Cryptography Basics Quiz

Questions and Answers

What is the block size of DES?

• 32 bits
• 64 bits (correct)
• 128 bits
• 256 bits

What happens when the plaintext is shorter than 64 bits in DES?

• Encryption is performed without padding.
• Padding is added to reach the required size. (correct)
• The encryption fails due to insufficient data.
• It is ignored.

Why is padding necessary in DES encryption?

• To extend plaintext to a block size of 64 bits. (correct)
• To enhance data security.
• To improve encryption speed.
• To ensure multiple blocks of data can be processed.

What must be done with the padding after decryption in DES?

It should be removed. (D)

What is the hexadecimal representation for 'Accusing' as plaintext in DES?

4163637573696E67 (C)

What does entropy in a class of messages measure?

The average amount of information expected in a message (D)

What is a characteristic feature of a one-time pad?

The key length matches the plaintext length and is used only once (C)

How does a stream cipher differ from a block cipher?

A stream cipher combines plaintext symbols with keystream symbols one at a time (C)

What is a defining characteristic of modern cryptography compared to the one-time pad?

The key length can be independent of the plaintext size (D)

What does the encryption and decryption process of block ciphers involve?

Operating on a block of predefined size using the same key (B)

Which best describes symmetric cryptography?

It utilizes a single key for different cryptographic operations. (C)

What is the purpose of a digital signature?

To verify the integrity and authenticity of a message. (D)

Which part of the encryption process represents the change from plaintext to ciphertext?

Ciphertext. (D)

What does a Message Authentication Code (MAC) utilize for verification?

The same key for signing and verification. (B)

In asymmetric cryptography, what is true about the keys used?

One key is public, and the other is secret. (D)

What is the result of the operation σ = S(KS, m) in a digital signature?

The generation of a signature from a signing key and message. (B)

How does error propagation affect cryptographic operations?

It can result in multiple errors in the plaintext output. (C)

Which term is synonymous with symmetric cryptography?

Secret key cryptography. (B)

What is one key distinction between symmetric and asymmetric signatures?

Asymmetric signatures require public disclosure of a key. (B)

Which of the following is NOT a basic cryptographic primitive mentioned?

Key exchange. (D)

What does the ECB mode in CrypTool utilize for encryption?

Zero Padding (A)

What is a notable characteristic of the ECB mode regarding encryption?

It maintains identifiable patterns in ciphertext. (B)

Which padding option does the javax.crypto package NOT provide?

DES/ECB/ZeroPadding (D)

What is required for the Cipher Block Chaining (CBC) mode before encryption?

A random initialization vector (IV) (A)

How does the CBC mode alter the encryption of repeated plaintext blocks?

It results in different ciphertext blocks for the same plaintext. (A)

Which statement correctly describes the relationship between blocks in CBC mode?

Each ciphertext block is dependent on the previous ciphertext block. (A)

What error is returned in 'DES/ECB/NoPadding' if the plaintext does not meet the block size?

Indicates a padding issue. (D)

Which operation describes how ciphertext is generated in CBC mode?

By XOR'ing the current plaintext block with the previous ciphertext. (C)

What is the primary function of a Message Authentication Code (MAC)?

To ensure the integrity and authenticity of the message (D)

In the context of MAC, what does the variable 'C' represent?

The MAC function (D)

Why is symmetric encryption not sufficient for ensuring message integrity?

It only provides confidentiality (D)

What must be true for Bob to trust that the message he received is from Alice?

The MAC must have been computed with the shared secret key (C)

Which of the following correctly describes the relationship between MAC and symmetric encryption?

MAC is used to enhance the security provided by symmetric encryption. (B)

What does the MAC provide when transmitted alongside a message?

It offers evidence that the message was generated by the sender. (D)

What is the significance of incorporating a sequence number in message transmission?

It helps confirm the order of the messages. (D)

Which aspect of security does symmetric encryption alone fail to address?

Verification of the sender's identity (B)

What is the primary operation used to obtain the plaintext during CBC decryption?

Decrypting the ciphertext and XORing with the previous ciphertext block (A)

What impact does an error in the ciphertext have during decryption in CBC mode?

It propagates and affects subsequent plaintext blocks. (C)

What is the function of the initialization vector (IV) in CBC encryption?

To introduce randomness into the encryption process (B)

Which of the following statements correctly describes the effect of altering one bit in the plaintext during CBC encryption?

It will cause complete changes in multiple subsequent ciphertext blocks. (C)

In the context of CBC decryption, how is the plaintext created for the first block?

Decrypting the first ciphertext block and XORing with the IV (B)

What is the key difference between data confidentiality and data integrity/authentication?

Confidentiality prevents unauthorized access, while integrity detects unauthorized modifications. (B)

If an error occurs in the second ciphertext block during CBC decryption, what will be the outcome for the corresponding plaintext block?

The plaintext block will be erroneous. (C)

During CBC encryption, how does a change to a plaintext affect subsequent ciphertext blocks?

It causes a change in that block and all following ciphertext blocks. (A)

What occurs if a bit in the ciphertext is changed during CBC decryption?

