P2L6 Symmetric Encryption

Question 1

‘confusion’ block cipher primitive

Answer 1

encryption operation where relationship between key and ciphertext obscured, achieved with substitution

Question 2

‘diffusion’ block cipher primitive

Answer 2

encryption operation where influence of one plaintext bit is spread over many ciphertext bits with goal of hiding statistical properties of the plaintext, achieved with permutations

Question 3

what are block cipher ‘rounds’

Answer 3

cycle in which cipher combines substitution and permutation

Question 4

decryption process for DES

Answer 4

use encryption subkeys in reverse order

Question 5

each round of DES takes what as input?

Answer 5

ciphertext of previous round. The input is divided in left and right halves.

Question 6

each round of DES outputs what?

Answer 6

Output left half is right half of the input. Right half of output is result of XOR-ing left half of input with and output of the mangler function

Question 7

how long is key in DES?

Answer 7

64 bits (but actual value of key is 56 bits because each byte of data contains a ‘parity’ bit)

Question 8

what is different in each round of DES?

Answer 8

the per round key

Question 9

What is the input at round one of decryption process? Why?

Answer 9

Input is R then L because of swap performed at last stage of encryption process.

Question 10

Steps of mangler function in DES

Answer 10

1. Takes right half of input
2. expands 32 bits of data into 48 bits
3. XORs this data with the per round key
4. 48 bit value subtituted into 32 bit value (via s box)
5. permutation is applied to the result

Question 11

Sbox quiz

Answer 11

Question 12

S-box

Answer 12

Substitutes 6 bit value into 4 bit value using a predefined table. (there are 8 tables in DES). Outer 2 bits used to index into table rows. Middle 4 bits index into columns of table. Value of table entry is output of the 4 bit value.

Question 14

security problem with DES

Answer 14

key space too small 2^56

sbox design criteria kept secret

Question 15

Triple DES

Answer 15

Running DES 3 times.

Advatage of being able to support multiple key lengths.

k1 != k2 != k3 means you have key length of 168

k1 == k2 && k2 != k3 means key length of 112

k1 == k2 == k3 means key length of 56

Ability to communicate with single DES by using single key

Question 16

AES key length

Answer 16

128, 192, or 256

Question 17

AES data processing blocks

Answer 17

128 bits

Question 18

Electronic Code Book (ECB)

Answer 18

Simplest way to encrypt large messages. Original mesage broken into fixed size blocks (last block padded) and each lock encrypted using same key.

Question 19

ECB problems

Answer 19

1. can be broken with cryptanalysis because two plaintext blocks can output the same cipher text blocks
2. message integrity: an attacker can rearrange the blocks or substitute a block. This is because cipertext blocks created independently of one another.

Question 20

Solution to ECB problems

Answer 20

cipher block chaining

Output of one cipher linked to the output of a previous cipher block

NOTE: initialization vector must be know to both recipient and sender

Question 21

CBC Residue

Answer 21

Last block of CBC chain, sent with plaintext to the receiver.

An attacker who wishes to compromise message integrity will not know key and therefore resend with original CBC residue after altering message. The recipient will compute a different CBC residue, however, and will know that there was loss of integrity.

Question 22

CBC confidentiality AND integrity solution

Answer 22

Use two keys. One for encryption, and the other for producing the CBC residue

OR

hash message, append it to the message, and then encrypt the whole entity