Cryptography and Encryption Techniques Quiz

Questions and Answers

What is one of the major advantages of the CTR mode of operation in block ciphers?

• It requires sequential decryption of blocks.
• It uses a consistent key for all blocks.
• It eliminates the need for a counter input.
• It allows for parallel encryption and decryption. (correct)

Which encryption method is used by Microsoft’s Bitlocker?

• RSA for all operations
• DES in ECB mode
• XOR only
• AES in either CBC or XTS mode (correct)

What is a disadvantage of using CTR mode for encryption?

• It allows for error propagation across multiple blocks.
• It relies on weak XOR encryption. (correct)
• It requires high computational resources.
• All encrypted blocks must be decrypted sequentially.

How does a missing block of ciphertext affect CTR mode encryption?

It results in loss of synchronization. (B)

In which scenario might CTR mode be effectively utilized?

When needing unaffected decryption of a single block. (A)

What characteristic defines stream ciphers in relation to block ciphers?

They encrypt data in a continuous stream. (A)

Which operation is AES commonly associated with in internet communications?

Encrypting data during secure website visits. (C)

What is a key feature of the CTR mode's encryption method?

Dependency on a pseudorandom key sequence. (D)

What is the purpose of using cryptographic hashes for password storage?

To prevent direct exposure of the original passwords if compromised (C)

Why are hashing algorithms for password storage designed to be slow?

To make brute-force attacks more time-consuming (B)

What additional information is added to a password before hashing to ensure uniqueness?

A salt (A)

What could an attacker utilize if multiple users have the same password across sites that use the same hashing algorithm?

A rainbow table (D)

Which of the following hashing algorithms is commonly used for password storage?

Bcrypt (D)

What is the main drawback of storing passwords as plaintext?

Exposure of all passwords if the system is compromised (D)

How does adding a salt before hashing improve password security?

It increases the number of possible password hashes (D)

What would likely happen if a password hashing algorithm is fast?

It could make it easier for attackers to compromise accounts (D)

What does the final entry in a HashCash string represent?

Nonce (B)

What is the purpose of the nonce in the context of HashCash?

To verify the SHA1 hash is valid (D)

How is the validity of a HashCash string checked by the receiver?

By hashing the string and checking the first 20 bits (C)

What is required for a nonce to be considered valid in the HashCash system?

It must take about 1 second to find (B)

What was a proposed benefit of HashCash in the context of sending emails?

It associates costs with sending emails (D)

Why did HashCash not become widely adopted despite its innovative concept?

It failed to create the anticipated demand (D)

What serves as the foundation of Bitcoin, as suggested by HashCash?

Blockchain technology (A)

Which hashing function is used in HashCash to check the validity of the nonce?

SHA1 (A)

What is the primary purpose of using a stream cipher like RC4 in Wifi encryption?

To enhance speed and efficiency in encryption (C)

What role does the Initialization Vector (IV) play in the WEP encryption process?

It helps to avoid reusing the same key for all transmissions (A)

How is the keystream used in the WEP encryption process?

It is XOR'd with the message to produce the ciphertext (B)

What is one of the vulnerabilities associated with Wifi networks?

Data can be intercepted without direct network connection (A)

What was the main encryption protocol used for Wifi from 1997 to 2003?

WEP (D)

What is the key length of the WPA-40 key in the WEP protocol?

40 bits (A)

What defines the initial state of the RC4 stream cipher?

The order of 256 bytes determined by the key (D)

What is a significant characteristic of the PRBNG (Pseudorandom Bit Number Generator) used in the context of encryption?

It initializes with a common key to generate a stream (C)

What is one of the main purposes of controlling the difficulty of adding blocks in a blockchain?

To manage the supply of currency. (D)

What is associated with the proof-of-work algorithm in block creation?

Modifying the block's hash using a nonce. (D)

How does the difficulty target affect the block creation process over time?

It is reduced to control the effort required. (A)

What is the significance of following hash-chains both backwards and forwards?

To ensure block integrity and active chain status. (D)

Why is adding a block intentionally made difficult?

To make it harder to corrupt the ledger. (D)

What role does the nonce play in the blockchain process?

It modifies the block's hash. (D)

Which of the following best describes the hash function requirement for blocks in the blockchain?

The hash must be less than a predetermined difficulty target. (A)

What is the purpose of the difficulty target in blockchain mining?

