Module 20 - Cryptography ( EC Mode ) Flashcards
Which of the following objectives of cryptography defines the trustworthiness of data or resources in terms of preventing improper and unauthorized changes?
A. Integrity
B. Confidentiality
C. Nonrepudiation
D. Authentication
Answer: A. Integrity
Explanation:
Objectives of Cryptography
Confidentiality: Assurance that the information is accessible only to those authorized to access it.
Integrity: Trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
Nonrepudiation: Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Authentication: Assurance that the communication, document, or data is genuine.
Which of the following objectives of cryptography ensures that information is accessible only to those who are authorized to access it?
A. Integrity
B. Authentication
C. Confidentiality
D. Nonrepudiation
Answer: C. Confidentiality
Explanation:
Integrity: Trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
Authentication: Assurance that the communication, document, or data is genuine.
Confidentiality: Assurance that the information is accessible only to those authorized to access it.
Nonrepudiation: Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses__________________?
A. Different keys on both ends of the transport medium
B. The same key on each end of the transmission medium
C. Multiple keys for nonrepudiation of bulk data
D. Bulk encryption for data transmission over fiber
Answer: B. The same key on each end of the transmission medium
Explanation:
Symmetric cryptographic systems are those in which the sender and receiver of a message share a single common key that is used to encrypt and decrypt the message.
Which of the following describes a component of public key infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?
A. Key registry
B. Key escrow
C. Recovery agent
D. Directory
Answer: B. Key escrow
Explanation:
The correct answer is (d). Key escrow is a key exchange arrangement in which essential cryptographic keys are stored with a third party in escrow. The third party can use or allow others to use the encryption keys under certain predefined circumstances.
Which of the following tools helps users compress, encrypt, and convert plaintext data into ciphertext using symmetric and public-key algorithms?
A. HashMyFiles
B. Hash Driod
C. MD5 Calculator
D. BCTextEncoder
Answer: D. BCTextEncoder
Explanation:
BCTextEncoder: The BCTextEncoder utility simplifies the encoding and decoding of text data. It compresses, encrypts, and converts plaintext data into text format, which the user can then copy to the clipboard or save as a text file. It uses public key encryption methods as well as password-based encryption. Furthermore, it uses strong and approved symmetric and public-key algorithms for data encryption.
Hash Droid: The Hash Droid utility helps to calculate a hash from a given text or a file stored on the device. In this application, the available hash functions are Adler-32, CRC-32, Haval-128, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1, SHA-256, SHA-384, SHA-512, Tiger, and Whirlpool
MD5 Calculator: MD5 Calculator is a simple application that calculates the MD5 hash of a given file. It can be used with large files (e.g., several gigabytes in size). It features a progress counter and a text field from which the final MD5 hash can be easily copied to the clipboard. MD5 Calculator can be used to check the integrity of a file.
HashMyFiles: HashMyFiles is a utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in the system. It allows you to copy the MD5/SHA1 hash list to the clipboard or save it in a text/html/xml file. You can launch HashMyFiles from the context menu of Windows Explorer and display the MD5/SHA1 hashes of the selected files or folders.
In one of the following types of cipher, letters in plaintext are rearranged according to a regular system to produce ciphertext. Which is this type of cipher?
A. Transposition cipher
B. Stream cipher
C. Block cipher
D. Substitution cipher
Answer: A. Transposition cipher
Explanation:
Substitution cipher: The user replaces units of plaintext with ciphertext according to a regular system. The units may be single letters, pairs of letters, or combinations of them, and so on
Block cipher: Deterministic algorithms operating on a block (a group of bits) of fixed size with an unvarying transformation specified by a symmetric key. Most modern ciphers are block ciphers
Transposition cipher: Here, letters in the plaintext are rearranged according to a regular system to produce the ciphertext. For example, “CRYPTOGRAPHY” when encrypted becomes “AOYCRGPTYRHP.”
Stream cipher: Symmetric-key ciphers are plaintext digits combined with a key stream (pseudorandom cipher digit stream). Here, the user applies the key to each bit, one at a time. Examples include RC4, SEAL, etc.
