Symmetric Encryption Flashcards
What technique is used to cause “Confusion”?
substitution
Is substitution sufficient encryption
No
Why is “Diffusion” important to encryption
It defeats cryptoanalysis to remove the frequency of common letters/words in a message
What technique is used to cause “Diffusion”
permutation
Are substitution and diffusion sufficient for encryption?
No. Need also rounds,.. need repeated rounds of substitution and diffusions
Why are multiple rounds used for block ciphers? and encryption in general?
Because only 1 round does not sufficiently substitute and permutate every single bit.
How long is the actual Key in DES?
56 bits
How is decryption in DES done?
Same steps of operations as in encryption except that per-round keys are used in reverse order
How to express DES round operations in an algebraic expressions? (hint: there are 2 expressions)
L(n+1) = Rn R(n+1) = Ln XOR Mangler(Rn,Kn)
What is the Feistel structure? (hint: it’s DES’s decryption structure)
The characteristic that the only difference between encryption and decryption is the key schedule
In a DES round, what performs the bulk of the processing?
Mangler function
What are the 2 shortcomings of DES
- key space is too small, only 2^56 different keys which can be overcome by brute force (main reason)
- S-box design criteria was a secret and not openly shared for improvement
How is triple DES different from DES
3 different sets of 56-bit keys could be used with 3 encryption/decryption rounds
Advantage w triple DES is that it supports multiple key lengths up to 168-bits (56*3)
Drawback is that triple DES is not efficient for running DES 3x
AES possible key lengths are:
128, 192, or 256 bits
What conceptual steps are in each of multiple rounds in AES?
- Substitute bytes (S-Box table)
- Shift rows (permutation)
- Mix columns (substitute bytes in colmn as fxn of bytes in colmn)
- XOR round-based key
Is AES reversible
Yes
To encode very large messages, ECB could be used.
What happens when the message doesn’t evenly fit into the plaintext blocks?
How do we keep from very making an entry for every possible plaintext block?
- the last block is padded to fill out the block size
- use an entry only for the text being ciphered
Same key is used for all plaintext blocks
What’s the shortcoming of ECB (Encryption Code Book)?
for the same plaintext block, we get the same ciphered block because the same key is used for all blocks
What would attackers do to exploit this weakness?
Attackers could substitute known cipher blocks to plaintext blocks to conduct cryptoanalysis
What’s the most common way to encrypt a large message?
CBC - Cipher Block Chaining
The ciphered block is used and XORed with encryption of the next block
How is a CBC encrypted message decrypted?
Going backwards from the last to 1st ciphered block, decrypt, and to decrypt the 1st ciphered block, the receiver must also have the Initialization vector (that is initially XORed w the first plaintext message)
List cipher algorithms that protect confidentiality
AES, DES, CBC, ECB
How can we use CBC to ensure message integrity
send the last block of plaintext with the last block of CBC, but not the best way.
Best way is to use 2 separate keys, 1 for encryption (confidentiality) and another 1 for generating residue for integrity OR
CBC the message concatenated with the hash of the message.