To help generate blocks at a more consistent rate. (A)

What is the block size used in AES?

128 bits (B)

What happens to the initial key in the AES encryption process?

It is expanded into multiple round keys. (B)

How many rounds does AES perform with a 256-bit key?

14 rounds (C)

Which component of AES is responsible for substitution during encryption?

S-Boxes (B)

What is the purpose of the Mix Columns step in AES?

To combine data across columns (A)

In AES, what does decryption use instead of the S-Boxes during encryption?

Inverse S-Boxes (B)

What is one characteristic of the ciphertext produced by the AES algorithm?

It appears completely random. (C)

Which of the following is NOT a step included in each round of AES?

Round Robin Scheduling (C)

What kind of security standard is AES categorized under?

Symmetric key encryption standard (A)

What is the key size used in AES for 192-bit encryption?

192 bits (D)

What does the acronym AES stand for?

Advanced Encryption Standard (C)

What is one of the primary objectives of the AES algorithm design?

To ensure randomness in ciphertext (B)

Which of the following describes the structure of the AES rounds?

Multiple steps: substitution, permutation, and mixing (A)

In the context of AES, what does XOR stand for?

Exclusive Or (C)

Flashcards

Counter (CTR) Mode

A block cipher mode that encrypts/decrypts data by treating each block independently, making it suitable for parallel processing.

Block Cipher

A symmetric cipher that encrypts data in fixed-size blocks, often used in conjunction with a mode of operation like CTR.

Stream Cipher

A technique that allows for encrypting or decrypting data streams in real-time, typically used in communications.

CTR as a Stream Cipher

A type of stream cipher that uses a block cipher in CTR mode to generate a keystream for encryption.

Encryption Algorithm

An encryption algorithm that uses a block cipher and a mode of operation to encrypt and decrypt data.

Encryption

The process of transforming plaintext into ciphertext, making it unreadable without the decryption key.

Decryption

The process of transforming ciphertext back into plaintext, revealing the original message.

Encryption Key

A key used to encrypt and decrypt data, ensuring only authorized parties can access it.

What is AES?

A widely used symmetric block cipher with a fixed block size of 128 bits, supporting key sizes of 128, 192, or 256 bits. It is employed in numerous applications, including secure communication, storage, and data protection.

What are rounds in AES?

A series of specific steps, usually repeated several times, which constitute the core of an encryption algorithm. Each round involves transformations such as substitution, permutation, and mixing of data.

How are round keys generated?

Initial key used during encryption is expanded into multiple round keys. Each round of AES utilizes a specific round key to enhance security by introducing more randomness to the encryption process.

How many rounds does AES use?

AES employs a fixed number of rounds based on the key size. 10 rounds for 128-bit keys, 12 for 192-bit keys, and 14 for 256-bit keys.

What is the SubBytes step?

This step involves replacing each byte in a block with a corresponding value from a predefined substitution box (S-Box) based on a predefined lookup table.

What is the ShiftRows step?

This step circulates the rows of a state matrix. The first, second, third, and fourth rows are shifted by 0, 1, 2, and 3 bytes respectively.

What is the MixColumns step?

A matrix multiplication operation using a specific matrix called a P-Box. This operation mixes the columns of the state matrix, creating more complex data dependencies for enhanced diffusion.

What is the AddRoundKey step?

Consists of XORing the current state with the round key. The key material is combined with the data being encrypted.

How is decryption in AES done?

The process of decryption using the AES algorithm is almost identical to the encryption process. However, the order of the steps is reversed, and instead of using the S-Box, its inverse is used, making the encryption reversible.

What is the aim of AES?

The goal of AES is to produce ciphertext that looks completely random and devoid of any discernible patterns, preventing attackers from exploiting any predictable patterns.

What is a block cipher?

A block cipher is a type of encryption algorithm in which data is divided into fixed-size blocks. Then, each block is individually encrypted and decrypted. This is in contrast to stream ciphers, which encrypt data on a bit-by-bit basis.

How does AES achieve diffusion and confusion?

Each round of AES consists of several steps, including substitution, permutation, and mixing. By carefully designing the round operations, AES aims to achieve strong diffusion and confusion. Diffusion ensures that changes in a single plaintext bit affect multiple ciphertext bits, hindering analysis. Confusion makes the relationship between the key and the ciphertext more complex, making it harder to decipher.