Which of the following encryption algorithms is also called Magma and is a symmetric-key block cipher having a 32-round Feistel network working on 64-bit blocks with a key length of 256 bits?
A. Serpent
B. GOST
C. TEA
D. Camellia
Answer: B. GOST
Explanation:
Camellia: Camellia is a symmetric-key block cipher having either 18 rounds (for 128-bit keys) or 24 rounds (for 256-bit keys). It is a Feistel cipher with a block size of 128 bits and a key size of 128, 192, and 256 bits. Camellia uses four 8×8-bit S-boxes that perform affine transformations and logical operations. A logical transformation layer FL-function or its inverse is applied every six rounds
TEA: The tiny encryption algorithm (TEA) was created by David Wheeler and Roger Needham, and it was publicly presented for the first time in 1994. It is a simple algorithm, easy to implement in code. It is a Feistel cipher that uses 64 rounds
GOST Block Cipher: The GOST (Government Standard) block cipher, also called Magma, is a symmetric-key block cipher having a 32-round Feistel network working on 64-bit blocks with a 256-bit key length. It consists of an S-box that can be kept secret and it contains around 354 bits of secret information. GOST is a simple encryption algorithm, where the round function 32-bit subkey modulo 232 is added and put in the layer of S-boxes and the rotate left shift operation is used for shifting 11 bits, thereby providing the output of the round function.
Serpent: Serpent is a symmetric-key block cipher that was a finalist in the AES contest. This algorithm was designed by Ross Anderson, Eli Biham, and Lars Knudsen. It uses a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits. It can be integrated into software or hardware programs without any restrictions. Serpent involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit
Which of the following types of hardware encryption devices is a crypto-processor or chip present in the motherboard that can securely store encryption keys and perform many cryptographic operations?
A. TPM
B. HSM
C. Hard-drive encryption
D. USB encryption
Answer: A. TPM (Trusted Platform Module)
Explanation:
HSM: Hardware security module (HSM) is an additional external security device that is used in a system for crypto-processing and can be used for managing, generating, and securely storing cryptographic keys
TPM: Trusted platform module (TPM) is a crypto-processor or chip that is present on the motherboard that can securely store the encryption keys, and it can perform many cryptographic operations
USB Encryption: USB encryption is an additional feature for USB storage devices that offers onboard encryption services
Hard Drive Encryption: Hard drive encryption is a technology where the data stored in the hardware can be encrypted using a wide range of encryption options
Which of the following is an encryption technique where math operations are performed to encrypt plaintext, allowing users to secure and leave their data in an encrypted format even while the data are being processed or manipulated?
A. Hardware-based encryption
B. Quantum cryptography
C. Elliptic curve cryptography
D. Homomorphic encryption
Answer: D. Homomorphic encryption
Explanation:
Elliptic Curve Cryptography (ECC): ECC is a modern public-key cryptography developed to avoid larger cryptographic key usage. The asymmetric cryptosystem depends on number theory and mathematical elliptic curves (algebraic structure) to generate short, quick, and robust cryptographic keys. RSA is an incumbent public-key algorithm, but its key size is large. The speed of the encryption always depends on the key size: a smaller key length allows faster encryption. To minimize the key size, elliptic curve cryptography has been proposed as a replacement for the RSA algorithm
Quantum Cryptography: In quantum cryptography, the data are encrypted by a sequence of photons that have a spinning trait while traveling from one end to another end. These photons keep changing their shapes during their course through filters: vertical, horizontal, forward slash, and backslash. Here, vertical and backslash spins imply “ones,” while horizontal and forward slash spins imply “zeros.”
Homomorphic Encryption: Homomorphic encryption differs from conventional encryption mechanisms, where math operations are performed to encrypt the plaintext. Homographic encryption allows users to secure and leave their data in an encrypted format even while it is being processed or manipulated. In this technique, encryption and decryption are performed by the same key holder
Hardware-based Encryption: Hardware-based encryption is a technique that uses computer hardware for assisting or replacing the software when the data encryption process is being performed. Devices that offer encryption techniques can be considered as hardware-based encryption devices.
Which of the following symmetric-key block ciphers uses a 128-bit symmetric block cipher with key sizes of 128, 192, and 256 bits and can be easily integrated into software or hardware programs without any restrictions?
