Cryptography and Encryption Course: CY 371

Questions and Answers

Which mathematical areas are considered foundational for the study of cryptography?

• Statistics and Probability
• Geometry and Topology
• Algebra and Number Theory (correct)
• Calculus and Trigonometry

What is the primary objective of a course focused on cryptography and encryption?

• To introduce students to basic programming concepts.
• To teach students how to design and implement secure communication systems. (correct)
• To provide a basic understanding of computer networks.
• To cover the fundamentals of project management.

Which of the following is a key element in securing communication?

• Making sure only unintended receivers can read the message.
• Allowing messages to be altered by accident during transmission.
• Ensuring that messages are easily alterable during transmission.
• Confirming the identity of both the sender and receiver. (correct)

What does cryptography primarily involve?

The mathematical scrambling of data, decipherable only with a key. (A)

What is cipher?

A method for encrypting messages. (D)

In symmetric encryption, what distinguishes the encryption and decryption keys?

They are the same. (A)

What is a crucial requirement for the secure application of symmetric encryption?

A secure channel for distributing the key. (C)

What is the key differentiator between block ciphers and stream ciphers?

Block ciphers encrypt data one block at a time, while stream ciphers encrypt data one bit or byte at a time. (C)

What primarily determines the strength of a symmetric encryption algorithm?

The size of the key. (B)

What is a key space?

The range of possible values that can be used for a particular key. (A)

If a 56-bit key can be cracked by a supercomputer in 24 hours, what can be inferred about cracking a 128-bit key?

It would take 2^72 times longer. (A)

What is the fundamental difference between symmetric and asymmetric cryptography?

Symmetric cryptography uses one key for encryption and decryption, whereas asymmetric cryptography uses different keys. (B)

What does it mean for an encryption scheme to be 'unconditionally secure'?

The ciphertext provides insufficient information to uniquely determine the corresponding plaintext, irrespective of computing resources. (A)

How does 'computational security' protect data?

By ensuring the time needed to break the cipher exceeds the age of the universe, given current computing resources. (A)

What is the goal of cryptanalysis?

To recover the key used to encrypt a message, not just decipher the message itself. (C)

Which of the following constitutes a general approach to cryptanalysis?

Using a brute-force attack or cryptanalytic attack. (A)

What is the implication if a cryptanalytic attack or brute-force attack succeeds?

All key uses are compromised. (B)

In a 'ciphertext only' attack, what information is available to the cryptanalyst?

The encryption algorithm and the ciphertext. (B)

What is the primary strategy behind a brute-force attack?

Trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. (A)

What is a common countermeasure against brute-force attacks?

Implementing CAPTCHA systems. (D)

Which of the following describes cryptanalysis techniques?

Tedious and difficult. (D)

What is the primary objective of attacking an encryption system, according to the principles of cryptanalysis?

To recover the key being used. (B)

What general principle should an encryption algorithm ideally meet to be considered secure?

The time required to break the cipher exceeds the useful lifetime of the information or the cost of breaking the cipher exceeds the value of the encrypted information (A)

In the context of cryptanalysis, what is the attacker trying to do during a brute-force attack?

Try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. (A)

What makes the Caesar cipher vulnerable to cryptanalysis?

It only has 26 possible ciphers. (B)

In substitution ciphers, specifically monoalphabetic ciphers, how are letters handled?

Each letter is substituted for by any other letter, with arbitrary pairings. (D)

Why is a brute-force approach impractical for cracking a monoalphabetic cipher?

The large number of possible key combinations makes it too time-consuming. (C)

In cryptanalysis, what does 'language redundancy' refer to?

The predictable patterns and frequencies of letters and words in a language. (C)

In English, which letter is by far the most common that may be used to decode a coded message?

E (B)

What is a polyalphabetic cipher?

An encryption method that uses multiple keys. (C)

What is the limitation of symmetric key encryptions that asymmetric encryptions overcomes?

A key needs to be delivered to the recipient of the coded message for it to be deciphered (A)

What is transposition?

An encryption method that rearranges the plain text. (A)

In encryption methods, what is columnar transportation?

An encryption method that rearranges the plain text in columns. (C)

Which characteristic is associated with good chippers?

Both B and C. (A)

What constitutes the properties of trustworthy systems?

All of the above. (D)

According to cryptography, what type of attacks can only weak algorithms withstand?

Attacks that only ciphertext can withstand. (B)

What is the goal of data encryption standard (DES)?