Why is AES considered secure?

AES is a widely accepted and secure encryption standard, implemented in various security applications. It is designed to be robust against known attacks and to offer high resistance against current and future cryptanalytic techniques.

How is the initial key expanded?

The initial key is expanded to generate keys for each round. The expansion algorithm ensures that each round key is unique and contributes to the overall security of the encryption process.

Pseudorandom Number Generator (PRNG)

A method of generating a seemingly random sequence of bits based on a secret key, used for encryption.

Synchronized Stream Cipher

A stream cipher where the keystream is generated by XORing the message with a sequence of bits produced by a PRNG. The keystream must be synchronized between the sender and receiver.

Initialization Vector (IV)

The initial value used to start a PRNG, ensuring uniqueness in the generated keystream.

Counter Mode (CTR)

A type of encryption where each block of data is independently encrypted using a unique keystream generated from a PRNG. This makes it suitable for parallel processing.

RC4

A stream cipher that was widely used for securing Wi-Fi networks, utilizing a PRNG to generate a keystream that is XORed with the message.

WEP (Wired Equivalent Privacy)

A legacy encryption standard for Wi-Fi that was vulnerable to attacks due to its weak key length and predictable IVs.

SHA-256 (Secure Hash Algorithm 256)

A cryptographic hash function that creates a unique and fixed-length fingerprint of a piece of data, ensuring data integrity and authenticity.

Password Hashing

A technique used to protect passwords by storing their hashed representation instead of the actual password. This way, even if the system is compromised, attackers cannot access the actual passwords.

Slow Hashing Algorithm

A cryptographic hash function specifically designed to be computationally slow, making it difficult for attackers to crack passwords through brute-force attacks.

Salt (In Password Security)

A random piece of data added to a password before hashing, making each user's hashed password unique even if they use the same password across different websites.

Rainbow Table

A pre-computed table containing hashes of common passwords, used by attackers to quickly identify and crack password hashes.

Brute-Force Attack

A type of cryptanalytic attack that tries to guess passwords by systematically trying all possible combinations. This attack is greatly slowed by the use of slow hashing algorithms and salts.

Cryptographic Hash Function

A cryptographic hash function designed to be resistant to collisions, meaning it's very unlikely to produce the same hash for different inputs.

Bcrypt and Scrypt

Commonly used password hashing algorithms that are designed to be slow, making brute-force attacks very time-consuming and inefficient.

What makes creating a Bitcoin block difficult?

A block is purposely hard to create, restricting the number of Bitcoins in circulation and maintaining their value through supply and demand.

What is Proof-of-Work?

A mathematical algorithm that requires a lot of computational power to solve, used in Bitcoin to validate transactions and add blocks to the blockchain.

What is a nonce in the Bitcoin blockchain?

It acts like a counter, ensuring that the hash of a block meets a specific target value needed for block creation.

What is the difficulty target in Bitcoin?

A difficulty target is a threshold that determines how hard it is to create a new block. It adjusts over time, ensuring the network stays healthy.

What is HashCash and its relation to Bitcoin?

HashCash is a proof-of-work system that makes a sender pay a small cost for sending email, discouraging spam.

What is the Blockchain?

It's a record of all Bitcoin transactions, similar to a public ledger, ensuring transparency and security.

What is a fork in the Bitcoin blockchain?

A fork in the blockchain occurs when miners disagree on the order of transactions, leading to two competing chains.

What are Bitcoin mining protocols?

A set of rules outlining how Bitcoin miners operate, validate transactions, and add blocks to the blockchain.

Hashing

A hash function that creates a unique fingerprint of a message or file, ensuring its integrity and preventing unauthorized modifications.

Blockchains

A type of hash function where each block relies on the previous block's hash, creating a chain of interconnected data. Changes to any block are immediately apparent in subsequent blocks.

Cryptocurrency

A type of cryptocurrency that utilizes a blockchain to record and verify transactions within a decentralized system. It is often used as a digital asset, where units can be bought, sold, or traded.

Proof-of-Work

A form of proof-of-work system where an individual must solve a computational puzzle before being allowed to add a block to the blockchain. This process helps prevent malicious actors from manipulating the chain and ensures the integrity of transactions.