A. RC6
B. TEA
C. Serpent
D. Blowfish
Answer: C. Serpent
Explanation:
Serpent: Like Blowfish, Serpent is a symmetric-key block cipher that was a finalist in the AES contest. This algorithm was designed by Ross Anderson, Eli Biham, and Lars Knudsen. It uses a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits. It can be integrated into software or hardware programs without any restrictions.
TEA: The tiny encryption algorithm (TEA) was created by David Wheeler and Roger Needham, and it was publicly presented for the first time in 1994. It is a simple algorithm, easy to implement in code. It is a Feistel cipher that uses 64 rounds (note that this is a suggestion; it can be implemented with fewer or more rounds). The number of rounds should be even since they are implemented in pairs called cycles.
Blowfish: Blowfish is a type of symmetric block cipher algorithm designed to replace DES or IDEA algorithms. It uses the same secret key to encrypt and decrypt data. This algorithm splits the data into a block length of 64 bits and produces a key ranging from 32 bits to 448 bits.
RC6: RC6 is a symmetric-key block cipher derived from RC5. It is a parameterized algorithm with a variable block size, key size, and number of rounds.
Which of the following symmetric-key block ciphers has either 18 rounds for 128-bit keys or 24 rounds for 256-bit keys and uses four 8 × 8-bit S-boxes that perform affine transformations and logical operations?
A. Diffie–Hellman
B. Camellia
C. YAK
D. RSA
Answer: Camellia.
Explanation:
RSA: Ron Rivest, Adi Shamir, and Leonard Adleman formulated RSA, a public-key cryptosystem for Internet encryption and authentication. RSA uses modular arithmetic and elementary number theories to perform computations using two large prime numbers.
Diffie–Hellman: It is a cryptographic protocol that allows two parties to establish a shared key over an insecure channel.
Camellia: Camellia is a symmetric-key block cipher having either 18 rounds (for 128-bit keys) or 24 rounds (for 256-bit keys). It is a Feistel cipher with a block size of 128 bits and a key size of 128, 192, and 256 bits. Camellia uses four 8×8-bit S-boxes that perform affine transformations and logical operations.
YAK: It is a public-key-based Authenticated Key Exchange (AKE) protocol. The authentication of YAK is based on public key pairs, and it needs PKI to distribute authentic public keys.
Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertibly permutes?
A. SHA-3
B. SHA-2
C. MD6
D. MD5
Answer: SHA-3.
Explanation:
MD5 is a widely used cryptographic hash function that takes a message of arbitrary length as input and outputs a 128-bit (16-byte) fingerprint or message digest of the input. MD5 can be used in a wide variety of cryptographic applications and is useful for digital signature applications, file integrity checking, and storing passwords..
SHA-3: SHA-3 uses sponge construction in which message blocks are XORed into the initial bits of the state, which the algorithm then invertibly permutes. It supports the same hash lengths as SHA-2 but differs in its internal structure considerably from the rest of the SHA family.
MD6: It uses a Merkle-tree-like structure to allow for large-scale parallel computation of hashes for very long inputs. It is resistant to differential cryptanalysis attacks.
SHA-2: SHA2 is a family of two similar hash functions with different block sizes, namely SHA-256, which uses 32-bit words, and SHA-512, which uses 64-bit words. The truncated versions of each standard are SHA-224 and SHA-384.
Which of the following hardware encryption devices is an additional external security device used in a system for crypto-processing and can be used for managing, generating, and securely storing cryptographic keys?
A. Hard-drive encryption
B. TPM
C. HSM
D. USB encryption
Answer: HSM (Hardware Security Module).
Explanation:
Types of hardware encryption devices
USB Encryption: USB encryption is an additional feature for USB storage devices, which offers onboard encryption services. Encrypted USB devices need an on-device credential system or software- or hardware-based credentials from a computer. USB encryption provides protection against malware distribution over USB and helps in preventing data loss and data leakage. Some hardware USB-encrypted devices include Crypto USB, Kingston Ironkey D300S, and diskAshur Pro 500GB.
