Cryptography and Hash Functions Quiz

Questions and Answers

What is the main purpose of using a fingerprint on a document?

• To preserve the integrity of the document (correct)
• To enhance the aesthetic appearance of the document
• To ensure the document is confidential
• To increase the document's size

Which characteristic does NOT describe an ideal cryptographic hash function?

• Second preimage resistance
• Preimage resistance
• Ease of reversibility (correct)
• Collision resistance

Why can a checksum function not serve as a cryptographic hash function?

• It does not create a message digest
• It is reversible in nature
• It is not preimage resistant (correct)
• It is not collision resistant

What connects a document and its fingerprint as compared to a message and its digest?

They are physically linked together (B)

In the context of hashing, what does collision resistance refer to?

The ability to prevent two different inputs from producing the same hash value (C)

Which of the following is a key aspect of the Random Oracle Model?

It provides an ideal mathematical model for hash functions (D)

What happens when a message is provided to an oracle that finds a matching digest in its table?

The corresponding digest is returned for the message (D)

What is the primary need for message integrity in cryptography?

To prevent unauthorized alterations to the message (B)

What is the required number of tests for an adversary to launch a collision attack on a 64-bit hash function?

$2^{32}$ (D)

How long would it take Eve to launch an attack on a 64-bit hash function if she can perform $2^{20}$ tests per second?

Nearly 1 hour (B)

What is the digest size of the MD5 hash function?

128 bits (C)

How many tests does an adversary theoretically need to perform for a SHA-1 collision attack?

$2^{80}$ (A)

What is the purpose of a modification detection code (MDC)?

To provide message integrity (C)

What does a message authentication code (MAC) provide that a message digest does not?

Sender authentication (D)

How many tests are needed to find a collision in a SHA-512 hash function?

$2^{256}$ (C)

What limitation is recognized regarding the security of MD5 hash functions?

They can be attacked in fewer tests than believed. (C)

What is a Message Authentication Code (MAC) primarily used for?

Verifying the integrity and authenticity of a message (A)

Which function represents the generation of a MAC?

MAC = C(K, M) (D)

What is a key property of a MAC regarding message collisions?

It must be infeasible to find another message with the same MAC. (B)

How does a MAC differ from a digital signature?

A MAC does not provide non-repudiation, while a digital signature does. (A)

What should the distribution of MACs be like according to requirements?

Uniformly distributed to prevent patterns in output. (C)

When is it particularly important to use a MAC?

When message integrity is needed for archival use. (B)

Which of the following best describes the function type of a MAC?

It is a many-to-one function. (A)

What type of attacks must be considered in the security of MACs?

Brute-force and collision resistance attacks must be considered. (A)

What is the maximum message length that SHA-512 can accept?

2^128 bits (A)

What must be added if the original message length is a multiple of 1024 bits?

A length field (B)

In producing W60 for SHA-512, what is its relationship to previous words?

It is made from four previously-created words (C)

How many padding bits are added if the original message is 2590 bits?

353 padding bits (D)

How many pages would a message of 2^128 bits occupy if one page accommodates approximately 2048 bits?

Approximately 2^110 pages (C)

What is the minimum padding length required for a message length of 896 bits?

0 bits (D)

What is the relationship between the message digest size in SHA-512 and the original message size?

Message digest is fixed at 512 bits regardless of the original size (A)

What is the maximum number of padding bits allowed when padding a message?

1023 bits (B)

What is the calculated length of the original message in bits?

897 bits (A)

Which hash function is considered insecure due to similar vulnerabilities as MD5?

SHA-1 (A)

What is the primary purpose of the NIST SHA-3 competition announced in 2007?

To replace SHA-2 with SHA-3 (C)

Which of the following is NOT one of the requirements for SHA-3?

Support only 256-bit hash values (A)

In which year did Keccak win the SHA-3 competition?

2012 (D)

What happens as the first step in the SHA-1 hashing process?

Pad the message so its length is 448 mod 512 (A)

Which compression function is made from scratch?

Message Digest (MD) (C)

Which scheme utilizes a symmetric-key block cipher as a compression function?

Whirlpool (C)

What is the primary purpose of a Message Digest Code (MDC)?

To ensure the message has not changed during transmission (C)

Which of the following is NOT a requirement for message security?

Public accessibility (C)

How does symmetric message encryption provide authentication?

Both sender and receiver are privy to the key used (D)

What is a drawback of using public-key encryption for authentication?

It requires two public-key uses on a message (D)

What key aspect does a Message Authentication Code (MAC) provide?

Validation of the message originator's identity (B)

Which function can help identify altered messages?

Message digest creation (B)

What is a common security concern when using public-key encryption?