The error propagates causing a complete alteration in the following plaintext blocks. (C)

Flashcards

Entropy in a message class

The average amount of information contained in a message from a specific class, measured in bits.

One-time pad

A symmetric encryption scheme where a key of the same length as the plaintext is used to encrypt the message and cannot be reused.

Stream Cipher

A symmetric encryption algorithm that encrypts individual plaintext symbols (bits) with a keystream, one at a time.

Block Cipher

A symmetric encryption algorithm that processes plaintext in fixed-size blocks, using a key to encrypt each block.

Block Cipher

A symmetric encryption scheme where the same key is used for both encryption and decryption, operating on fixed-size blocks of data.

Encryption

A fundamental building block in cryptography that transforms plaintext into an unreadable ciphertext.

Decryption

The process of converting ciphertext back into its original plaintext form.

Symmetric Cryptography

A cryptographic technique that uses the same secret key to both encrypt and decrypt data.

Asymmetric Cryptography

A cryptographic method that utilizes two related keys: a public key for encryption and a private key for decryption.

Secret Key Cryptography

Also known as a 'secret key' cryptography, this technique uses a single key for both encryption and decryption.

Public Key Cryptography

Also known as 'public key' cryptography, this system employs a pair of keys, one public and one private, for encryption and decryption, respectively.

Message Authentication Code (MAC)

A function that provides a short, fixed-length string called a message authentication code (MAC), which is used to verify the authenticity and integrity of a message.

Authenticated Encryption

A cryptographic mechanism that combines encryption and authentication, ensuring both confidentiality and integrity of data.

Padding

A technique used to ensure that the length of the plaintext is a multiple of the block size used by the block cipher.

What is DES?

A block cipher that encrypts data in 64-bit blocks. DES is a symmetric encryption algorithm, meaning that the same key is used for both encryption and decryption.

What is padding in encryption?

Adding extra bytes to a plaintext message to make its length a multiple of the block size. This is necessary because DES can only process data in full 64-bit blocks.

What is encryption?

The process of converting plaintext data into ciphertext using a specific algorithm and key. This makes the data unreadable without the correct decryption key.

What is decryption?

The process of converting ciphertext back into the original plaintext data using the corresponding key. This reverses the encryption process and makes the data readable again.

What is plaintext?

The original, unencrypted data that is to be protected. It is the input for the encryption process.

CBC Encryption Error Propagation

Each plaintext block is XORed with the previous ciphertext block before encryption. This means changing one bit in the plaintext affects the encryption of all subsequent blocks.

CBC Decryption Error Propagation

Decrypting a ciphertext block with an error only affects the corresponding plaintext block and the next. Subsequent blocks remain unchanged.

Data Confidentiality

The process of ensuring that data is accessible only to authorized individuals.

Data Integrity/Authentication

The process of ensuring that data has not been tampered with and that it originates from a trusted source.

Initialization Vector (IV)

A unique value used to initialize the first encryption block in CBC mode. It is XORed with the first plaintext block to generate the first ciphertext.

Cipher Block Chaining (CBC)

A block cipher mode that encrypts data by XORing each plaintext block with the previous ciphertext block, then encrypting the result.

Plaintext

Plaintext is the original, unencrypted data.

Ciphertext

Ciphertext is the encrypted data that is unreadable without the proper decryption key.

Zero Padding in DES(ECB)

A padding scheme used in CrypTool DES(ECB) mode where zeros are added to the end of the plaintext to make its length a multiple of the block size.

javax.crypto package

The Java cryptography package that offers different encryption and decryption algorithms, including DES with different padding schemes.

PKCS5 Padding in DES(ECB)

A padding scheme used in DES(ECB) mode where the padding is done according to the PKCS#5 standard. This scheme adds padding bytes to the plaintext to make its length a multiple of the block size.

No Padding in DES(ECB)

A padding scheme used in DES(ECB) mode where no padding is added to the plaintext. This scheme requires the plaintext to be a multiple of the block size for encryption to succeed.

Electronic Codebook (ECB) Mode

A block cipher mode in which the same plaintext block always produces the same ciphertext block. It is vulnerable to attacks as patterns in the plaintext are preserved in the ciphertext.

Cipher Block Chaining (CBC) Mode

A block cipher mode that involves XORing the current plaintext block with the previous ciphertext block before encryption. Each plaintext block is encrypted differently, making it more secure than ECB mode.

CBC Encryption of Repeated Blocks

In CBC mode, the same plaintext block is encrypted differently based on its position in the sequence because of the XOR operation with the preceding ciphertext block.

How is a MAC generated?

A MAC is calculated using a secret key shared between the sender and receiver, applied to the entire message. The MAC is then transmitted alongside the message itself.

What does a MAC ensure?

Providing confidentiality means keeping a message secret, while integrity ensures the message was not altered during transmission. MACs provide integrity and authentication.

How does a MAC guarantee the message's integrity?

A MAC ensures that the message has not been altered in transit. This is because a different message would result in a different MAC, which would be detected by the receiver.

How does a MAC guarantee the message's authenticity?

The MAC is calculated using the same secret key shared by both the sender and receiver, making it impossible for anyone else to create a valid MAC for the message.