Hard Drive Encryption: Hard drive encryption is a technology whereby the data stored in the hardware can be encrypted using a wide range of encryption options. Hard drive encryption devices cannot use an on-device keyboard or fingerprint reader; instead, they need a TPM or an HSM. These devices can be installed as an internal drive on a computer. Some hard drive encryption devices include military-grade 256-bit AES Hardware Encryption and DiskCypher AES Sata Hard Drive Encryption.
TPM: Trusted Platform Module (TPM) is a crypto-processor or a chip that is present in the motherboard. It can securely store the encryption keys and perform many cryptographic operations. TPM offers various features such as authenticating platform integrity, providing full disk encryption capabilities, performing password storage, and providing software license protection.
HSM: A hardware security module (HSM) is an additional external security device that is used in a system for crypto-processing, and it can be used for managing, generating, and securely storing cryptographic keys. HSM offers enhanced encryption computation that is useful for symmetric keys longer than 256 bits. High-performance HSM devices are connected to the network using TCP/IP. Some HSM devices include SafeNet Luna Network HSM, nSheild, Cloud HSM, and Cryptosec Dekaton.
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
A. It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
B. Passwords stored using hashes are nonreversible, making finding the password much more difficult.
C. If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.
D. Hashing is faster when compared to more traditional encryption algorithms.
Answer: Passwords stored using hashes are nonreversible, making finding the password much more difficult.
Explanation:
A password hash is an encrypted sequence of characters obtained after applying certain algorithms and manipulations on a user provided password.
After gaining access to the password hashes used to protect access to a web-based application, the knowledge of which cryptographic algorithms would be useful to gain access to the application?
A. SHA1
B. Diffie–Helman
C. AES
D. RSA
Answer: SHA1.
Explanation:
The correct answer is (a)’ SHA-1 is a 160-bit hash function that resembles the former MD5 algorithm developed by Ron Rivest. It produces a 160-bit digest from a message with a maximum length of (264 − 1) bits. It was designed by the National Security Agency (NSA) to be part of the digital signature algorithm (DSA) and is most commonly used in security protocols such as PGP, TLS, SSH, and SSL. As of 2010, SHA-1 is no longer approved for cryptographic use because of cryptographic weaknesses.
Which cipher encrypts the plain text digit (bit or byte) one by one?
A. Classical cipher
B. Modern cipher
C. Block cipher
D. Stream cipher
Answer: Stream cipher.
Explanation:
Classical ciphers: Classical ciphers are the most basic type of ciphers, which operate on alphabets (A-Z). Implementation of these ciphers is generally either by hand or with simple mechanical devices.
Block ciphers: Block ciphers determine algorithms operating on a block (group of bits) of fixed size with an unvarying transformation specified by a symmetric key.
Modern ciphers: The user can calculate the Modern ciphers with the help of a one-way mathematical function that is capable of factoring large prime numbers.
Stream ciphers: Symmetric key ciphers are plaintext digits combined with a key stream (pseudorandom cipher digit stream). Here, the user applies the key to each bit, one at a time. Examples include RC4, SEAL, etc.
Which property ensures that a hash function will not produce the same hashed value for two different messages?
A. Entropy
B. Collision resistance
C. Bit length
D. Key strength
Answer: Collision resistance.
Explanation:
Collision resistance is a property of cryptographic hash functions. A hash function H is collision resistant if it is hard to find two inputs that hash to the same output, that is, two inputs a and b such that H(a) = H(b), and a≠b.
Every hash function with more inputs than outputs will necessarily have collisions. Consider a hash function such as SHA-256 that produces 256 bits of output from an arbitrarily large input. Since it must generate one of 2256 outputs for each member of a much larger set of inputs, the pigeonhole principle guarantees that some inputs will hash to the same output. Collision resistance does not mean that no collisions exist; they are just simply hard to find.
Which of the following is optimized for confidential communications, such as bidirectional voice and video?
A. MD5
B. MD4
C. RC5
D. RC4
Answer: RC4.
Explanation:
RC4 is a variable key-size symmetric-key stream cipher with byte-oriented operations and it depends on the use of a random permutation. According to some analyses, the period of the cipher is likely to be greater than 10,100. Each output byte uses 8–16 system operations, meaning the cipher has the ability to run fast when used in software. Products like RSA SecurPC use this algorithm for file encryption. RC4 enables safe communications such as traffic encryption (which secures websites) and for websites that use the SSL protocol.