To scramble the data and key so that every bit text depends on a bit of data or key. (A)

How does the Data Encryption Standard function as a block Cipher Algorithm?

It encodes plain text in 64-bit chunks. (A)

What was the encryption algorithm standard approved by the US National Bureau of Standards for Commercial and nonclassified government use?

DES (A)

What is a vulnerability that doubles encryption algorithms may possess, such as double DES?

Reduction to a single stage (D)

What is the benefit of Triple-DES with three keys?

Triple-DES with Three-Keys to avoid even these (A)

What is the primary aim of an authentication process?

To validate the identity of a user or the integrity of data. (B)

How does providing a transformed password aid in authentication security?

Password transformed using one way function before transmission prevents eavesdropping but not replay. (A)

Flashcards

Cryptography

The art of science encompassing the principle and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form

Cipher

A method for encrypting messages

Symmetric Encryption algorithm

An algorithm where the same key is used for both encryption and decryption

Asymmetric Encryption algorithm

An algorithm where the different keys are used for encryption and decryption

Secrecy

A security requirement to ensure that only the intended receiver can understand the message.

Authentication

A security requirement where sender and receiver need to confirm each other's identities.

Message Integrity

A security requirement: ensure that communication has not been altered, either maliciously or by accident.

Plaintext

The original message.

Ciphertext

Coded message.

Cipher

Algorithm transforming plaintext to ciphertext.

Key

Info used in cipher, known only to sender/receiver.

Encipher (encrypt)

Converting plaintext to ciphertext

Decipher (decrypt)

Recovering ciphertext from plaintext

Cryptography

Study of encryption principles/methods

Cryptanalysis (codebreaking)

Study of principles/methods of deciphering ciphertext without knowing key

Cryptology

Field of both cryptography and cryptanalysis.

Cryptoanalysis Objective

Attempt to recover key, not just message

Brute-force attack

An attack that involves trying every possible key.

Unconditional security

No matter how much computer power or time is available, the cipher cannot be broken.

Computational security

Given limited computing resources, the cipher cannot be broken.

Encryption

Practice of hiding messages so that they can not be read by anyone other than the intended recipient

Authentication & Integrity

Ensuring that users of data/resources are the persons they claim to be and that a message has not been surreptitiously altered

Symmetric Algorithms

Algorithms in which the key for encryption and decryption are the same are Symmetric

Key Strength

The longer the key the more difficult it is to crack

Brute-force attack

A type of attack wherein The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

Cryptanalysis Techniques

is the process of breaking an encryption code

Weak Algorithms

algorithms fail to withstand a ciphertext-only attack.

half of all possible keys

achieve success on a number of possible keys

Caesar Cipher

rotation by three letters as shownEarliest known substitution cipher

Language Redundancy and Cryptanalysis

letters are not equally commonly used

Monoalphabetic Cipher

can be substituted for any other letter.

Vigenere Cipher

26 Caesar ciphers with shift of 0 through 25

Rail Fence

is written down as a sequence of diagonals

Data Encryption Standard (DES)

DES is to completely scramble the data and key so that every bit of cipher text depends on every bit of data and ever bit of key

reversed DES

DES run in reverse to decrypt

Session-Key Encryption

uses symmetric key is used for encrypting data, Asymmetric key is used for encrypting the symmetric key

Diffie-Hellman

first key agreement algorithm

Authentication

process of validating the identity of a user or the integrity of a piece of data.

Personal Tokens

hardware devices that generate unique strings that are usually used in conjunction with passwords for authentication

Cryptanalysis Basics

Practise of analyzing and breaking cryptography

Study Notes

Course Overview

• This cryptography and encryption course (CY 371) explores the fundamental concepts of cryptography and encryption.
• By the end of the course, students can design and implement secure communication systems.
• Dr. Eric Affum is the instructor.

Prerequisites

• A basis of information security is required.
• Some mathematical foundation in algebra and number theory is needed.

Evaluation Methods

• Assignments, projects and quizzes contribute 30 marks.
• Attendance contributes 10 marks.
• The final exam contributes 60 marks.
• Quizzes can be announced or unannounced.

Course Content

• Introduction to Cryptography and Encryption
• Symmetric Key Encryption
• Asymmetric Key Encryption
• Public Key Infrastructure (PKI)
• Hash Functions
• Digital Signatures
• Network Security and VPNs
• Cryptographic Protocols
• Cryptographic Attacks and Countermeasures
• Current Trends in Cryptography

Secure Communication Needs & Requirements

• Secure communication is needed for war time communication, business transactions, and illicit affairs.
• Secrecy ensures only the intended receiver understands the message.
• Authentication mandates both sender and receiver confirm each other's identity.
• Message integrity ensures communication remains unaltered during transmission, whether malicious or accidental.