How does a MAC ensure message sequence?

By incorporating a sequence number within the message, a MAC can also ensure that the messages are received in the correct order, as altering the sequence number would change the MAC and be detected.

Why are MACs essential in addition to symmetric encryption?

Symmetric encryption techniques like DES/AES with modes like ECB/CBC/CTR provide confidentiality, but don't guarantee integrity. A MAC is needed to ensure that the message hasn't been altered.

How are MACs integrated with encryption?

MACs are used in conjunction with symmetric encryption to provide both confidentiality and integrity, offering a complete security solution.

Study Notes

Computer Security Lecture 2

• Symmetric Cryptography (I): A single key is used for both encryption and decryption
• Structure of lecture: This lecture covers introduction of block ciphers, padding, modes of operation, error propagation, message authentication codes (MACs), and authenticated encryption.
• Cryptographic Primitives: The module covers encryption and digital signatures.
• Encryption: Plaintext is transformed into ciphertext using an encryption key; ciphertext is transformed back to plaintext using a decryption key. C = E(K_e, P), P = D(K_d, C). E is encryption, D is decryption, K_e is encryption key, K_d is decryption key, P is plaintext, C is ciphertext.
• Digital Signatures: A signing key (K_s) produces a signature (σ) for a message (m). Verification key (K_v) verifies the signature. σ = S(K_s, m), 0/1 = V(K_v, (σ, m)). S is signing, V is verification.
• Symmetric and Asymmetric Cryptography: Symmetric uses one key for encryption and decryption; Asymmetric uses a pair of unique but related keys. One key is public, while the other key is private.
• Information Entropy: Measures the amount of information in a message, generally expressed in bits. Used to measure the complexity/security of potential cryptographic schemes.
• From One-Time Pad to Modern Cryptography:
  • One-time pad uses a key as long as the message to be encrypted. Key cannot be reused.
  • Modern cryptography uses a shorter key, which can be reused.
• Stream Cipher & Block Cipher:
  • Stream cipher: combines a plaintext sequence with a keystream sequence, one symbol at a time (invertible function).
  • Block cipher: operates on blocks of plaintext to produce blocks of ciphertext.
• Block Ciphers:
  • Takes input block of a certain size (block size).
  • Takes a key of a certain length (key length).
  • Returns another block of the same size.
  • Same key used for encryption and decryption (symmetric).
• Stream Ciphers:
  • Encrypts/decrypts a plaintext with an arbitrary length.
  • Has a key of a certain length.
  • Returns a ciphertext length that is associated with the plaintext.
  • Uses same key for encryption and decryption (symmetric).
• Two Block Cipher Examples: DES (Data Encryption Standard) and AES (Advanced Encryption Standard).
• DES: Takes a 64-bit block and 56-bit key; outputs a 64-bit block. Insecure due to small key size.
• AES: Takes a 128-bit block and a 128/192/256 bit key, outputs a 128-bit block.
• DES Challenge: Finding a 56-bit key that produces a specific outcome.
• 3DES (Triple DES): A more secure variant of DES to mitigate the limitations. Uses three keys.
• Encrypting with DES:
• Encrypting with DES "Accusing": An example of encrypting a word using DES and converting it into hex code.
• Encrypting "Atom" using DES ("Atom" is not a full 64-bit block): Handling cases where the data is not a full 64-bit block. Requires padding.
• Padding: Adding extra data to a message to make it a whole number of blocks for encryption when message is not the exact same size as the blocks (required for some encryption schemes)
• Several padding schemes: Various methods for padding—common include zero padding, ANSI X.923, PKCS7, PKCS5
• Zero padding: Adding zeros to fill the block to the correct size. Not always secure/correct.
• Modes of Operation: Different methods for using a block cipher to encrypt a larger sequence of data.
  • Electronic Codebook (ECB): Each block is encrypted independently
  • Cipher Block Chaining (CBC): Each block is XORed with the previous ciphertext block, creating a chaining effect. More secure than ECB mode.
  • Counter (CTR): Uses a counter value with the secret key for unique operation per block.
  • Other modes such as CFB (Cipher Feedback), OFB (Output Feedback), PCBC (Propagating Cipher Block Chaining) exist.
• Error Propagation: Describes how errors in plaintext or ciphertext affect the output
  • In CBC, an error in one block affects succeeding blocks in the decryption process, but not preceding blocks. 
• Message Authentication Code (MAC): A small fixed-size block of data that authenticates the data and ensures integrity from the sender perspective, using a shared secret key.
• Confidentiality and Authenticity/Integrity: Differences between assuring a message's secrecy vs. integrity/the origin. Encryption assures confidentiality, but a Message Authentication Code (MAC) is also needed to assure message integrity/origin. 
• Authenticated Encryption: Combines encryption and authentication into one step, protecting against unauthorized modifications to a message in addition to its confidentiality.
• Encrypt-then-MAC: A standard method for achieving authentication and confidentiality of data.
• Lab: working with DES/AES: A lab task for using block ciphers such as DES or AES, and understanding their limitations in real-world scenarios.