Week 3 Part 1 Flashcards

1
Q

Compare between a stream cipher and a block cipher.

A

Stream ciphers encrypt bits/bytes but block ciphers encrypt block (128 bits). Stream ciphers have low diffusion (complexity between ciphertext and plaintext) but block ciphers have high diffusion. Stream ciphers only provide substitution but block ciphers provide substitution and transposition (change the position and order of the message) . The error propagation (changing one bit changes other bits) of stream ciphers is one symbol but block ciphers is 1 or more block. Stream ciphers are more efficient cus its easy to implement and less operations (just xoring)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the different multiple iterations of DES using multiple keys?

A
  • EEE3: Encrypt 3 times using 3 different keys Enck3(Enck2(Enck1 (m)))
  • EDE3: Encrypt, Decrypt, and Encrypt using 3 different keys. Enck3(Deck2(Enck1(m)))
    • decrypting with a different key so it doesnt give back the same message
  • EEE2: Encrypt 3 times using 2 different keys (1st and 3rd keys are the same) Enck1(Enck2(Enck1 (m)))
  • EDE3: Encrypt, Decrypt, and Encrypt using 2 different keys. Enck1(Deck2(Enck1(m)))
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many bits is the key of DES? 3DES with 2 keys? 3DES with 3 keys?

A

56-bits, 112 bits, 168 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why do we use 3DES instead of 2DES?

A

vulnerable to meet-in-the-middle attack:
- If attacker has a known plaintext/ciphertext pair (m, c), he/she proceeds as follows:
- Encrypt m with all possible keys and store the ciphertexts as a lookup-table
- Decrypt the ciphertext c with all possible keys
- A match between the above 2 sets reveals the right key pair
- if the key is n bits, the attack uses 2n+1 encryption/decryption steps compared to 2^2n if a native brute force is used
- If 2DES is used, the attack succeeds with only 257 steps!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What replaced 3DES? and why was it more secure?

A

AES
- Is a substitution- permutation network (not a feistel network)
- Substitution (S-box):Replace n-bits by another n-bits
- Provides Diffusion: One bit change in plaintext changes many bits in ciphertext
- Permutation (P-box): Bits are rearranged
- Provides Confusion: Make relationship between ciphertext and key complex

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

For a state array S, the key is arranged as 4 x k matrix, what is the key size when the array is 4 x 4, 4 x 6, and 4 x 8?

A
  • 4 x 4 is n=128, k=128
  • 4 x 6 is n=128, k=192
  • 4 x 8 is n=128, k=256
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In an AES-128 semantic cipher, what are the three steps of each round?

A
  1. SubByte: A non-linear substitution step where each byte is replaced with another according to the S-Box
  2. ShiftRows : A transposition step where each row of the state is shifted cyclically a certain number of times.
  3. MixColumns : A mixing operation which operates on the columns of the state, combining the bytes in each column. (provides diffusion) take each column and multiply by a constant matrix. reversible= just multiply by the inverse of the constant matrix
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the benefits of AES implementation?

A
  • Algorithms used in AES are simple and can be easily implemented using cheap processors and a minimum amount of memory
  • very efficient
    • one of the reasons why it was chosen
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How to encrypt a message that is larger than the block size of the block cipher?

A

divide the message into multiple blocks (padding the last block if necessary) and encrypt them using one of the Encryption Modes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some encryption modes?

A
  • Electronic Code Book (ECB)
  • Cipher Block Chaining(CBC) Mode
  • Counter (CTR) Mode
  • Output Feedback (OFB) Mode
  • Cipher Feedback Mode (CFB) Mode
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do different encryption modes work?

A
  • ECB is the simplest but least secure because it is deterministic (Similar plaintext blocks produce similar ciphertext blocks). Each block is encrypted separately using the block cipher.
  • CBC encrypts the XOR of the block with the ciphertext of the previous block, also uses IV for the first block.
  • CTR uses a counter plaintext is not fed into Enc (a stream cipher mode), IV and key are fed into encryption and then XORed with the message, produce the ciphertext. Advantages: can be parallelized, Blocks are encrypted independently of one another so can be encrypted in any order (ideal for random access data)
  • OFB ENC here is used as a stream cipher to generate a key stream, its like CTR but connects the blocks together
  • CFB Mode is similar to OFB but uses the cipher text as IV instead of the output of the encryption oracle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a block cipher what do we do if |m| is not a multiple of the block length?

