Lecture 1 & 2 Flashcards
What does Encryption achieve?
Makes data incomprehensible to preserve its confidentiality
What is a cipher?
The algorithm used by encryption when encrypting data
What is meant by Pre-Image resistance in Cryptographic Hash Functions?
If given the output of a hashfunction, is should be very hard to find the input of the hashfunction. Given a hash h, it should be hard to find m such that
h = H(m)
what is a adversary model?
Is a generalization of any attack(er) with specific capabilities and computational power
what is a threat model?
What adversaries and properties to care about
What does the Kerckhoff’s Principle state?
“A cryptosystem should be secure even if everything is known about the system / scheme except for the key.”
What is something if it is computationally secure?
To attempt to solve by bruteforcing is impossible
What is meant by Second Pre-Image resistance in Cryptographic Hash Functions?
If a input message is given, and creates a hash, it should be very hard to find another input message that gives the same hash. Given input m1, it should be hard to find a distinct m2 such
that H(m1) = H(m2), they yield the same output
What is cryptology?
The study of how to hide messages or how to secure communication against adversaries
Cryptology can be defined in two parts. What are these parts, and what do they imply?
Cryptography – How to construct cryptographic systems
Cryptanalysis – How to break cryptographic systems
What is meant by Collision resistance in Cryptographic Hash Functions?
It should be hard to find any two distinct m1 and m2 such
that H(m1) = H(m2). Attacker is not given a message m1 or m2.
There are two types of security, what are these types and what do they imply?
Unconditional – Information-theoretically secure (impossible to break – impractical)
Computational – Broken with enough computation, but not within “reasonable” time
Symmetric encryption keys are between what size (in bits)? For example, between 1-2.
128 - 256 bits
Describe Symmetric Encryption
Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic data. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process.
What is the avalanche effect?
Small change in input, large change in output in hash function
What does MAC need to produce a tag/MAC?
A secret key sk and a message m
What three parts are in an encryption scheme?
Plaintext – A message m you want to encrypt
Algorithms – An encryption algorithm “Enc” and decryption algorithm “Dec”
Key – A secret key sk
Describe Semantic Security and its key factors
An encryption scheme is semantically secure, if an adversary cannot guess with better probability than 1/2 whether the given ciphertext is an encryption of message m0 or m1
Encryption and decryption oracles definitions
Encryption Oracle: Send a message, get the ciphertext back
Decryption Oracle: Send a ciphertext, get the message back
How can MAC be used to provide authenticity and integrity?
By using the secret key along with the tag (MAC). The receiver who knows the secret key can then see the message.
What are the two types of algorithms for randomization?
Deterministic: The same input always produces same output
Probabilistic: The same input produces different output
What does HMAC improve over regular MAC?
It introduces keyed-Hashing
Randomization of algorithms can be…. what?
Implicit: Probabilistic algorithm
Explicit: Deterministic algorithm
What is a nonce?
A WEE PEEEEDO
What do you do if the secret key is too short or too long in the HMAC?
Too short: Pad it with zeroes
Too long: hash it?
What is a nonce? For real this time you know waddaimsaying
A number used once (distinct), ensures non-similar encryption output, can be of any length
Why is password hashing often not enough? What’s a solution to improve the security?
Hash algorithms are too fast, making it easy to brute force all hashes.
Solution: Salting the passwords
What is Initial Value?
Initial value (IV)^3 has to be distinct and unpredictable (for the adversary), is a random and unique value mixed with the encryption to prevent patterns from emerging
What does salting a password do?
It adds a random value when calculating the password hash. So there’s now both the hash and the salt connected to the users password and username.
What does password salting force the attacker to do which they didn’t have to do earlier?
Target a specific person, they cannot attack all persons at the same time. They need to try a salt value on all the hash-values.
What is IND-CPA and IND-CCA?
IND-CPA (Indistinguishability under Chosen-Plaintext Attack):
Focus: Security property for encryption schemes.
Scenario: Adversary can choose plaintexts and receive corresponding ciphertexts.
Goal: Adversary cannot reliably distinguish ciphertexts of different chosen plaintexts.
IND-CCA (Indistinguishability under Chosen-Ciphertext Attack):
Focus: Stronger security property for encryption schemes.
Scenario: Adversary can obtain decryption of chosen ciphertexts, excluding a target ciphertext chosen after encryption.
Goal: Adversary, even with access to encryption and decryption oracles, cannot reliably distinguish the encryption of the target ciphertext from a random string.