Immutability of Blockchain

Transactions in a blockchain are permanently recorded, even if the transaction itself is fraudulent or unauthorized. Once recorded, these events can't be erased or altered, ensuring transparency and accountability.

HashCash

An early concept exploring the use of cryptographic hashing to limit email spam by requiring the sender to solve a computationally intensive problem before sending an email. It was an early experiment in using cryptography to combat spam.

Symmetric Key Cryptography

A cryptographic method where data is encrypted and decrypted using a unique key shared between the sender and receiver, enabling secure communication. It employs a secret key, requiring both parties to have access to the same key.

Asymmetric Key Cryptography

A cryptographic method that uses two separate keys: a public key for encryption and a private key for decryption, enabling secure communication. It allows anyone with the public key to encrypt messages, but only the holder of the matching private key can decrypt them.

Study Notes

Modern Symmetric Encryption Methods

• Modern encryption systems use principles of substitution and permutations to encrypt data efficiently.
• Basic operations like XOR, substitutions, and permutations are fundamental to modern encryption methods.
• Symmetrical encryption methods use the same key both to encrypt and decrypt data.
• Classical encryption methods, such as the Enigma machine, provide the basis for modern symmetrical encryption methods.

Modern Encryption Methods

• Classical encryption methods, including the Enigma machine, are based on substitution operations.
• A basic unit of data (like a letter) is substituted for another, as determined by rules and a key (KE).
• Each substitution is a 1:1 mapping between possible characters in plaintext (pt) and ciphertext (ct).
• Substitutions can be fixed (mono-alphabetic) or change over time (poly-alphabetic).

Letter/byte substitutions for digital data - XOR

• XOR is equivalent to Caesar’s cipher for digital systems and is a common operation for combining bits or bytes of plaintext and key.
• In digital systems, the basic unit of data is a bit, often grouped into bytes.
• The XOR operation is reversible by applying another XOR.

Substitution Boxes (S-Boxes)

• S-Boxes are used to substitute bits or bytes of data, and are often used in lookup tables to enhance security against linear analysis.
• S-boxes do not depend on the key, and can be fixed or generated from the key before encryption begins.
• The S-Boxes typically operate on single bytes.
• Multiple 1-byte S-Boxes can be used in parallel to encrypt more than one byte of data simultaneously.

Permutation Boxes (P-Boxes)

• P-Boxes mix the results of the separate substitutions performed by S-boxes.
• P-Boxes aim to distribute the outputs of the S-Boxes across other S-Boxes.
• S-boxes and P-boxes are used together to effectively spread the influence of a change in one input over a larger area of the output, protecting against linear and differential cryptanalysis.

Block Ciphers

• Block encryption algorithms use a series of operations on fixed-size blocks of data.
• If the message is longer than the block size, it's split into multiple blocks for separate encryption.
• Each block is processed by a block encryption algorithm, and smaller blocks are padded as needed.
• The keysize is usually the same as or similar to the block size.

Example Block Encryption Algorithm - AES

• AES (Advanced Encryption Standard) is a commonly used block cipher.
• AES uses rounds, which are basic encryption steps performed multiple times.
• The key is expanded into multiple round keys, during each round, there are operations on bits and bytes.
• Decryption process is similar but with inverse operations.

Block Ciphers - ECB Mode

• ECB (Electronic Codebook Mode) encrypts each block independently in a straightforward manner.
• A significant drawback is that identical plaintext blocks produce identical ciphertext blocks, making patterns in the original data visible in the encrypted result.
• ECB mode is extremely vulnerable to known-plaintext attacks.

Block Ciphers - CBC Mode

• CBC (Cipher Block Chaining) mode XORs each plaintext block with the previous ciphertext block before encryption.
• This prevents identical plaintext blocks from producing identical ciphertext blocks, making it more secure than ECB for most applications.
• The initialization vector (IV) is used for the first plaintext block to provide a different start point.

Block Ciphers - CTR Mode

• CTR (Counter Mode) generates a unique, non-random key stream for each block.
• Each block of plaintext XOR'd with the respective key stream, and encrypted/decrypted independently.
• CTR mode is highly efficient for parallel processing.

Stream Ciphers

• Stream ciphers operate on data streams (like communication channels) rather than blocks.
• Stream ciphers use a key stream generated by a pseudorandom number generator, then XOR'ing with input data.
• Stream ciphers are generally much faster than block ciphers, as they operate on data bit-by-bit.

