Cryptology Exam - October 25, 2024

Questions and Answers

What is the formula used by the Affine cipher for encryption?

• $c = jm + k$
• $c = m + k \mod n$
• $c = jm + k \mod n$ (correct)
• $c = m \cdot j + k \mod n$

How many possible key values does the Affine cipher have?

• 12
• 312 (correct)
• 26
• 104

What should the approximate key length of the Vigenère cipher be for the English language, in bits?

• 15
• 16 (correct)
• 30
• 8

What is a necessary step in breaking the normal Vigenère cipher?

Identify the substitution key used for each letter (B)

What does measuring redundancy in a language involve, specifically in written texts?

Calculating word frequency distributions (B)

How many words are estimated to exist in the English language, relevant for the Vigenère cipher's key length?

30,000 to 100,000 (D)

Why is the quality of explanations considered in grading?

Because it shows a deeper understanding (D)

What is the purpose of having a general-purpose dictionary during the exam?

To translate text without personal notes (D)

What is the average entropy measured for long sequences of English text?

1 bit/letter (B)

How does a stream cipher avoid the main drawback of one time padding?

By expanding a short secret key (C)

How is perfect secrecy mathematically defined for a cryptosystem?

H(M | C) = H(M) (A)

Why are real-world pseudo-random number generators (PRNGs) periodic?

They must be deterministic (C)

What is the size |K| of the set of all possible keys k ∈ K for a generic block cipher?

(2n)! (C)

What is the computational challenge of solving xe = c mod n compared to factoring n = pq?

They are equally hard (C)

Which parameter is NOT typically chosen when setting up RSA?

Symmetric key k (C)

What is a significant reason that makes generic block ciphers impractical?

Storage and communication costs are too high (C)

What is the value of φ(n) when n = pq where p and q are large primes?

(p - 1)(q - 1) (D)

Why is the knapsack problem considered insecure despite being NP-complete?

Constructing it from a superincreasing knapsack simplifies decryption. (D)

What distinguishes a Message Authentication Code (MAC) from a digital signature?

MAC employs a symmetric key system, while a digital signature employs an asymmetric key system. (D)

What best describes a blind signature?

A signature created without any knowledge of the message content by the signer. (C)

How does Bob obtain a document signature from Alice using the RSA blind signature process?

By dividing the signed message by k after receiving it from Alice. (B)

What is the primary difference between bit commitment and zero-knowledge schemes?

Bit commitment employs one-way functions, while zero-knowledge schemes use random commitments and challenges. (A)

What role does random challenge play in zero-knowledge proof systems?

It prevents the verifier from gaining knowledge about the secret. (A)

Why are digital signatures not considered to be zero-knowledge?

There is no random challenge or commitment in digital signatures. (D)

Flashcards

Affine cipher

A cipher that uses a key consisting of two integers (j and k) to encrypt a message. It encrypts each letter in a message by multiplying it by the first key (j) and adding the second key (k) modulo 26.

Vigenere cipher key length

The key length of a Vigenere cipher should be the length of a common English word. This range is typically considered to be between 30,000 and 100,000 words, representing approximately 15-16 bits of information.

Breaking Vigenere Cipher

Breaking Vigenere involves finding the key length and then identifying the individual Caesar shifts used for each letter position. This is done by analyzing repeating patterns in the ciphertext and calculating the greatest common divisor (GCD) of their distances. Once the key length is found, you can identify the individual Caesar shifts by looking at the letter frequencies in each block corresponding to each letter of the key.

Language redundancy

Redundancy in a language is the amount of information that can be removed from a written text without losing its meaning. It's measured by comparing the actual length of the written text to the amount of information it actually carries.

ASCII representation

A system for representing characters using numerical values. In English, this system makes use of 7-bit codes for each character, but it is known to be inefficient due to redundancies.

Stream cipher

A type of cipher that operates on single characters or a group of characters at a time, transforming them into a ciphertext. It relies on a predetermined key and algorithm to encrypt and decrypt the message using a specific mathematical operation or sequence.

Random number generation (RNG)

The process of generating pseudo-random sequences used in cryptography. This involves creating sequences that appear random but are actually generated using a deterministic algorithm and a seed value.

Nonce

A method used in cryptography to create nonces, which are random, unpredictable values used to protect security against certain attacks. They are usually used one time only. One-time pad (OTP) is an example.

Entropy of English Text

The average entropy of English text is approximately 1 bit per letter. Entropy is a measure of randomness or uncertainty in a system.

Stream Cipher vs. One-Time Pad

Stream ciphers address the drawback of one-time pad (OTP) by using a short secret key to generate a longer keystream. This allows secure transmission without needing a key as long as the message itself.

Perfect Secrecy

A cryptosystem has perfect secrecy if the conditional entropy of the plaintext given the ciphertext is equal to the entropy of the plaintext. This means that the ciphertext reveals no information about the plaintext.

Periodicity of PRNGs

Real-world pseudo-random number generators (PRNGs) generate sequences that are periodic due to the deterministic nature of their algorithms and the finite size of their internal state. This means the sequences eventually repeat.

Complexity of Generic Block Ciphers

In a generic block cipher, the number of possible keys is determined by the factorial of 2 raised to the power of the block size (n). This number grows exponentially with the block size, making generic block ciphers impractical due to the immense number of possible keys.