Cryptography Basics

• Cryptography originates from the Greek term for "secret writing."
• It involves mathematically scrambling data, requiring a key to "unscramble" it.
• Secure transmission of private information over insecure channels (e.g., packet-switched networks) is enabled with cryptography.
• Secure storage of sensitive data on any computer is achieved through cryptography.
• The art of science transforms an intelligible message into an unintelligible, and then retransforms it back to its original form

Encryption: Cipher Method

• Cipher encrypts messages
• Encryption algorithms are standardized and published.
• A secret key serves as input for the algorithm.
• The key is a string of numbers or characters.
• Symmetric encryption uses the same key for encryption and decryption.
• Asymmetric encryption utilizes different keys for encryption and decryption.

Two Main Types of Encryption

• Symmetric/Private Key Cryptography: Employs one key.
• Asymmetric/Public Key Cryptography: Employs two keys.

Symmetric Cipher Model

• The Sender and Recipient Use the Same Key to Transmit Encrypted data.

Requirements for Secure Symmetric Encryption

• A strong encryption algorithm should be used.
• A secret key known only to the sender and receiver must be in place.
• Mathematically: Y = E(K, X) and X = D(K, Y)
• The encryption algorithm is assumed to be known.
• A secure channel is implied for key distribution.

Encryption: Symmetric Algorithms

• Symmetric algorithms use the same key for encryption and decryption.
• Example: Caesar Cipher

Types of Symmetric algorithms

• Block Ciphers encrypt data one block at a time, typically 64 or 128 bits and are used for a single message.
• Stream Ciphers encrypt data one bit or one byte at a time and are used if data is a constant stream of information.

Symmetric Encryption: Key Strength

• Algorithm strength depends on key size.
• The longer the key, the more difficult it is to crack.
• Typical key sizes range from 48 to 448 bits.
• Key length measures in bits.
• Key space refers to the set of possible keys for a cipher.
• A 40-bit key has 240 possible keys.
• A 128-bit key has 2128 possible keys.
• Each additional bit added on the key length doubles the security.
• Brute-force cracking involves trying all possible keys until the correct one is found.
• Supercomputers can crack a 56-bit key in 24 hours.
• Cracking a 128-bit key would take 272 times longer than cracking a 56-bit key, longer than the age of the universe.

Encryption Schemes: Security Types

• Unconditionally secure schemes can never be broken, regardless of computer power or time.
• Computationally secure schemes cannot be broken with limited computing resources.

Cryptography Components/Algorithms

• Encryption is the practice of hiding messages from unintended recipients.

Modes of encryption

• Block Mode: Plaintext is processed in blocks.
• Stream Mode: Plaintext is processed as a stream.

Types of symmetric encryption

• Types: Symmetric (K) like DES and AES.
• Asymmetric (SK., PK)E.g. RSA.

Cryptography Authentication and Integrity

• Authentication and integrity ensure users are who they claim.
• Authentication ensures that users of data/resources are the persons they claim to be and that a message has not been surreptitiously altered
• Integrity features a field length value appended to the plain text
• Integrity examples are MD5, SHA-512, HMAC, and digital signatures.

Basic Terminology in Cryptography

• Plaintext: Original message.
• Ciphertext: Coded message.
• Cipher: Algorithm to transform plaintext to ciphertext.
• Key: Information used in cipher, known only to sender/receiver.
• Encipher (encrypt): Converting plaintext to ciphertext.
• Decipher (decrypt): Recovering ciphertext from plaintext.
• Cryptography: Study of encryption principles/methods.
• Cryptanalysis (codebreaking): Study of principles/methods deciphering ciphertext without knowing key.
• Cryptology: Field of both cryptography and cryptanalysis.

Cryptoanalysis

• Objective to recover key not just message.
• General approaches: cryptanalytic attack, brute-force attack.
• If either succeeds, all key use is compromised.