Increased message size upon encryption (B)

Which aspect is crucial for a hash algorithm to ensure the security of a MAC?

It must be secure from vulnerabilities and risks (A)

Flashcards

Message Integrity

Ensuring a message hasn't been altered during transmission.

Cryptographic Hash Function

A function that takes input (a message) and produces a fixed-size output (a hash or message digest).

Preimage Resistance

Finding an input message that produces a specific hash is computationally hard.

Second Preimage Resistance

Finding a different input message that produces the same hash as a given input is computationally hard.

Collision Resistance

Finding two different input messages that produce the same hash is computationally hard.

Message Digest

The fixed-size output of a cryptographic hash function.

Random Oracle Model

An idealized mathematical model to analyze hash functions as a random function.

Cryptographic Hash Function Criteria

Characteristics (preimage resistance, second preimage resistance, and collision resistance) that a cryptographically secure hash function must fulfill.

Collision Attack

An attempt to find two different inputs that produce the same hash output.

Hash Function Security

The ability of a hash function to resist various attacks, including collision attacks, preimage attacks, and second preimage attacks.

MD5 Vulnerability

MD5, a widely used hash function, is susceptible to collision attacks, meaning two different messages can have the same hash.

SHA-1 Weakness

While SHA-1 was considered stronger than MD5, researchers have discovered vulnerabilities that allow for faster collision attacks than originally thought.

SHA-512 Strength

SHA-512, a newer hash function, is designed with a large output size (512 bits), making it very difficult to find collisions in a reasonable time.

Message Authentication Code (MAC)

A code that verifies both the integrity and authenticity of a message, meaning that it has not been altered and it originated from the intended sender.

Modification Detection Code (MDC)

A code that verifies the integrity of a message, ensuring it hasn't been altered.

Difference between MDC and MAC

MDC only ensures the message hasn't been altered, while MAC ensures both integrity and authenticity, verifying the sender of the message.

MDC

A Modification Detection Code is used to verify a message's integrity. It's a unique fingerprint generated from the message, ensuring that any alteration during transmission will be detected.

MAC

A Message Authentication Code (MAC) is a type of MDC that uses a secret key to generate the fingerprint. This adds authentication, meaning the receiver can verify both the message's integrity and the sender's identity.

Message Authentication

Ensuring that a message hasn't been tampered with and verifies the sender's identity.

What security requirements are addressed by message authentication?

Message authentication addresses the following security requirements:

• Disclosure: Preventing unauthorized access to the message.
• Traffic Analysis: Hiding the existence or frequency of the message.
• Masquerade: Preventing someone from pretending to be someone else.
• Content Modification: Preventing unauthorized changes to the message content.
• Sequence Modification: Preventing unauthorized changes to the order of messages.
• Timing Modification: Preventing unauthorized changes to the timing of messages.
• Source Repudiation: Preventing the sender from denying they sent the message.
• Destination Repudiation: Preventing the receiver from denying they received the message.

Symmetric Encryption for Authentication

Symmetric encryption, where both sender and receiver share the same secret key, can also provide message authentication. This is because only the intended recipient can decrypt the message, ensuring both its integrity and the sender's identity.

Public-key Encryption for Authentication

While public-key encryption itself doesn't inherently provide authentication, using the sender's private key to sign the message and then encrypting it with the recipient's public key achieves both secrecy and authentication.

PKCS Size Expansion

The Public Key Cryptography Standards (PKCS) often cause data expansion when encrypting. This means the size of the encrypted message is larger than the original message.

Double Encryption for Authentication

In public-key encryption, signing with the sender's private key and then encrypting with the recipient's public key can significantly increase the message size, as both actions add layers of security.

What is a MAC?

A Message Authentication Code (MAC) is a small, fixed-sized block of data generated using a secret key and a message. It acts like a signature, ensuring the message hasn't been tampered with and originated from the intended sender.

MAC Computation

A MAC is computed by applying a cryptographic algorithm to the message and a secret key. This process generates a unique code that's appended to the message.

MAC vs. Encryption

MACs provide authentication, ensuring message integrity and sender authenticity. Encryption, on the other hand, provides confidentiality, keeping the message secret. While distinct, they can be used together to achieve both authentication and confidentiality.

MAC for Long-Term Authentication

MACs can be used for authentication that persists longer than the encryption itself, such as for archival purposes. This allows you to verify the integrity of the message even after the encryption keys are no longer available.

MAC's Key Property

A MAC is a many-to-one function. This means multiple messages can potentially have the same MAC. However, finding these messages should be computationally difficult.

MAC's Security Requirements

MACs need to be resistant to various attacks. This includes making it infeasible to find another message with the same MAC, ensuring MACs are uniformly distributed, and ensuring the MAC depends on all bits of the message.

