Computer Security Lecture 2: Symmetric Cryptography

Questions and Answers

What does entropy represent in the context of a message class, and how is it measured?

Entropy represents the average amount of information expected from a message class and is measured in bits.

Explain the key characteristics of a one-time pad in cryptography.

A one-time pad requires a key that is the same length as the plaintext and can never be reused.

Describe the primary difference between stream ciphers and block ciphers.

Stream ciphers encrypt data one symbol at a time, while block ciphers operate on fixed-size blocks of plaintext.

What is the relationship between the key length and plaintext size in modern cryptographic schemes?

In modern cryptography, the key length is independent of the plaintext size and can be reused.

What are the requirements for a key to be secure in cryptographic schemes?

A secure key must have a high entropy value, often 128, 192, or 256 bits.

What is the significance of the nonce in Counter (CTR) mode encryption?

The nonce ensures that the same plaintext will encrypt to different ciphertexts on different occasions, preventing replay attacks.

How does a change in plaintext affect ciphertext in ECB mode?

A change in plaintext affects only the corresponding block of ciphertext, with no impact on other blocks.

In CTR mode, describe the process for generating the counter value for encryption.

The counter value is generated by starting with the nonce and incrementing it for each subsequent block, where ni = ni-1 + 1.

What happens in CBC mode when one bit of the plaintext is altered?

Altering one bit of plaintext results in changes to that block and all subsequent blocks of ciphertext, due to the chaining effect.

Explain how decryption in CTR mode mirrors the encryption process.

Decryption in CTR mode uses the same nonce and counter values as encryption, applying the same operation: Pi = ENC(Key, ni) ⊕ Ci.

What does the output P represent in the context of the encryption process?

Output P represents the decrypted plaintext after the secure decryption of the ciphertext.

Why might Bob reject the modified ciphertext C2' in the communication with Mallory?

Bob rejects C2' because the MAC(k'AB,C') will not match with the MAC(k'AB,C), indicating data integrity issues.

What are the key weaknesses of DES that make it insecure for real-world applications?

The key weaknesses of DES include its relatively small key size of 56 bits and a block size of 64 bits, making it vulnerable to brute force attacks.

In the scenario discussed, what adjustment is made to the second cipher block C2?

The second cipher block C2 is altered by using the operation C2' = C2 ⊕ ': £10.00' ⊕ ': £10000'.

What does the process of DEC(K1, S, C') indicate in the encryption workflow?

DEC(K1, S, C') indicates that the ciphertext C' is decrypted using the key K1 to retrieve the original session data S.

What transformation occurs to the plaintext during CBC encryption?

The plaintext is transformed by XORing with the previous ciphertext block or Initialization Vector (IV) before encryption.

How does one bit change in ciphertext affect decryption in CBC?

One bit change in ciphertext will cause a change in the corresponding plaintext block and all subsequent blocks.

In CBC mode, how is the first block of plaintext decrypted?

The first block of plaintext is decrypted by XORing the decrypted first ciphertext block with the Initialization Vector (IV).

What is the main purpose of the Initialization Vector (IV) in CBC encryption?

The IV ensures that identical plaintext blocks produce different ciphertexts, increasing security.

Discuss what happens to data integrity if an unauthorized modification is made in CBC.

Unauthorized modifications disrupt the decryption process, leading to errors in plaintext, which can be detected.

Explain the error propagation effect in CBC decryption.

An error in one ciphertext block during decryption affects the corresponding plaintext and the subsequent plaintext blocks.

What role does data confidentiality play in CBC mode encryption?

Data confidentiality ensures that only authorized entities can access the encrypted data using the shared key.

How does ciphertext maintain secrecy in CBC mode?

Ciphertext maintains secrecy through the encryption of plaintext blocks combined with the previous ciphertext block.

What impacts does chaining have in CBC encryption?

Chaining makes each ciphertext block dependent on all previous blocks, which increases overall security.

Why is it crucial to address unauthorized modifications in CBC encrypted messages?

Addressing unauthorized modifications is crucial to maintain data integrity, ensuring that the received data has not been tampered with.

What is symmetric cryptography commonly referred to as?

Secret key cryptography.

If the encryption key equals the decryption key, what type of encryption is being used?

Symmetric encryption.

What is the primary function of a digital signature?

To authenticate a message and provide integrity.

What are the two keys involved in the digital signature process?

Signing key (KS) and verification key (KV).

What does MAC stand for in the context of cryptography?

Message Authentication Code.

Who is credited with the concept of information entropy in cryptography?

Claude Shannon.

What happens during the error propagation in cryptographic modes of operation?

Errors in ciphertext affect subsequent plaintext blocks.

In asymmetric cryptography, what is the relationship between the public and private keys?

They are related but distinct; one is kept secret while the other is public.

What does authenticated encryption provide in the context of message security?

Confidentiality and integrity of the message.

What is the significance of padding in block ciphers?