Four Types of Cryptanalysis Attacks

• Ciphertext Only: The attacker only knows the encryption algorithm and ciphertext.
• Known Plaintext: The attacker knows the encryption algorithm, ciphertext, and one or more PT-CT pairs formed with secret key.
• Chosen Plaintext: The attacker knows the encryption algorithm, ciphertext and a PT message chosen by cryptanalyst, together with its CT generated with the secret key.
• Chosen Ciphertext: The attacker knows the encryption algorithm, ciphertext and a CT chosen by cryptanalyst, together with its corresponding decrypted PT generated with the secret key.
• Chosen Text features chosen Plaintext and Chosen Ciphertext

Brute Force Search

• The attacker Tries every possible key by Guising.
• Tries until intelligible translation of cyphertext into plaintext is obtain
• It is the Most basic attack, proportional to key size

Brute-Force Attack

• Some software tools that can perform brute-force attacks are Aircrack-ng, Cain and Abel, Crack, Dave Grohl, Hashcat, Hydra, John the Ripper, Rainbowcrack, and Ophcrack.

Blocking Brute-Force Attacks

• CAPTCHA, a "Completely Automated Public Turing test to tell Computers and Humans Apart" is useful for blocking Brute-Force Attacks

Common cracking tools

• Screen of Hydra for brute-force
• Screen of Hashcat for brute-force
• Screen of John the Ripper for brute-force

Cryptanalysis Techniques

• Cryptanalysis attempts to break encryption.
• It is a Tedious and difficult process

Several techniques to deduce an algorithm

• Recognize patterns in encrypted messages.
• Infer meaning without breaking encryption.
• Deduce the key used to break subsequent messages.
• Find weaknesses in implementation or encryption usage.
• Find general weaknesses in an encryption algorithm.

Cryptoanalysis objective

• The primary goal is to recover the key rather than just the plaintext.

Two attack appreadhes

• There are 2: Cryptanalysis and Brute-force-attack

Cryptanalysis nature

• Cryptanalytic attacks rely on the nature of the algorithm.
• It relies on Some knowledge of the general characteristics of the plaintext and/or Some sample plaintext ciphertext pairs.

Algorithm exploitation

• Algorithm characteristics exploited to deduce a specific plaintext or the key.

Cryptography Characteristics

• Relatively weak algorithms fail against ciphertext-only attacks.
• Good algorithms must be designed to withstand known-plaintext attacks.
• Encryption must meet either or both of the following: The cost of breaking must exceed the value of the encrypted information or the time required to break the cipher exceeds the useful lifetime of the information.

Brute-Force attack

• Brute-force attack tries keys that are possible against ciphertext
• Intelligible translation into plaintext must occur
• On average, half of the keys must be tried to achieve this success
• If either type of attack succeeds in deducing the key, the effect is catastrophic since future and past messages encrypted with that key are compromised.

Classical Encryption Techniques are divided into:

• Substitution Ciphers (Caesar, Monoalphabetic, Playfair, Hill, Poyalphabetic and One-Time Pad) and Transposition Ciphers (Rail Fence and Row Column)

Caesar Cipher

• Caesar Cipher is a earliest know substitution cipher where each letter in the alphabet is rotated by three letter
• By Julius Caesar
• First attested use in military affairs
• Replaces each letter by 3rd letter on

Example of Caesar Cipher method

• Meet me after the party becomes PHHW PH DIWHU WKH SDUWB

Transformation of the Caesar Cipher algorithm

• c = E(k, p) = (p + k) mod (26)
• p = D(k, c) = (c – k) mod (26)

Cryptanalysis of Caesar Cipher

• Could quickly try each one until recognized

• Brute Force Search is possible given ciphertext to just try all shifts of letter and Need to recognize when have plaintext

  ▪     A maps to A,B,..Z
  ▪     easy to break
  

Monoalphabetic Cipher

• Could shuffle (jumble) the letters arbitrarily where Each letter has to have a unique substitute

       ABCDEFGH I JKLMNOPQRSTUVWXYZ
       MNBVCXZASDFGHJ KLPOIUYTREWQ
  

• There are 26! pairing of letters (~1026)

Security issues

• The brute Force approach is too time consuming
• Statistical Analysis would make it feasible to crack the key given its 26! keys ≡ 4 x 1026

Monoalphabetic Cipher Security

• The problem is languages, where "!!!" Monoalphabetic Cipher Security!!!WRONG!!!". ▪ Now have a total of 26! = 4 x 1026 keys ▪ With so many keys, might think is secure

Language Redundancy and Cryptanalysis

• Human languages have redundancy

  ▪ eg "th lrd s m sh ph rd shll nt wnt"
  

• Letters are not equally commonly used and in English the E is by far the most letter.