MAC Vulnerabilities

Like block ciphers, MACs can be vulnerable to brute-force attacks. If the MAC is too short (e.g., 128-bit), attackers can potentially find collisions. Exploiting known message-MAC pairs can also pose a security risk.

MAC vs. Digital Signature

A MAC provides authentication but not non-repudiation. This means the sender can deny sending the message, as it's possible to generate the same MAC with the secret key. Digital signatures, however, provide non-repudiation, ensuring the sender can't deny authorship.

SHA-1

A cryptographic hash function designed in 1993 and revised in 1995, producing 160-bit hash values. It's based on MD4 but with key differences.

SHA-2

A family of cryptographic hash functions with various bit lengths (SHA-256, SHA-384, SHA-512). It appears secure but shares structure and operations with predecessors.

SHA-3

The newest generation of NIST cryptographic hash function, chosen as the winner of a 2012 competition.

Keccak

The algorithm chosen for SHA-3, offering superior security and flexibility.

Merkle-Damgard Scheme

A widely used method for constructing iterated hash functions. It breaks a message into blocks, processes them one by one, and combines the results.

Compression Function

A core component of hash functions that takes input (a message block) and produces a fixed-size output (a hash value).

SHA-512 Message Length

SHA-512 requires the original message to have a length less than 2^128 bits.

Padding in SHA-512?

Even if the original message is a multiple of 1024 bits, padding is still necessary in SHA-512.

Purpose of Padding

Padding is added to a message in SHA-512 to make its length a multiple of 1024 bits. It is necessary for the block processing stage.

Minimum Padding in SHA-512

The minimum padding length in SHA-512 is 0 bits, occurring when the original message length is 896 bits modulo 1024.

Maximum Padding in SHA-512

The maximum padding length in SHA-512 is 1023 bits, occurring when the original message length is 128 bits modulo 1024.

Word Expansion in SHA-512

In SHA-512, words W16 to W79 are generated from four previous words.

Creating W60 in SHA-512

W60 in SHA-512 is calculated using a specific formula that involves W56, W60, W64, and W72.

SHA-512 Round Function

The SHA-512 algorithm uses a round function that combines eight words with a 64-bit constant and rotates them. This is repeated 80 times.

Study Notes

Cryptography and Network Security - Week 9-11

• Message Integrity: Cryptography systems often provide secrecy but not integrity. Integrity is crucial in situations where secrecy isn't required, ensuring the data hasn't been tampered with.

• Document and Fingerprint: A practical analogy for preserving document integrity is using a fingerprint. Alice, for example, can add her fingerprint to a document as a way to verify that the content hasn't changed.

• Message and Message Digest: In computing, the electronic equivalent of a fingerprint and document pair is the message and its digest. A hash function maps the message to the digest, also called the "fingerprint."

• Difference between Document/Fingerprint and Message/Digest: Documents and fingerprints are physically linked. Messages and digests can be unlinked, crucial for integrity checks. The digest itself must be protected from change for accurate verification.

• Checking Integrity: Integrity checking involves two steps: a hash function processes the message, producing a digest; this current digest is compared with a previous/stored digest. If they match, the integrity is verified. If the digests differ, there is an indication that the message has been altered.

• Cryptographic Hash Function Criteria: Preimage resistance, second preimage resistance, and collision resistance are essential requirements for a cryptographically secure hash function.

• Preimage Attack: Given a hash value, a preimage attack attempts to find the original message that produced this hash.

• Second Preimage Attack: Given a message and its hash, a second preimage attack aims to find another message that hashes to the same value.

• Collision Attack: This attack attempts to find two different messages that produce the same hash value.

• Random Oracle Model: An ideal mathematical model of a hash function, introduced in 1993 by Bellare and Rogaway, is the Random Oracle Model. This is an idealized model which assumes that the hash function behaves randomly.

• Message Authentication Code (MAC): A MAC is a modification detection code, a cryptographic hash function that authenticates the sender of a message. Unlike a message digest, a MAC requires a shared secret key.

• Modification Detection Code (MDC): An MDC, while useful for detecting changes, does not authenticate the sender of a message.

• Nested MAC: A nested MAC involves applying a hash function twice with a different secret key for each iteration (or applying the MAC function iteratively).

• Symmetric Message Encryption: Symmetric encryption can provide authentication in addition to confidentiality. The receiver knows only the sender and receiver have the key if used correctly.

• Public-Key Message Encryption: Public-key encryption does not necessarily confirm the sender's identity. Signing with a private key and encrypting with a public key adds both authentication and confidentiality.