A
  • Padding is needed so that |m| is a multiple of |block|
  • The added padding is removed after decryption
    • So that we can recover the original m
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Briefly explain PKCS#7 Padding

A
  • This is a standard padding scheme used to fill up the last block of data.
  • If |m| is not a multiple of |block|, append to the last block n bytes each containing the (integer) value n until |m| is a multiple of |block|
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

If we have a |block| = 64 bits (8 bytes), and we want to encrypt the message m = “ABC” what is the block to be encrypted (in hex)?

A

4142430505050505
A=41, B=42 C=43, we have 5 remaining bytes, so we put 050505

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do we do if the block size is 8 bytes and the message m is eight bytes long? m = “AAAAAAAA” also why?

A

If the message exactly fills the block, an entire new block of padding is added, where each byte is the block size in bytes.
Block to be encrypted (in hex) is

41414141414141410808080808080808, i.e. we added 8 bytes containing the value 08

because to differentiate it from a message ending that might coincidentally match a padding pattern.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Two messages m1and m2were encrypted using the AES cipher (with 128-bit key) in Output Feedback (OFB) mode. Both ciphertexts were produced using the same key and the same IV. Ciphertext c1is the encryption of m1whereas c2is the encryption of m2.The values (in hexadecimal) for c1,c2and m1are given below. What is the value (in hexadecimal) of the message m2? What is the sage code we can write to perform this?

c1=42887AA25BFCB1222A67A0CD49ACF670

c2=3EFD1FD33ACE8B0A4F349DF705818F1C

m1=4E4557434153544C4520495320414345

A

Because the OFB mode works like a stream cipher, m2 = m1 ⊕ c1 ⊕ c2. We can perform this either manually or with a sage code: m2=int(c1,16)^^int(c2,16)^^int(m1,16) This gives us an integer value that we can now convert to a hex m2hexstr = str (hex(m2))[2:] the [2:0] removes 0x. This gives us the hex value: 3230323220616E64207374696C6C3A29

17
Q

A message containing multiple blocks was encrypted with a block cipher in CBC mode. In transit (after the encryption was performed), the adversary altered the IV that was used in the encryption. How will this affect decryption of the ciphertext

A

Only the first block will not decrypt correctly because in order to decrypt the CBC mode, you need to XOR the IV with the output of the decryption algorithm of only the first block, the other blocks do not depend on the IV.

18
Q

In order to strengthen the security of a good block cipher E (whose key is 128 bits long), the designer has interleaved 2 rounds of encryption using the same cipher E. The obtained new cipher E* first encrypts m using a key k1using the cipher E to obtain a ciphertext c1, and then encrypts c1using a key k2and the cipher E to obtain the final ciphertext c for the message m.

What is the security level offered by the new cipher E?

A

According to the question, the encryption method described is 2DES.If the key isnbits, the attack uses2^n+1encryption/decryption

steps compared to2^2nif a naive brute force is used. So the answer is 128 +1 = 129-bits

19
Q

A block cipher is using a mode of encryption that requires padding. If the block size of the cipher is 32 bits (4 bytes), the padding used is PKCS #7 and the message (in hexadecimal) to be encrypted is41424344

What is the message (in hexadecimal) after padding?

A

4142434404040404
Since the original answer is 41424344 (4 bytes) in order to add a padding, we need to add padding that makes it 8 bytes. So we need 4 more. This results in us adding 04 x 4

20
Q

If it is highly likely that a large file you are going to encrypt has many repeating patterns, which of the following modes of encryption you should definitely avoid using? Counter Mode (CTR) mode, ECB Electronic Code Book, Cipher Block Chaining Mode (CBC) mode

A

ECB Electronic Code Book, because each block is encrypted separately which means that similar plaintext blocks produce similar ciphertext blocks. This means that the repeating patterns in the original file will be preserved in the encrypted data, which can be a significant security vulnerability