  • followed by T,R,N,I,O,A,S
  • other letters like Z,J,K,Q,X are fairly rare
  • have tables of single, double & triple letter frequencies for various languages

Polyalphabetic Caesar Cipher

• Developed by Blaise de Vigenere

• The ciphers use a sequence of monoalphabetic ciphers in a tandem: C1, C2, C2, C1, C2

  • Message: Bob, I love you. Alice. Encrypted Message: Gnu, n etox dhz. tenvj ▪ Cipher: Monoalphabetic Cipher. Key.

Transposition Cipher

 - Use Obtain a key to for the algorithm, and shift the alphabets

        Transposition
     Plain Text                                       Cipher Text
        ABCDEFGH I JKLMNOPQRSTUVWXYZ                   ABCDEFGH I JKLMNOPQRSTUVWXYZ

     Message:              Cipher:        Encrypted Message:  ??     _
     Bob, I love you.                               Key= "WORD"
    Alice

Vigenère Cipher

• Write the plaintext and keyword out then use each key letter as a caesar key then encrypt the corresponding plaintext letter
• key: deceptivedeceptivedeceptive
• plaintext: wearediscoveredsaveyourself
• ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Math of Vigenere

• Ci ​ = (Pi​ + Ki mod m​)mod 26
• Pi​ = (Ci ​− Ki mod m​)mod 26

Rail Fence Transposition

• The plaintext is written then are read off as a sequence of rows. Then Diagonal sequences occur.
• Ciphertext: attack postponed until two am Depth: 2 --> ciphertext: MEMATRHTGPRYETEFETEOAAT

Substitution Ciphers

• Written and transformed letters transform to ciphertext, as part of Key management.

Shannon’s Characteristics of Good Ciphers

• The amount of secrecy needed determines the amount of labor for encryption and decryption.
• Free from Complexity
• Errors should not propagate/cause corruption
• simple implementation
• Unchanged size if encrypted

Requirements of Trustworthy Encryption Systems

• It is It is based on solid mathematics from solid principles and and expert analyzed
• With few algorithm flaws from over testing

Data Encryption Standard (DES)

• Completely scramble the data and key so that every bit of cipher text depends on every bit of data and ever bit of key
• Has 64 bit chunks with parity bits, with a standard for commerical, non classified use. Cracking has become quicker, from 140 days in 1997 to merely 14 hours in 1999.
• TripleDes uses dES 3 times in a tandem, taking 1 DEs key and input next ones.

Triple-DES ciphers

• 2K ciphers, can encode and decript and often used in ANSI and 3-Kys for safety

Encryption Algorithm Summary

• DES is a Block Cipher, with 56 bits, Commonly Not enough
• TripleDES uses 112/168 bits, Adequate Security
• Blowfish = variable Bits for Excellent Security
• AES use variable Bits, Excellent Security
• RC4 use variable bits, Excellent/ Fast Stream Cipher

Asymetric encryption

• Limitations include the exposure for Secret key transmission eaves dropping

Triple - DES

• C=Ek(Dk1(P)) --> encryption decryption to work with single key
• No current known practic attacks

Summary of Algorithm Enctryption

DES/Block 56 and 448bits for strong/ excelent data

Asymmetric Encryption

• Uses a pair of keys for encryption with high security.

     ▪       Public key for encryption
     ▪       Private key for decryption
  

Encodes by public and decodes to the next stage

Authentication Basics

Authentification is to have secure message and sender identity. There are 3 tech (message, digital signatures and pki)

Authentication Protocol Basics

• Password transformed one way function for transmission to preevent eaves dropping and replay protection (challenge - Response) / time stamp, with clock synchroneity

Ahentications

• Kerberos uses the Symmetric Key for K distribution - with a central server with all users, access privilfge

Authenthcation,

• Hardware devices for unique strings, or for use PIN Storage

Types of Authenthcation

• Synchronous :time generate pw, challenge value, hand held tokens or Smart/ pcima cards

Biometrics

Use biological characterization with physiological measurements (finger, voice...)

Digital Signature:

• Data item associated to messages with has A guarantee or source data that is not a data that has been tampered to. The algorithm uses a Private and Public Key
• Cerfticaitons verify the trust in trusted 3rd party is signed statement and verified via a Key authority . This used in all levels with self signed statements.

Cryptanalysis Basics

• Practice of analyzing and breaking cryptography
• Cracking Pseudo Random Number Generators
• Variety of methods for safe guarding keys (Key Management)
• safe guarding keys via Encoding + smart cards.