. Alice choose n_A and computes y_A = g^(n_a) mod p 2. Bob choose n_B and computes y_B = g^(n_b) mod p 3. alice computes k = (y_B?)^n_a mod p 4. Bob computes k = (y_A)^n_b mod p -> k is same

Answer 69

g is primitive root mod n if every number a coprime to n is congruent to a power of g mod n e.g. there is some integer k for which g^k == a (mod n) 3 is a primitive root of mod 7 because: 3^1 = 3 mod 7 3^2 = 2 mod 7 3^3 = 6 mod 7 3^4 = 4 mod 7 3^5 = 5 mod 7 3^6 = 1 mod 7 All possible values are covered meaning 3

Answer 70

set of hardware, software, policies and people needed to create, manage store and distribute digital certificates

Answer 71

1. End entity -> anything needing certification 2. Certification authority (ca) -> entity to create and manage certifications 3. Registration authority (ra) -> checks certifications 4. CRL (certificate relocation list) --> displays a list of valid certifications that shouldn't be trusted anymore 5. Repository -> place to save info

Answer 72

An algorithm to determine if a number is a probabilistic prime 1. Find integers k, q with k>0, q odd so that: n-1 = 2^k q 2. select random integers a, 1

Answer 73

registration initialization -> get cert of target certification key pair/certificate update revocation cross-certification private key backup

Answer 74

Encrypting based on attributes -> for system administration e.g. an IT guy getting a different encryption than the HR rep

Answer 75

When a message is sent already encrypted to a target which verifies the identity of the sender and sends it to the correct person - Data is never decrypted

Answer 76

Basically netflix, they broadcast a signal which everyone can see but only certain people with the correct key can decrypt

Answer 77

Sending a random item to someone else -> say you have 5 messages, you transmit all of them and Alice accepts 1 but bob doesnt know which she accepted

Answer 78

A function which accepts a message and produces a fixed size output smaller than the input - output called hash code/checksum/hash value

Answer 79

h = H(m) -> easy to compute for any h (output) its computationally infeasible to find m such that h(m) = h

Answer 80

a way of expressing the collision issue in hash functions. It asks what the minimum value of k is such that the probability of at least 2 people in a group having the same birthday -> gives we want to use at least 80 bits for a hash function

Answer 81

Input data is divided into n bit blocks and each block is processed iteratively to produce an n-bit hash

Answer 82

Introduces one-bit circular left shit before each block -> increases randomness but still weak

Answer 83

total possible messages: 2^b total possible hash values: 2^n Average has value corresponds to 2^(b-n) preimages

Answer 84

if h = H(x) -> x is the preimage a hash function maps multiple inputs to the same output

Answer 85

1. Practical properties - produces fixed length output regardless of input and same input always yields same output 2. Preimage resistant - one way 3. Second preimage resistance - given m it should be impossible to find another message that produces the same hash 4. Collision resistance - cant find 2 distinct messages with same hash 5. psuedorandomness - should appear random

Answer 86

The compression function compresses the larger input into a smaller output, hopefully without collision -> it is important that this function makes it computationally infeasible to find collisions because collisions allow cryptanalysis of the hash function structure and from that maybe message retrieval

Answer 87

Birthday attack -> looks for collisions Meet in the middle attack -> variant of birthday but the attacker forges a message with the same hash code

Answer 88

To prevent masquerade or modding of message - prevent source or destination repudiation 2 Techniques: - MAC - Digital Signature

Answer 89

uses a secret key to generate a small, fixed-size block of data that is appended to the message - messages plus MAC are transmitted to the intended recipient -the recipient then computes a new mac on the message using a secret key and compares the two - IFF MACs are same there was no tampering, it came from Alice

Answer 90

msg = N, MAC = n, key = k N>n and N>k -if k>n attacker might need to do several rounds in order to find the correct key if k = an -> an attacker needs a pairs e.g. 80 bit key 32 bit MAC 1rst pair 2^48, second 2^16, 3rd 1 if k

Answer 91

DES based MAC in CBC mode with an initialization of zero - it is widely used but ends up encrypting entire message twice if confidentiality is required MAC based on hash function - HMAC (e.g. all the SHA algorithms)

Answer 92

HMAC(k,m) = H[key⊕opad || H [(k⊕ipad|m]] where opad = outerpad, ipad = innerpad if b is the size of block in hash, then k is padded with 0's so the result is b bits length

Answer 93

Similar to MAC's but it prevents repudiation due to its assymetry 1. Arbitrated -> every signed message goes through an arbiter who checks the origin and content which lowers repudiation risk -> must trust arbiter and can have bottleneck 2. Direct -> send right to receiver but increases risks unless timestamps are implemented

Answer 94

public key = (e, n), private key = d instead of e = m^e mod n Alice computes s = m^d mod n -> sign Bob receives this and tests if s^e mod n = m

Answer 95

No message attack - Eve obtains D's public key and sends a random message impersonating someone Forging a signature on arbitrary message - Eve chooses random m and sets m_2 = m/m_1 mod n_d then eve gets D to sign m1 and m2 to obtain s1 s2

Answer 96

A us government standard published by NIST in 1991 with revisions in 2000 -> it is DSA standards using SHA-1 to hash - security is based entirely on computing discrete log

Answer 97

Sam provides a signing service Alice wants message signed but wants it secret -> alice chooses random # r and computes m' = mr^e mod n which completely hides m ->Sam then blind signs m'

Answer 98

A signature that for a given message and signature it is possible to modify the signature to be valid based on a related signature without using the private signing key

Answer 99

It establishes the identity of A that generates the message and maintains integrity using time stamp

Answer 100

In addition to the properties of one way it establishes the identity of the receiver and provides mutual authentication

Answer 101

Same functionality as two-way but it doesn't require timestamps

Answer 102

Authenticates then adds MAC, or MAC then encrypt

Answer 103

It can read data and do stuff online

Answer 104

Reads data and can modify it in transit

Answer 105

can insert into middle of convo and be passive or active

Answer 106

follow all protocol and learn things they aren't supposed to within the bounds

Answer 107

stops early in communication protocol if they think it gives them advantage

Answer 108

opposite of honest-but-curious they do anything to get an advantage

Answer 109

Super generalized and basically useless because you would rather use a specialized tool than one that does everything ok

Answer 110

1. math problems 2. complex mapping of I/O

Answer 111

Approach 1 -> very powerful but polynomially bounded - assume computational bounding Approach 2 -> assume no computational limitations

Answer 112

y^2 = x^3 +x + 1 || y^2 = x^3 +ax + b

Answer 113

R = 16 Key size = 56 Block size = 64

Answer 114

A quantum algorithm that can find prime factors of a number - Threatens Diffie-hellman and RSA

Answer 115

A Quantum algorithm that can brute force finding keys. It also allows inversions of functions

Answer 116

A quantum algorithm that solves the collision problem in O(n^{1/3})