What is the primary drawback of using Advanced Encryption Standard (AES) algorithm with a 256-bit key to share sensitive data?
A. To get messaging programs to function with this algorithm requires complex configurations.
B. It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.
C. It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.
D. Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.
Answer: B. It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.
Explanation:
Some of the other drawbacks of AES algorithm are as follows:
It uses a too simple algebraic structure.
Every block is always encrypted in the same way.
It is hard to implement with software.
AES in counter mode is complex to implement in software taking both performance and security into consideration.
When setting up a wireless network, an administrator enters a preshared key for security. Which of the following is true?
A. The key is an RSA key used to encrypt the wireless data.
B. The key entered is based on the Diffie–Hellman method.
C. The key entered is a symmetric key used to encrypt the wireless data.
D. The key entered is a hash that is used to prove the integrity of the wireless data.
Answer: The key entered is a symmetric key used to encrypt the wireless data.
Explanation:
Symmetric encryption requires that both the sender and the receiver of the message possess the same encryption key. The sender uses a key to encrypt the plaintext and sends the resultant ciphertext to the recipient, who uses the same key (used for encryption) to decrypt the ciphertext into plaintext. Symmetric encryption is also known as secret key cryptography as it uses only one secret key to encrypt and decrypt the data. This kind of cryptography works well when you are communicating with only a few people.
In a cipher mode of operation, the initialization vector (IV) stored in the shift register is sent as input to the encryption algorithm along with the secret key. From the result of encryption, the first S bits are selected to perform XOR with a plaintext block of size S to produce a cipher block. Identify this cipher mode of operation.
A. Counter mode
B. Cipher block chaining (CBC) mode
C. Cipher feedback (CFB) mode
D. Electronic code book (ECB) mode
Answer: Cipher feedback (CFB) mode.
Explanation:
Counter Mode: The counter mode is a block cipher mode of operation that uses a counter value in the encryption and decryption process. A counter value is initiated and sent as the input to the block cipher encryption algorithm with a secret key, and the result is subjected to the XOR operation with a block of plaintext. The output is the ciphertext block. This process is performed in a sequential manner to encrypt all the other plaintext blocks.
Electronic Code Book (ECB) Mode: The plaintext is divided into a fixed length of blocks, which is equal to the size of the secret key. In the first stage, the encryption starts by taking the first block of the plaintext, and the secret key is taken as input to the block cipher encryption algorithm; the output is the first block of ciphertext. The process is repeated for all the plaintext blocks.
Cipher Feedback (CFB) Mode: In the CFB mode, previously generated ciphertext is used as feedback for the encryption algorithm to encrypt the next plaintext block to ciphertext. First, the initialization vector (IV) is stored in a shift register and sent to the encryption algorithm, along with a secret key. From the result of that encryption, the first S bits are selected, and the XOR operation is performed with a plaintext block of size S. The resultant output is the ciphertext block. For the next encryption block, the previous cipher block is given as the input to the shift register; it shifts S bits to the left, and the process is continued till the end of the plaintext.
Cipher Block Chaining (CBC) Mode: First, the plaintext is divided into blocks of the same size. The first block is XOR with the initialization vector (IV), and the resultant is sent as input to the block cipher encryption algorithm, along with the secret key. The output is the first block of ciphertext. This cipher block is used to perform XOR with the next plaintext block; the chain process continues till the last block of plaintext.
In a mode of authenticated encryption, the plaintext is first encrypted using a secret key. Then, a hash value is generated for the obtained cipher text and is attached to the cipher text before transmission. Identify this mode of authenticated encryption.
A. Authenticated encryption with associated data (AEAD)
B. Encrypt-then-MAC (EtM)
C. Encrypt-and-MAC (E&M)
D. MAC-then-Encrypt (MtE)
Answer: B. Encrypt-then-MAC (EtM)
Explanation:
Encrypt-and-MAC (E&M): In the E&M approach, a MAC is first generated for the plaintext, following which the plaintext is encrypted using a secret key. Finally, both the ciphertext and MAC are combined and transmitted.
