Computer Security Lecture 2: Symmetric Cryptography

Questions and Answers

What does entropy represent in the context of a message class, and how is it measured?

Entropy represents the average amount of information expected from a message class and is measured in bits.

Explain the key characteristics of a one-time pad in cryptography.

A one-time pad requires a key that is the same length as the plaintext and can never be reused.

Describe the primary difference between stream ciphers and block ciphers.

Stream ciphers encrypt data one symbol at a time, while block ciphers operate on fixed-size blocks of plaintext.

What is the relationship between the key length and plaintext size in modern cryptographic schemes?

In modern cryptography, the key length is independent of the plaintext size and can be reused.

What are the requirements for a key to be secure in cryptographic schemes?

A secure key must have a high entropy value, often 128, 192, or 256 bits.

What is the significance of the nonce in Counter (CTR) mode encryption?

The nonce ensures that the same plaintext will encrypt to different ciphertexts on different occasions, preventing replay attacks.

How does a change in plaintext affect ciphertext in ECB mode?

A change in plaintext affects only the corresponding block of ciphertext, with no impact on other blocks.

In CTR mode, describe the process for generating the counter value for encryption.

The counter value is generated by starting with the nonce and incrementing it for each subsequent block, where ni = ni-1 + 1.

What happens in CBC mode when one bit of the plaintext is altered?

Altering one bit of plaintext results in changes to that block and all subsequent blocks of ciphertext, due to the chaining effect.

Explain how decryption in CTR mode mirrors the encryption process.

Decryption in CTR mode uses the same nonce and counter values as encryption, applying the same operation: Pi = ENC(Key, ni) ⊕ Ci.

What does the output P represent in the context of the encryption process?

Output P represents the decrypted plaintext after the secure decryption of the ciphertext.

Why might Bob reject the modified ciphertext C2' in the communication with Mallory?

Bob rejects C2' because the MAC(k'AB,C') will not match with the MAC(k'AB,C), indicating data integrity issues.

What are the key weaknesses of DES that make it insecure for real-world applications?

The key weaknesses of DES include its relatively small key size of 56 bits and a block size of 64 bits, making it vulnerable to brute force attacks.

In the scenario discussed, what adjustment is made to the second cipher block C2?

The second cipher block C2 is altered by using the operation C2' = C2 ⊕ ': £10.00' ⊕ ': £10000'.

What does the process of DEC(K1, S, C') indicate in the encryption workflow?

DEC(K1, S, C') indicates that the ciphertext C' is decrypted using the key K1 to retrieve the original session data S.

What transformation occurs to the plaintext during CBC encryption?

The plaintext is transformed by XORing with the previous ciphertext block or Initialization Vector (IV) before encryption.

How does one bit change in ciphertext affect decryption in CBC?

One bit change in ciphertext will cause a change in the corresponding plaintext block and all subsequent blocks.

In CBC mode, how is the first block of plaintext decrypted?

The first block of plaintext is decrypted by XORing the decrypted first ciphertext block with the Initialization Vector (IV).

What is the main purpose of the Initialization Vector (IV) in CBC encryption?

The IV ensures that identical plaintext blocks produce different ciphertexts, increasing security.

Discuss what happens to data integrity if an unauthorized modification is made in CBC.

Unauthorized modifications disrupt the decryption process, leading to errors in plaintext, which can be detected.

Explain the error propagation effect in CBC decryption.

An error in one ciphertext block during decryption affects the corresponding plaintext and the subsequent plaintext blocks.

What role does data confidentiality play in CBC mode encryption?

Data confidentiality ensures that only authorized entities can access the encrypted data using the shared key.

How does ciphertext maintain secrecy in CBC mode?

Ciphertext maintains secrecy through the encryption of plaintext blocks combined with the previous ciphertext block.

What impacts does chaining have in CBC encryption?

Chaining makes each ciphertext block dependent on all previous blocks, which increases overall security.

Why is it crucial to address unauthorized modifications in CBC encrypted messages?

Addressing unauthorized modifications is crucial to maintain data integrity, ensuring that the received data has not been tampered with.

What is symmetric cryptography commonly referred to as?

Secret key cryptography.

If the encryption key equals the decryption key, what type of encryption is being used?

Symmetric encryption.

What is the primary function of a digital signature?

To authenticate a message and provide integrity.

What are the two keys involved in the digital signature process?

Signing key (KS) and verification key (KV).

What does MAC stand for in the context of cryptography?

Message Authentication Code.

Who is credited with the concept of information entropy in cryptography?

Claude Shannon.

What happens during the error propagation in cryptographic modes of operation?

Errors in ciphertext affect subsequent plaintext blocks.

In asymmetric cryptography, what is the relationship between the public and private keys?

They are related but distinct; one is kept secret while the other is public.

What does authenticated encryption provide in the context of message security?

Confidentiality and integrity of the message.

What is the significance of padding in block ciphers?