• Message Authentication Code (MAC) Properties: A MAC is a cryptographic checksum; it condenses a variable-length message into a smaller, fixed-size value using a secret key, and it's a many-to-one function. Finding two matching messages with the same MAC should be computationally infeasible.

• HMAC (Hash-based Message Authentication Code): A widely used MAC based on hash functions, making it often more efficient & adaptable than other approaches.

• Hash Function Requirements: A hash function should be efficient, use variable input sizes, produce fixed-length outputs, resist preimage and second-preimage attacks, and be resistant to collision attacks.

• Birthday Attacks: These attacks exploit the mathematical property of hash functions to find collisions faster, thus reducing their security level if the hash sizes are too small.

• Hash Function Cryptanalysis: Analysis techniques used find weaknesses in a hash function which allow attacks to exploit them faster than brute force.

• Block Ciphers as Hash Functions: Block ciphers can be used to create hash functions, but the resulting hash values are often too small and susceptible to various attacks.

• Secure Hash Algorithm (SHA): A family of cryptographic hash functions designed by NIST and NSA, widely considered secure. Included in the family are SHA-1, SHA-2 (256, 384, 512), and SHA-3 (Keccak).

• SHA-3 Requirements: These include the requirements and features/characteristics of SHA-3 (Keccak).

• Padding and Length Field in SHA-512: Padding and length fields are necessary to prepare a message of variable length for processing ensuring that the length of the message is correctly interpreted and processed.

• Whirlpool Hash Function: A keyed hash function designed in the similar structure/style of other well-known methods like MD4.

• Whirlpool Cipher: A cipher that uses a 512-bit block size.

• Decryption & Verification: A digital signature scheme allows for straightforward verification of the message's integrity and authentication. Methods to overcome weaknesses in this verification process exist.

• Attack Types: Key-Only Attacks, Known-Message Attacks, Chosen-Message Attacks are the three basic categories of an attack aimed at breaking the security of digital schemes.

• Forgery Types: Existential forging, selective forging, and total breaks are types of attacks that target creating a valid signature without having access to the private key of the signer.

• Digital Signature Schemes: This include RSA, ElGamal, Schnorr, DSS, and ECDSA.

• RSA Digital Signature Scheme: General idea behind the RSA digital signature scheme, covering signing and verification, and key generation.

-ElGamal Digital Signature Scheme: General idea behind the ElGamal digital signature scheme, covering key generation, signing, and verification steps.

• Schnorr Digital Signature Scheme: General idea behind the Schnorr digital signature scheme, covering key generation, signing, and verification steps, along with explanations of the required steps.

• Digital Signature Standard (DSS): A standard algorithm for digital signatures, covering key generation and signing/verification.

• ECDSA: A digital signature algorithm based on elliptic curve cryptography, providing key generation, signing and verification.

• Variations: The methods of time-stamping signatures in order to prevent re-use of a signature & blind signatures.

• Entity Authentication: This involves proving the identity of a party or process, whereas message authentication validates the integrity of a message only.

• Verification Categories: Categories for methods in identifying or verifying the authenticity of the sender or entity, such as something known (e.g. a password), something possessed (e.g. an ATM card), and something inherent (e.g. a fingerprint).

• Passwords: Fixed and one-time passwords are traditional methods for entity authentication, relying on something the claimant knows.

• Challenge-Response: Provides authentication using a secret known to the claiming party, without the secret needing to be transmitted.

• Counter with Cipher Block Chaining-Message Authentication Code (CCM): A standard message authentication code (MAC) algorithm.

• Galois/Counter Mode (GCM): A parallelizable message authentication mode, also specified as an internet standard.

• Authenticated Encryption: Methods to protect both confidentiality and authenticity of communications/messages during transmissions. These methods often combine encryption with MAC values.

• Hash Functions: Methods of compressing arbitrary messages to a fixed-size value & its uses (eg. Message Integrity Check, Message Authentication Code, Digital Signatures, Password Verification...).

• Hash function Cryptanalysis Techniques: Various techniques used to find vulnerabilities or weaknesses within a hash function; aimed at finding ways to break security faster than by exhaustive search/brute-force.

• MD5, MD4: Older hash functions that are no longer considered adequately secure. They were common at one point but have since been superseded by more secure methods.

• Security of MACS: A survey of the attacks relevant to breaking various types of MAC algorithms.

• General Characteristics of Hash Functions: A summary of various hash functions (MD5, MD4, SHA-1, SHA-3, SHA-2).

Description

Test your knowledge on cryptographic principles, focusing on hash functions, fingerprints, and message integrity. This quiz covers key concepts such as collision resistance, hash function characteristics, and the Random Oracle Model.