Encrypt-then-MAC (EtM): In this approach, the plaintext is first encrypted using a secret key. For the obtained ciphertext, a hash value called message authentication code (MAC) is generated. The MAC is attached to the ciphertext and transmitted.
Authenticated encryption with associated data (AEAD): This approach adds additional data to the ciphertext at certain places to thwart chosen ciphertext attacks. The message header is kept unencrypted so that the receiver can verify the source of the message, and the payload is encrypted to ensure confidentiality.
MAC-then-Encrypt (MtE): In the MtE approach, a MAC is first generated for the plaintext using the hash function, and the MAC is combined with the plaintext. The combination of the plaintext and MAC is encrypted with a secret key to produce ciphertext. The ciphertext contains the encrypted MAC.
Answer: B. Encrypt-then-MAC (EtM)
Explanation:
Encrypt-and-MAC (E&M): In the E&M approach, a MAC is first generated for the plaintext, following which the plaintext is encrypted using a secret key. Finally, both the ciphertext and MAC are combined and transmitted.
Encrypt-then-MAC (EtM): In this approach, the plaintext is first encrypted using a secret key. For the obtained ciphertext, a hash value called message authentication code (MAC) is generated. The MAC is attached to the ciphertext and transmitted.
Authenticated encryption with associated data (AEAD): This approach adds additional data to the ciphertext at certain places to thwart chosen ciphertext attacks. The message header is kept unencrypted so that the receiver can verify the source of the message, and the payload is encrypted to ensure confidentiality.
MAC-then-Encrypt (MtE): In the MtE approach, a MAC is first generated for the plaintext using the hash function, and the MAC is combined with the plaintext. The combination of the plaintext and MAC is encrypted with a secret key to produce ciphertext. The ciphertext contains the encrypted MAC.
In a mode of authenticated encryption, a hash code is first generated. Next, the plaintext is encrypted using a secret key. Finally, both the cipher text and hash value are combined and transmitted. Identify this mode of authenticated encryption.
A. Authenticated encryption with associated data (AEAD)
B. Encrypt-and-MAC (E&M)
C. MAC-then-Encrypt (MtE)
D. Encrypt-then-MAC (EtM)
Answer: B. Encrypt-and-MAC (E&M)
Explanation:
Encrypt-then-MAC (EtM): In this approach, the plaintext is first encrypted using a secret key. For the obtained ciphertext, a hash value called message authentication code (MAC) is generated. The MAC is attached to the ciphertext and transmitted.
MAC-then-Encrypt (MtE): In the MtE approach, a MAC is first generated for the plaintext using the hash function, and the MAC is combined with the plaintext. The combination of the plaintext and MAC is encrypted with a secret key to produce ciphertext. The ciphertext contains the encrypted MAC.
Authenticated encryption with associated data (AEAD): This approach adds additional data to the ciphertext at certain places to thwart chosen ciphertext attacks. The message header is kept unencrypted so that the receiver can verify the source of the message, and the payload is encrypted to ensure confidentiality.
Encrypt-and-MAC (E&M): In the E&M approach, a MAC is first generated for the plaintext, following which the plaintext is encrypted using a secret key. Finally, both the ciphertext and MAC are combined and transmitted.
Identify the type of blockchain in which a supervisor or central authority decides who can join and participate in the blockchain network.
A. Federated blockchain
B. Hybrid blockchain
C. Private ledger
D. Public blockchain
Answer: C. Private ledger
Explanation:
Federated blockchain or consortium blockchain: It is a partially decentralized blockchain in which a group of individuals or organizations, rather than a single entity as in private blockchains, create and manage separate blockchain networks. Control over the blockchain is provided to a group of predetermined or trusted nodes.
Hybrid blockchain: It is a combination of both private and public blockchain. In a hybrid blockchain, only a selected set of records or data from the blockchain can be publicly accessed; the remaining data are kept confidential in a private network. This type of blockchain enables organizations to select which data they wish to make public private.
Public ledger or public blockchain: This type of blockchain has no central authority or administration to manage the blocks or ledgers. It is a decentralized and permission-less network in which anyone can join, create, and share blocks. Once the data on the blockchain have been validated, it is secure from modifications or alterations.