To accommodate plaintext that does not align with block size requirements.

What is the primary purpose of a MAC function constructed using CBC?

The MAC function constructed using CBC ensures data integrity and authenticity by producing a message authentication code based on the encrypted data.

Explain the optional processing step in CBC-MAC and its significance.

Optional processing in CBC-MAC involves decrypting with a second secret key k' and then re-encrypting with the first key k to enhance security against potential cryptanalysis.

Define authenticated encryption as per ISO/IEC 19772.

Authenticated encryption is a reversible transformation of data that produces ciphertext which cannot be altered by unauthorized entities without detection, ensuring confidentiality, integrity, and origin authentication.

Describe the Encrypt-then-MAC approach.

The Encrypt-then-MAC approach first encrypts the plaintext to produce ciphertext, followed by generating a MAC from the ciphertext and a starting value, which is then concatenated to the ciphertext.

What roles do K1 and K2 play in the Encrypt-then-MAC scheme?

K1 is used for the encryption of the plaintext, while K2 is utilized to create the MAC from the ciphertext and starting value.

How is the ciphertext and tag structured in the output of the Encrypt-then-MAC process?

The output is structured as C = C' || T, where C' is the ciphertext and T is the tag generated by the MAC operation.

What does the decryption process in Encrypt-then-MAC entail?

During decryption, the ciphertext is divided to retrieve C' and T, and then T' is computed using MAC; the operation halts if T does not equal T'.

What is the significance of using a starting value S in the Encrypt-then-MAC process?

The starting value S acts as an initialization vector, adding randomness to the encryption process and helping prevent vulnerabilities to certain attack patterns.

Flashcards

Symmetric Cryptography

A cryptographic technique in which the same key is used for both encryption and decryption.

Encryption

A method of encoding data to make it unreadable without the appropriate key.

Message Authentication Code (MAC)

A digital signature algorithm that uses the same key for generating and verifying the signature.

Padding

A process of adding extra data to a block of plaintext to make it the right size for encryption.

Block Cipher Modes of Operation

A type of encryption that uses a single block cipher algorithm to encrypt multiple blocks of data.

Information Entropy

A measure of randomness or uncertainty in a message, influencing the strength of cryptographic algorithms.

Error Propagation

The ability of errors in encryption to propagate through multiple blocks, potentially affecting the decryption of subsequent blocks.

Authenticated Encryption

A method of protecting both the confidentiality and integrity of data during transmission.

Asymmetric Cryptography

A cryptographic technique that uses two mathematically related keys: a public key for encryption and private key for decryption.

Asymmetric Signature

A digital signature algorithm that uses separate keys for signing and verifying the signature.

Entropy in a message class

The amount of information expected, on average, in a message from a particular class. It's measured in bits, representing the minimum number of bits required to encode the information.

One-time pad

A symmetric encryption scheme where a key of the same length as the plaintext is used. The key cannot be reused.

Stream cipher

A symmetric encryption system that combines individual plaintext symbols with corresponding keystream symbols using an invertible function. It encrypts one symbol at a time.

Block cipher

A symmetric encryption system where a block of plaintext is encrypted as a unit, producing a block of ciphertext of the same size. It uses a fixed-length key.

Block cipher encryption/decryption

The process of encoding plaintext into ciphertext using a key and the same key is used for decryption. Blocks of a specific size are operated on with a fixed-length key.

Concealing Plaintext Repetition in CBC

The repeated nature of the plaintext remains hidden in the ciphertext.

Dk (Decryption algorithm with key 'k')

The decryption algorithm using the key 'k'.

CBC Decryption

The process of transforming ciphertext back into plaintext using the key and the decryption algorithm.

Error Propagation in CBC

The impact an error in the plaintext has on the ciphertext, and vice versa.

Error Propagation in CBC Encryption

A change in a single bit of plaintext results in multiple blocks of ciphertext changing.

Error Propagation in CBC Decryption

A change in a single bit of ciphertext results in only one block of plaintext changing.

Data Confidentiality

The ability to ensure only authorized entities can access protected data.

Data Integrity/Authentication

The ability to ensure only authorized entities can create data and detect any unauthorized modifications.

Potential Security Issues in CBC-encrypted Communication

A scenario where an attacker could potentially modify a message in transit, potentially causing financial harm or fraud.

Combining Confidentiality and Integrity

Ensuring that only authorized entities can access sensitive data (confidentiality) and that the data remains unaltered (integrity).

Counter Mode (CTR)

A method of encryption where each plaintext block is XORed with the output of a counter that increments with each block. This ensures that each block is encrypted independently, making it resistant to error propagation.

Initialization Value (IV)

The initial value used for the counter in CTR mode. It's a nonce, meaning it's unique and not re-used for security reasons.

Keystream Generation

In CTR mode, the encryption of the counter value using the secret key to generate a keystream for XORing with the plaintext.

