Lecture 4

Question 1

What makes AES better than 3DES?

Answer 1

3DES is slower because you have to go through it 3 times and each time has 16 rounds. AES for 128 bit keys for example has 10 rounds

Question 2

For each round of AES, what consists of the round function?

Answer 2

It consists of randomness from bytesub (s-box on each byte), shiftRows(cyclic shift of each row), mixcolumns (linear transformation of each column)

Question 3

Why is AES faster?

Answer 3

It operates on bytes instead of bits

Question 4

AES vs DES

Answer 4

AES uses a substitution-permutation network and DES uses Feistel Network. DES is bit oriented, AES is byte oriented

Question 5

What is the point of modes of operation in block ciphers?

Answer 5

Because block ciphers only encrypt fixed-size blocks, you need modes of operation to encrypt more than one block

Question 6

ECB Mode

Answer 6

Each block is encoded by the same key, independent of each other. Con: if two blocks are the same, they get the same encryption because we are using the same key

Question 7

Recall: What is semantic security for one time key?

Answer 7

With one time key, adversary only sees one ciphertext, so if Eve can’t tell anything about which message was encrypted it is semantically secure

Question 8

Is ECB semantically secure?

Answer 8

Not if ECB is being used to encrypt more than one block (because they’d encrypt the same..so it leaks info to Eve that at least two blocks have the same plaintext)

Question 9

CTR mode

Answer 9

more secure: building a stream cipher out of the block cipher
XOR plaintext message with pseudorandom pad generated by AES or DES (fragments of message XOR f(k,0) or XOR f(k,1))

Question 10

Is CTR mode semantically secure?

Answer 10

If the function used to generate pseudorandom pad is prf then yes (semantically secure means Eve can’t tell the difference between something encrypted using OTP and something encrypted using deterministic ctr mode)

Question 11

What is semantic security for many time key?

Answer 11

Eve can’t do CPA attack (Eve sees multiple ciphertexts encrypted by same key but can’t decipher plaintext even after encrypting arbitrary messages of her choice)

Question 12

What are two ways to ensure that encryption using a many-time key doesn’t result in the same encryption for two of the same messages?

Answer 12

Solution 1: Randomized Encryption: encrypting the same message twice gives you different ciphertexts (ciphertext must be longer than plaintext so that you can include randomized bits)

Solution 2: Nonce-Based Encryption

Question 13

How secure is randomized encryption?

Answer 13

The encryption algorithm is semantically secure under CPA if every time you encrypt a message, its encrypted using a new uniform random OTP and the OTP is generated by secure PRF

Question 14

Nonce based encryption

Answer 14

(k,n) pair never used more than once (noteL both nonce based and randomized encryption are examples of ways to generate IV)

Question 15

CBC Mode

Answer 15

This is the best mode to use if you want to use same key more than once. Each previous cipher is chained with current plaintext block. Process starts with random IV

Question 16

Is CBC semantically secure under CPA attack?

Answer 16

Yes if the encryption algorithm is a secure PRP. Also IV MUST be random