To accommodate plaintext that does not align with block size requirements.

What is the primary purpose of a MAC function constructed using CBC?

The MAC function constructed using CBC ensures data integrity and authenticity by producing a message authentication code based on the encrypted data.

Explain the optional processing step in CBC-MAC and its significance.

Optional processing in CBC-MAC involves decrypting with a second secret key k' and then re-encrypting with the first key k to enhance security against potential cryptanalysis.

Define authenticated encryption as per ISO/IEC 19772.

Authenticated encryption is a reversible transformation of data that produces ciphertext which cannot be altered by unauthorized entities without detection, ensuring confidentiality, integrity, and origin authentication.

Describe the Encrypt-then-MAC approach.

The Encrypt-then-MAC approach first encrypts the plaintext to produce ciphertext, followed by generating a MAC from the ciphertext and a starting value, which is then concatenated to the ciphertext.

What roles do K1 and K2 play in the Encrypt-then-MAC scheme?

K1 is used for the encryption of the plaintext, while K2 is utilized to create the MAC from the ciphertext and starting value.

How is the ciphertext and tag structured in the output of the Encrypt-then-MAC process?

The output is structured as C = C' || T, where C' is the ciphertext and T is the tag generated by the MAC operation.

What does the decryption process in Encrypt-then-MAC entail?

During decryption, the ciphertext is divided to retrieve C' and T, and then T' is computed using MAC; the operation halts if T does not equal T'.

What is the significance of using a starting value S in the Encrypt-then-MAC process?

The starting value S acts as an initialization vector, adding randomness to the encryption process and helping prevent vulnerabilities to certain attack patterns.

Study Notes

Computer Security Lecture 2

• Lecture topic: Symmetric Cryptography (I)
• Structure of lecture: Introduction, Block ciphers, padding, Modes of Operation, Error Propagation, Message Authentication Codes (MAC), Authenticated encryption
• Cryptographic primitives: Encryption, Digital signatures
• Encryption: plaintext → encryption → ciphertext → decryption → plaintext. Encryption key (KE), Decryption key (KD). C = E(KE, P), P = D(KD, C)
• Digital signatures: message → signing → signature → verification → 0/1 (reject/accept). Signing key (Ks), Verification key (Kv). σ = S(Ks, m), 0/1 = V(Kv, (σ, m))
• Symmetric vs. Asymmetric cryptography:
  • Symmetric: single key for different operations (secret key cryptography)
  • Asymmetric: pair of related but distinct keys (public key cryptography)
• Information Entropy:
  • Amount of information in a message from a class of messages, measured in bits.
  • Minimum bits needed to encode information. (e.g., yes/no = 1 bit)
  • Large entropy (e.g. 128, 192, 256 bits) required for secure cryptographic keys.
• One-time pad is a symmetric encryption scheme; key length same as plaintext length, cannot be reused. Modern cryptography: key length independent of plaintext size, keys can be reused.
• Stream ciphers: combines plaintext symbols with keystream symbols one at a time (invertible function). Block ciphers: operate on blocks of plaintext to yield a block of ciphertext.
• Block ciphers:
  • Encryption/decryption: takes a block of a certain size (block size), a key of a certain length (key length), returns another block of the same size.
  • Same key for encryption and decryption (symmetric).
• Stream ciphers:
  • Encryption/decryption: takes plaintext of arbitrary length, key of a certain length(key length), and returns ciphertext of arbitrary length.
  • Same key for encryption and decryption (symmetric).
• DES (Data Encryption Standard): 64-bit block size, 56-bit key length.
• AES (Advanced Encryption Standard): 128-bit block size, 128, 192, or 256 bit key lengths.
• DES challenge: finding a 56-bit key that encrypts a message is computationally difficult (2000 years).
• 3DES (Triple DES): triple encryption using different keys because DES has proven insecure.
• Padding: used to ensure block size is an exact number of blocks, required for block ciphers. Several padding schemes exist.
  • Zero padding, ANSI X.923, PKCS7, PKCS5.
• Modes of Operation: methods for encrypting a sequence of blocks (e.g., Electronic Codebook Mode (ECB), Cipher Block Chaining Mode (CBC), Counter mode (CTR))
• Error propagation: Effect of errors in ciphertext or plaintext:
  • ECB: error in one block affects only that block during decryption, but also during encryption.
  • CBC: error in one block propagates to subsequent blocks during decryption (but not in encryption),
• Message Authentication Codes (MACs): used to ensure message authenticity (and integrity)
• Authenticated encryption: combines confidentiality (encryption) and integrity (MAC).
• Encrypt-then-MAC: encryption followed by MAC applied on the ciphertext.

Description

This quiz covers key concepts from Lecture 2 on Symmetric Cryptography, focusing on encryption, digital signatures, and the differences between symmetric and asymmetric cryptography. It explores block ciphers, padding, modes of operation, and message authentication codes. Test your understanding of these foundational topics in cryptography.