Module 10 Flashcards
What is authenticated encryption?
In the decryption algorithm, we either output the message or an error message (if the message was tampered with).
two guarantees:
- semantic security (IND-CPA)
- ciphertext integrity
Describe the integrity security game
A ciphertext E guarantees INT-CTXT if for all PPT A:
the probability that the adversary manages to construct a forgery a fake cipher text that it hasn’t seen before the decrypted properly. And we’re going to say that a cipher is secure if that is negligible. If the probability that the adversary can trick the Challenger can construct forgery is negligible.
What are the options for combining MAC and encryption?
Option 1 (SSH): Encrypt and MAC Option 2 (SSL): MAC then encrypt Option 3 (IPSec): Encrypt then MAC
What are pros and cons of each option?
SSH: Encrypt AND MAC
-MAC does not guarantee confidentiality so it is possible for the tag to reveal one or more bits about the message; so the combination would no longer be semantically secure; even though ssh itself is not broken, it is problematic and shouldn’t be used
SSL: MAC then encrypt
-does not have the issue of SSH because the ciphertext hides the message; but there are some examples where even though the MAC and encryption are secure the combination is not; this method is also discouraged
IPSec: Encrypt then MAC
- always secure! if your encryption is secure and your MAC is secure then your output will also always be secure.
- WHY: Well, one reason that this is true is that after you encrypt the message, the cipher text is going to be semantically secure. Okay. Which means that signing the cipher text cannot possibly reveal any information about the message. Because if it did, then you could imagine an adversary that could use this signing algorithm as part of a statistical test to try to break the underlying crypto system. But we know that because the crypto system is semantically secure, there doesn’t exist such an adversary that doesn’t exist such a statistical test. And therefore signing cannot possibly extract information about the message from the cipher text. Because we’re working directly with the semantically secure object. So, anything we do on top of that cannot possibly extract information about the message.
describe the goal and threat model of the key exchange protocol.
goal: for alice and bob to agree on a shared secret even though they’ve never had a prior interaction before
threat model:
- adversary can only eavesdrop on the communication
- no tampering with any messages
describe the goal and threat model of the key exchange protocol.
goal: for alice and bob to agree on a shared secret even though they’ve never had a prior interaction before
threat model:
- adversary can only eavesdrop on the communication
- no tampering with any messages
Describe the Diffie-Hellman Key exchanage
both compute the same thing with different components
Why is Diffie-Hellman Key exchange secure?
true/false: DHKE protocol can be non-interactive
true.
the way alice and bob compute the key are independent of A and B
What is the drawback of Diffie-Hellman?
It is not secure against active attacks.
The attacker can replace sent messages with a message of her choosing.
Attacker can intercept read, reencrypt and send to bob.
Describe the public key encryption scheme?
What’s a key difference between the public key encryption scheme described here and the DHKE?
it’s very interactive. the messages depend on each other.
what is a trapdoor function?
Why is this a BAD way to use trapdoor functions?
Not semantically secure because the decryption function is deterministic. The adversary has access to pk and in the IND-CPA game the adversary picks the messages and then can figure out decryption
What do we need to build a public key cryptosystem?