Ciphertext Modification Attack

An attack where an attacker modifies a ciphertext block without knowing the secret key, aiming to alter the decrypted message.

What is a MAC used for?

A MAC (Message Authentication Code) verifies the integrity of a message, ensuring it hasn't been tampered with during transmission. It uses a secret key shared by both sender and receiver.

Why is DES outdated?

DES (Data Encryption Standard) is a block cipher outdated for modern applications due to its small key size (56 bits) and block size (64 bits), making it vulnerable to attacks.

What is 3DES?

3DES, a more secure alternative to DES, uses a combination of three DES keys, providing a 168-bit key length. However, it's still considered a legacy encryption standard.

What are stream ciphers?

A cryptographic system that encrypts data one symbol at a time, producing a stream of keystream symbols that are combined with plaintext symbols.

CBC-MAC

A technique for transforming data using a block cipher and a secret key, outputting a fixed-length MAC for message authentication.

Encrypt-then-MAC

An authenticated encryption technique where data is first encrypted and then a MAC is generated based on the ciphertext. This order ensures the integrity of the encrypted data.

Starting Value (S)

A starting value used in encryption algorithms, similar to the initialization vector (IV), that helps generate unique ciphertexts for the same plaintext.

Encryption Operation (ENC)

A cryptographic operation that encrypts data using a specific algorithm and key, creating a ciphertext.

Decryption Operation (DEC)

A cryptographic operation that decrypts data using the corresponding algorithm and key, revealing the original plaintext.

MAC Operation

A cryptographic operation that generates a message authentication code (MAC) based on data, a secret key, and a specific algorithm, ensuring authenticity and integrity.

Study Notes

Computer Security Lecture 2

• Lecture topic: Symmetric Cryptography (I)
• Structure of lecture: Introduction, Block ciphers, padding, Modes of Operation, Error Propagation, Message Authentication Codes (MAC), Authenticated encryption
• Cryptographic primitives: Encryption, Digital signatures
• Encryption: plaintext → encryption → ciphertext → decryption → plaintext. Encryption key (KE), Decryption key (KD). C = E(KE, P), P = D(KD, C)
• Digital signatures: message → signing → signature → verification → 0/1 (reject/accept). Signing key (Ks), Verification key (Kv). σ = S(Ks, m), 0/1 = V(Kv, (σ, m))
• Symmetric vs. Asymmetric cryptography:
  • Symmetric: single key for different operations (secret key cryptography)
  • Asymmetric: pair of related but distinct keys (public key cryptography)
• Information Entropy:
  • Amount of information in a message from a class of messages, measured in bits.
  • Minimum bits needed to encode information. (e.g., yes/no = 1 bit)
  • Large entropy (e.g. 128, 192, 256 bits) required for secure cryptographic keys.
• One-time pad is a symmetric encryption scheme; key length same as plaintext length, cannot be reused. Modern cryptography: key length independent of plaintext size, keys can be reused.
• Stream ciphers: combines plaintext symbols with keystream symbols one at a time (invertible function). Block ciphers: operate on blocks of plaintext to yield a block of ciphertext.
• Block ciphers:
  • Encryption/decryption: takes a block of a certain size (block size), a key of a certain length (key length), returns another block of the same size.
  • Same key for encryption and decryption (symmetric).
• Stream ciphers:
  • Encryption/decryption: takes plaintext of arbitrary length, key of a certain length(key length), and returns ciphertext of arbitrary length.
  • Same key for encryption and decryption (symmetric).
• DES (Data Encryption Standard): 64-bit block size, 56-bit key length.
• AES (Advanced Encryption Standard): 128-bit block size, 128, 192, or 256 bit key lengths.
• DES challenge: finding a 56-bit key that encrypts a message is computationally difficult (2000 years).
• 3DES (Triple DES): triple encryption using different keys because DES has proven insecure.
• Padding: used to ensure block size is an exact number of blocks, required for block ciphers. Several padding schemes exist.
  • Zero padding, ANSI X.923, PKCS7, PKCS5.
• Modes of Operation: methods for encrypting a sequence of blocks (e.g., Electronic Codebook Mode (ECB), Cipher Block Chaining Mode (CBC), Counter mode (CTR))
• Error propagation: Effect of errors in ciphertext or plaintext:
  • ECB: error in one block affects only that block during decryption, but also during encryption.
  • CBC: error in one block propagates to subsequent blocks during decryption (but not in encryption),
• Message Authentication Codes (MACs): used to ensure message authenticity (and integrity)
• Authenticated encryption: combines confidentiality (encryption) and integrity (MAC).
• Encrypt-then-MAC: encryption followed by MAC applied on the ciphertext.

Description

This quiz covers key concepts from Lecture 2 on Symmetric Cryptography, focusing on encryption, digital signatures, and the differences between symmetric and asymmetric cryptography. It explores block ciphers, padding, modes of operation, and message authentication codes. Test your understanding of these foundational topics in cryptography.