Lecture 5 Flashcards

1
Q

What are some key qualities of nonce-based CBC?

A

nonce is unique, and you use two keys (one to encrypt the nonce to create a unique IV and one to do the rest of the encryption)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why do you need extra encryption of nonce with independent key for nonce based cbc?

A

To prevent CPA attack..predictable IV will leak plaintext information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When is CBC padding needed?

A

When the message doesn’t fit the multiple of the block cipher block length

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the problem with cbc padding?

A

You will need to pad an extra block after filling in the padding so that during decryption, message doesn’t get confused with padding (dummy block is major overhead)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Randomized CTR mode

A

Requires passing IV to the PRF when generating the pseudorandom pad for increased randomization (also no padding needed since no fixed block length)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Nonce CTR-mode

A

IV in this case is made up of nonce+counter. Tradeoff: constrained by how many counters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CTR vs CBC

A

CTR allows for parallel processing and doesn’t need padding and the error term is smaller so we have to change the key less often

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Recap: examples of many-time key

A

Randomized cbc and Randomized ctr mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

One-time key examples

A

stream ciphers and deterministic CTR-mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Message authentication code (MAC)

A

Has a signing and verification algorithm (create and verify the tag)
If you verify a tag with the same key you signed with, it should return true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How is MAC secure against CPA?

A

If Eve can’t produce a valid tag for a new message or a new tag for the same message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can MAC be used for protecting system files?

A

If system gets hacked, you can recompute tags to make sure files are not modified. To make sure file order hasn’t been swapped, you can include filename in the tags.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Examples of MAC stemming from prf vs MACs from compression functions

A

CBC-MAC, NMAC, PMAC VS HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What makes a MAC insecure?

A

If the tag is too short then Eve can guess it easily. Output of PRF needs to be large

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NMAC

A

a key + first block of message produces ciphertext and we feed that to the next step as a key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cascade NMAC

A

Insecure version of NMAC where extension attack can happen (you need to pad the last output and apply a diff key to for the finally tag encryption)

17
Q

Encrypted CBC Mac (ECBC)

A

XOR function chains

18
Q

NMAC vs ECBC MAC

A

NMAC is not used with AES or 3DES because key changes on EVERY block which means you have to recompute key expansion every time
ECBC-MAC commonly used as an AES-based MAC

19
Q

CMAC

A

uses a randomized padding function so you can avoid having to add a dummy block (XOR final step with k1 if you have padding and k2 if you don’t have padding)

20
Q

PMAC (parallel mac)

A

Parallel processing of message blocks to produce tag

21
Q

What are cryptographic hash functions?

A

One way functions with three properties: pre-image resistance (given h=H(x) it is difficult to determine x) , second pre-image resistance (given x can’t find y where H(x) = H(y)) , collision resistance (difficult to find two different messages x,y such that H(x) = H(y))

22
Q

MAC security for collision resistance

A

If small mac is secure, large mac will be secure

23
Q

What is the birthday paradox?

A

In a group of 23 people, 50% that two share a bday (OR if you sample a certain number of hashes, you’ll have a 50% chance of finding a collision)
(means that a generic algorithm to find a collision is O(2^n/2) and going through the algo twice can result in collision because of birthday paradox