Private ledger or private blockchain: In this type of blockchain, a supervisor or central authority decides who can join and participate in the blockchain network. In a private ledger, only the members involved in a transaction will have knowledge about the corresponding ledgers.
Which of the following is an example of a public ledger or public blockchain that has no central authority or administration to manage the blocks or ledgers?
A. Ripple (XRP)
B. Hyperledger
C. Ethereum
D. IBM Food Trust
Answer: Ethereum.
Explanation:
Ethereum: Some examples of public blockchains include Bitcoin and Ethereum.
Ripple (XRP) and Hyperledger: Some examples of private blockchains are Hyperledger and Ripple (XRP).
IBM Food Trust: One important example of a hybrid blockchain is the IBM Food Trust.
Which of the following cryptographic algorithms has been proposed as a replacement for the RSA algorithm to minimize the key size?
A. Quantum cryptography
B. ECC
C. HMAC
D. RIPEMD-160
Answer: ECC (Elliptic Curve Cryptography).
Explanation:
HMAC: Hash-based message authentication code (HMAC) is a type of message authentication code (MAC) that uses a cryptographic key along with a cryptographic hash function. It is widely used to verify the integrity of data and authentication of a message. This algorithm includes an embedded hash function such as SHA-1 or MD5. The strength of HMAC depends on the embedded hash function, key size, and size of the hash output.
Elliptic Curve Cryptography (ECC): ECC is a modern public-key cryptography developed to avoid larger cryptographic key usage. The asymmetric cryptosystem depends on number theory and mathematical elliptic curves (algebraic structure) to generate short, quick, and robust cryptographic keys. RSA is an incumbent public-key algorithm, but its key size is large. The speed of the encryption always depends on the key size: a smaller key length allows faster encryption. To minimize the key size, elliptic curve cryptography has been proposed as a replacement for the RSA algorithm.
RIPEMD-160: RACE Integrity Primitives Evaluation Message Digest (RIPEMD) is a 160-bit hash algorithm developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. There exist 128-, 256-, and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. These algorithms replace the original RIPEMD, which was found to have a collision issue. They do not follow any standard security policies or guidelines.
Quantum Cryptography: In quantum cryptography, the data are encrypted by a sequence of photons that have a spinning trait while traveling from one end to another end. These photons keep changing their shapes during their course through filters: vertical, horizontal, forward slash, and backslash.
Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?
A. RC4
B. MD5
C. MD4
D. SHA-1
Answer: SHA-1.
Explanation:
MD5 can be cracked by brute-force attack and suffers from extensive vulnerabilities. RC4 is ideal for software implementation. MD4 is used to verify data integrity through the creation of a 128-bit message digest from data input.
In a mode of authenticated encryption, a hash value is first generated for the plaintext. Then, both the plaintext and hash value are combined and encrypted with a secret key to produce cipher text. Identify this mode of authenticated encryption.
A. Encrypt-and-MAC (E&M)
B. Encrypt-then-MAC (EtM)
C. MAC-then-Encrypt (MtE)
D. Authenticated encryption with associated data (AEAD)
Answer: MAC-then-Encrypt (MtE)
Explanation:
Authenticated encryption with associated data (AEAD): This approach adds additional data to the ciphertext at certain places to thwart chosen ciphertext attacks. The message header is kept unencrypted so that the receiver can verify the source of the message, and the payload is encrypted to ensure confidentiality.
MAC-then-Encrypt (MtE): In the MtE approach, a MAC is first generated for the plaintext using the hash function, and the MAC is combined with the plaintext. The combination of the plaintext and MAC is encrypted with a secret key to produce ciphertext. The ciphertext contains the encrypted MAC.
Encrypt-and-MAC (E&M): In the E&M approach, a MAC is first generated for the plaintext, following which the plaintext is encrypted using a secret key. Finally, both the ciphertext and MAC are combined and transmitted.
Encrypt-then-MAC (EtM): In this approach, the plaintext is first encrypted using a secret key. For the obtained ciphertext, a hash value called message authentication code (MAC) is generated. The MAC is attached to the ciphertext and transmitted.