Synchronised Stream Ciphers

• Synchronised stream ciphers require both sender and receiver to use the same key stream.
• Employ a pseudo-random binary number generator (PRBNG).
• The aim is for the keys generated to be unpredictable to outsiders to provide security.

Secure Wifi

• WEP (Wired Equivalent Privacy) and TKIP used stream ciphers like RC4, were later superseded by AES-based methods.
• Current Wifi security standards provide much greater security through more sophisticated methods.

Example: DVD Encryption

• DVD encryption systems, like CSS, employed stream ciphers but were quickly cracked due to weak cipher designs, and small keysizes, and cryptanalysis methods.
• Stronger and more secure methods are required to protect data effectively now.

Message Authentication

• Cryptographic hash functions are used to create unique "fingerprints" of messages.
• Hash functions can verify if a message has been changed in transit without revealing the original message.
• The recipient can use the same hash key to create a checksum to confirm the identity of the message provider.

Cryptographic Hashes

• Hash functions produce a unique "fingerprint" of data, used for verification.
• Common hash functions include SHA-1, MD5, SHA-256.
• Hashing is essential for verifying that data hasn't been tampered with during transmission or storage.

Cryptographic Hashes for Password Storage

• Secure password storage requires hashing, not storing passwords in plain text.
• Common algorithms use Bcrypt or Scrypt to obfuscate passwords and slow down brute force attacks.
• Salts are appended to passwords before hashing to avoid rainbow-table vulnerabilities, which are pre-calculated hashed of common passwords.

Brute-force and other methods for obtaining passwords

• Brute-force attacks try all possible password combinations to guess accounts.
• Reused passwords across multiple platforms increase susceptibility to breaches.
• Modern password hashing techniques make brute-force attacks very slow and computationally costly.

Message Authentication Codes (MACs)

• MACs provide message authentication and integrity.
• MACs use a shared secret key to generate message authentication tags, ensuring only legitimate users can verify information.
• Attackers who intercept and change the message will be unable to generate a valid MAC if they don't share the key.

HashCash

• HashCash was an early method for controlling spam and requiring a "work-proof."
• The goal is to slow down the massive volume of spam, so that sending a spam email becomes more expensive for mail spammers.

Hashing in Block Chains / Cryptocurrency

• Blockchains use cryptographically secure hashing for data integrity, as part of the distributed ledger structure.
• Hashing techniques like SHA-256 are crucial in the verification of transactions and to ensure the integrity of the data.

Blockchains

• Blockchains are used to create a trustworthy record of transactions or events that are secure, immutable, and decentralized.
• Each block contains a hash of the previous block, creating a linked chain, making tampering difficult and instantly noticeable.
• They use cryptography and distributed ledger technology to establish trust across a network of participants.

Bitcoin

• Bitcoin uses blockchains to record and manage transactions.
• Block creation involves solving a cryptographic puzzle associated with a block's nonce.
• The Bitcoin network ensures the integrity of the history through a complex system of verification and validation, which includes cryptographically securing the transactions and ensuring the history of transactions is verifiable and trusted by all network participants.

Bitcoin - Proof-of-Work

• Bitcoin's proof-of-work system is inspired by HashCash, and associates costs with block creation.
• Blocks contain a nonce that affects the hash value; the difficulty target decreases over time.
• Bitcoin ensures ownership through a verifiable and secure ledger, which is updated and distributed across the network.

Bitcoin - Block Structure & Transactions

• Bitcoin block data format includes details of Bitcoin transactions
• The process for creating and adding blocks to the chain is carefully controlled to prevent manipulation or unauthorized additions, maintaining the security of Bitcoin transactions and ownership.

Additional Notes

• Specific encryption modes like ECB, CBC, CTR affect how blocks are processed and can have security implications when using them with different types of data (like images).
• Hashing techniques are fundamental to many cryptographic applications, ensuring data integrity and non-repudiation (preventing the denial of having performed an action.)
• The concepts presented highlight some of the considerations that surround the implementation of secure systems in many areas, such as computing, cryptocurrency, and networking.

Description

Test your knowledge on various cryptography concepts, particularly focusing on block ciphers, stream ciphers, and password storage techniques. This quiz covers the advantages and disadvantages of different encryption methods, specifically CTR mode, and explores hashing algorithms used for secure password management.