Lecture 9-Digital Signatures Flashcards

1
Q

What main types of attacks is RSA and PK Encryption systems vulnerable to?

A

Man-in-the-middle!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to use RSA?

A

Used to encrypt symmetric key. But never use directly, add padding to key to make it 2048 bits so RSA can encrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is PKCS1?

A

The padding you can do to your symmetric key before RSA (but insecure)
Eve can do padding oracle attack and check 16msb to see if it’s garbage or not. Attack is called Bleichenbacher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Summary of Bleichenbacher attack?

A

Get the first bit by guessing. Then you shift left with math operations and have it reveal 2nd bit etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the defense for bleichenbacher?

A

If you get garbage value, act normal and generate a random R. Decrypt it and eventually the session will get dropped because the secret key won’t match R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a secure scheme for padding?

A

OAEP (optimal asymmetric encryption padding): secure if hashes H and G are random oracles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ElGamal Encryption

A

Once you fix a cyclic group G and a generator g, Alice creates her public key g^a and Bob creates g^b and secret key is g^ab, derive the symmetric key k, and encrypt/decrypt message with that key k

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the ElGamal performance like?

A

During encryption there are two exponentiations and during decryption there’s one. But Encryption is not slower because those two exponentiations can be precomputed, decryption cannot be precomputed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What makes ElGamal secure under CCA?

A

Given g, g^a, g^b you can’t compute g^ab

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a digital signature?

A

Sender digitally signs a document and it can be verified by Alice and can’t be forged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Digital Signature vs MAC?

A

MAC: only holder of a key can verify a signature, you can’t transfer it to someone else (they need the key), MAC cannot provide non-repudiation (signer can deny signing)
Digital signature is opposite + has non-repudiation bc signature can be verified using a public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does a digital signature work?

A

Bob hashes a message and signs it using private key. Alice decrypts it using Bob’s public key and has the og message and she hashes it. Both hashes should equal each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How is a digital signature secure?

A

If Eve can’t forge it (create a new valid signature, message pair)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do you do for messages of arbitrary length to sign them?

A

Hash and sign paradigm: hash the message first to make it into a fixed-sized digest before signing. As long as hash is collision resistant, it is secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some attacks related to direct RSA signature?

A

You can easily compute the e^th root of the signature of m if m is small. You can sign random messages by choosing an arbitrary signature and calculating: sig^emodN. You can also combine two signatures to obtain a third easily.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do you avoid direct RSA signature attacks?

A

Use RSA-FDH (Full domain hash)
You basically apply a cryptographic transformation to messages before signing (NOT hash and sign approach, simply hashing before using RSA scheme to make it more secure)

17
Q

How does RSA-FDH provide security?

A

You can’t sign specific messages because you can’t compute e^th root of a hash easily. You can’t sign random messages because how do you find an m such that H(m) = sig^e mod N? And you can’t combine two signatures to create a third because they are hashes

18
Q

DKIM

A

The way gmail signs signatures on outgoing mail to prove its them (verified by infrastructure not users)

19
Q

What is an identification scheme?

A

Building block for digital signatures. Allows the prover to convince the verifier that he or she created the public key that the verifier holds

20
Q

What security comes with identification scheme?

A

Eve cannot fool the verifier into accepting her impersonation