RSA Complexity: Encryption vs. Factoring

Solving for x in the RSA encryption equation (xe = c mod n) is computationally equivalent to factoring the modulus (n = pq). This is because the Chinese Remainder Theorem can be used to transform these problems into equivalent forms.

RSA Parameters: p, q, n, e, d

The RSA parameters are chosen as follows:

1. p, q: Large prime numbers, preferably with similar bit lengths.
2. n: The product of p and q, called the modulus.
3. e: The public key exponent, chosen as an odd number greater than 1 and relatively prime to the totient of n (φ(n)).
4. d: The private key exponent, calculated as the modular multiplicative inverse of e modulo φ(n).

Diffie-Hellman Key Exchange

The Diffie-Hellman key exchange is a protocol for establishing a shared secret key between two parties over an insecure channel. The protocol relies on modular exponentiation and the difficulty of the discrete logarithm problem.

One-time pad

A method for encrypting messages where the key is a string of random bits of the same length as the message, used only once and then discarded.

Symmetric-key cryptography

A cryptographic system where the same key is used for both encryption and decryption.

Asymmetric-key cryptography

A cryptographic system that uses separate keys for encryption and decryption.

Blind signature

A digital signature that is created for a message whose content is hidden from the signer.

Zero-knowledge proof

A technique for proving knowledge of a secret without revealing it.

Secret sharing

A method for securely storing a secret by dividing it into multiple parts, each of which is given to a different party.

Pseudo-random number generation

A process used to generate sequences of numbers that appear random but are actually generated using a deterministic algorithm.

Zero-knowledge proof of ownership

A way to prove ownership of a digital asset without revealing the asset itself.

Study Notes

Cryptology Exam - October 25, 2024

• Permitted Equipment: General-purpose dictionaries for English translations (no personal notes, formulas, or external help)

• Solutions: Posted on Lisam after the exam

• Grading: Minimum points for grades 3, 4, and 5 are 13, 19, and 27, respectively, out of a total of 39 points. Numeric grades are converted to ECTS grades.

• Examiner Visit: Examiner will answer questions in exam rooms around 3 PM.

• Other Information: Answers can be in English. Explanation quality affects grading. Keep answers concise.

Question 1: Principles and History

• (a) Affine Cipher: An encryption method using a modular arithmetic formula (c = jm + k (mod n)). Has 312 possible key values.

• (b) Vigenère Cipher Key Length: Should be the length of an English word (approximately 15-16 bits, depending on source data).

• (c) Breaking Vigenère: The method involves finding the keyword length using greatest common divisor (GCD) of distances between repeated characters. This then reveals the Caesar cipher used for each letter, determined via single-character statistics for each substitution to deduce the key.

Question 2: Foundations and Basic Theory, Stream Ciphers, RNGs

• (a) Language Redundancy: Measured as average entropy per letter in long sequences (approximately 1 bit/letter).

• (b) Stream Cipher Drawback: OTP (one time pad) drawbacks are avoided in stream ciphers by expanding a short secret key using a public key expansion process (reducing secure-channel transmission length).

• (c) Perfect Secrecy: Defined mathematically as H(M|C) = H(M) where M is plaintext and C is ciphertext.

Question 3: Block Ciphers

• (a) Block Cipher Key Size: (2ⁿ)! is the extremely large number of permutations, which is impractical for generic block ciphers.

Question 4: Public Key Principles, One-Way Functions, RSA & Knapsack, Diffie-Hellman, ElGamal

• (a) Computational Hardness Comparison: Factoring n = pq and computing x^e = c (mod n) are equally hard problems, proven using the Chinese Remainder Theorem.

• (b) RSA Parameters: Chosen as prime numbers p and q (n= pq), $φ(n) = (p-1)(q-1)$, prime e such that gcd(e, φ(n)) = 1 and d such that ed≡ 1 (mod $φ(n)$).

• (c) Knapsack Problem: The knapsack problem is NP-complete but becomes significantly easier if a superincreasing one maps to superincreasing knapsack.

Question 5: Message Authentication and Digital Signatures

• (a) MAC vs. Digital Signature: Message Authentication Code (MAC) uses symmetric cryptography, while digital signatures use asymmetric cryptography.

• (b) Blind Signature: A signature created for a message with unknown content, shielding the message's content from the signature creator.

Question 6: Bit Commitment, Zero Knowledge, Secret Sharing, Games over the Phone

• (a) Bit Commitment vs. Zero Knowledge: Bit commitment uses one-way functions; zero-knowledge schemes use random commitment and random challenges.
• (b) Coin Tossing/Poker: Bit commitment ensures a fair game.
• (c) Digital Signatures and Zero Knowledge: Digital signatures lack random challenges and commitment features, thus not a zero-knowledge scheme.

Question 7: Post-Quantum Cryptography

• (a) Post-Quantum Cryptography: Cryptosystems based on lattice problems to avoid quantum computer attacks are called post-quantum.RSA is not post-quantum because factoring is vulnerable to quantum algorithms

• (b) SIS Acronym: Short Integer Solution.

• (c) SIS Hash Function Definition (missing): Not Provided.

Question 8 (Page 5): LWE and McEliece

• (a) Security Sources: Both depend on decoding general linear codes. McEliece relies heavily on the code family selection; LWE on the other hand, employs randomness in the code selection.

Description

Prepare for your upcoming Cryptology exam with this focused quiz covering key concepts like the Affine and Vigenère ciphers. Understand the principles and history behind these encryption methods to excel in your exam. Good luck!