Encryption Fundamentals

Questions and Answers

What does encryption do to plaintexts?

Conceals them without any keys

Transforms them into ciphertexts using a key (correct)

Keeps them unchanged for secure transmission

Transforms them into vulnerably readable forms

What type of encryption uses the same key for both encryption and decryption?

Asymmetric encryption

Hashing

Symmetric encryption (correct)

Public key encryption

In the equation c ← E(k, p), what does 'c' represent?

The plaintext before encryption

The resulting ciphertext after encryption (correct)

The key used for encryption

The decryption process

What is true about decryption in this context?

Decryption is deterministic

What is the main concern for Alice when sending a message to Bob?

Securing the message against an attacker

Which aspect of security does encryption specifically address?

The confidentiality of messages

Why is encryption typically randomized?

To provide additional security against pattern attacks

What role does the key play in encryption?

It allows the transformation of plaintext into ciphertext

What is the approximate probability of sampling either 00000000 or 10011101 from a byte?

0.0078

Which of the following methods can be used to test random inputs?

Check the number of 1s and 0s

What is a major issue with relying solely on statistical tests for cryptographic security?

Statistical tests can be misleading.

Where is the Pseudorandom Generator (PRG) accessible in Linux systems?

/dev/urandom

Why must system calls related to PRG be handled with caution?

They can fail silently.

What is a key requirement for symmetric encryption regarding keys and messages?

Keys must have the same size as the messages.

What principle opposes the idea of keeping encryption systems secret?

Kerckhoffs’s Principle

Why is keeping encryption method details secret considered a poor strategy?

It prevents scrutiny and improvement of the method.

What does Kerckhoffs’s Principle suggest about public knowledge of cryptographic systems?

It encourages better designs due to scrutiny.

What is a critical warning advised regarding personal cryptographic systems?

Never use your own crypto due to high risk of mistakes.

What is the principle behind utilizing public knowledge in cryptography?

It fosters collaborative security and peer review.

What misconception might lead an individual to believe in the security of a poorly designed encryption system?

That public exposure will weaken security.

Which statement reflects the essence of Kerckhoffs’s Principle?

The key itself is the only secret in a cryptosystem.

What is the primary method for generating keys in symmetric cryptography?

Derived using a Key Derivation Function

Why are asymmetric keys typically much larger than symmetric keys?

They need to provide the same level of security with fewer bits

What is the purpose of key wrapping in cryptography?

To encrypt long-term keys before storage

What type of hardware is ideal for storing cryptographic keys securely?

Hardware Security Modules (HSMs)

Which statement about key generation in asymmetric cryptography is true?

A private key holder generates both keys and only publishes the public key

What is often considered the most sensitive material a secure system holds?

Keys

Which of the following methods provides high security for key storage?

Wrap keys with a HW-protected master key

What is a characteristic of RSA keys used in asymmetric cryptography?

Take roughly 4096-bits for 128-bit security

What is a common size for keys in cryptographic systems?

128 bits

What is the estimated age of the universe in nanoseconds?

Around 288

What does n-bit security imply regarding the strength of a key?

It cannot provide more than n-bit security.

What is the best attack to break a scheme with n-bits of security?

2n steps

When considering security measures, what does a brute-force attack do?

Attempts every possible key until the correct one is found.

Why cannot l-bit keys provide more than n-bit security?

n-bit keys limit the maximum security achievable.

Which event is less likely to occur based on the content provided?

Guessing a 2128 size key at the first try.

What represents a significant challenge in perceiving very large numbers?

They are not easy to visualize or comprehend.

What is a defining characteristic of block ciphers?

They output ciphertext blocks of a fixed size.

What process does 3DES employ for encryption?

It applies DES three times with three independent keys.

Which component of AES is responsible for rearranging the rows of the state array?

ShiftRows

What is the main security reason for using the SubBytes transformation in AES?

To provide resistance to linear cryptanalysis.

What is a common issue when using block ciphers to encrypt messages directly?

The blocks may be vulnerable to message reordering.

What was one of the criteria for selecting AES as the standard block cipher?

Performance and resistance to cryptanalysis.

In AES, what is the purpose of the MixColumns operation?

To obscure the relationship between the input and output.

What is unique about the key length options in AES?

Key lengths include 128, 192, and 256 bits.

How is the encryption process structured in AES?

Through a series of rounds with distinct transformations.

What does the term 'invertible' imply regarding block ciphers?

The decryption process can perfectly reverse the encryption.

What is the primary function of the AddRoundKey step in AES?

To modify the state based on the round key.

What does the key $ ext{k}$ represent in the encryption function $E(k, p)$?

A user-defined secret key

Which of the following best describes the output of the Encrypt function?

A ciphertext block of fixed size $B$.

What aspect of block ciphers does the term 'deterministic algorithms' refer to?

The algorithms consistently produce the same output for the same input.

Study Notes

Computer Security Foundations Week 8: Symmetric Encryption

• Symmetric encryption is a cryptographic technique where the same key is used for both encryption and decryption.
• Encryption transforms plaintexts into ciphertexts using a key.
• Decryption transforms ciphertexts back into plaintexts using the same key.
• Encryption guarantees confidentiality, but additional guarantees like authenticity and non-repudiation may be needed in real-world applications for secure systems.
• There exist many types of encryption, including symmetric, asymmetric, authenticated, homomorphic, etc.
• The presentation outlines symmetric encryption, emphasizing the concept and related algorithms.

What is Encryption?

• Encryption transforms plaintext into ciphertext using a key.
• Encryption notation: c ← E(k, p), where c is ciphertext, k is key, and p is plaintext. Encryption is typically randomized.
• Decryption notation: p ← D(k, c), where p is plaintext, k is key, and c is ciphertext. Decryption is deterministic.
• Symmetric encryption uses the same key for both encryption and decryption.

What we talk about when we talk about Security

• Alice wants to send a secure message to Bob, which must be protected against an attacker.
• The core question is, what does it mean for encryption to be "secure".
• Security requires that the attacker cannot reveal anything about the original message, considering different scenarios.

Caesar Cipher

• A simple substitution cipher.
• Uses a fixed or variable shift size as a key.
• The algorithm shifts the plaintext a fixed number of characters.

Substitution Ciphers

• A more general substitution cipher than the Caesar cipher.
• Involves changing the characters in a defined way with a defined key.
• The size of the key space is very large (26!), making brute-force attacks impractical without massive computational resources.
• Frequency letter attacks can break this type of cipher by exploiting the frequency distribution of letters in the original language.

Frequency Letter Attacks

• Frequency letter attacks exploit common letter frequencies in a language to potentially decrypt ciphertexts.
• The attacker gathers ciphertexts and counts the frequency of each letter or other characters.
• They compare that frequency to common frequencies in the plaintext. This matching process often reveals patterns to decrypt the message.
• Frequency analysis can be used in breaking ciphers.

Rotor Machines

• Machines using rotors to encrypt and decrypt messages.
• Some examples include the Hebern machine and the Enigma machine.
• Multiple rotors are used, each rotor and their permutation combination forms the main key, so the key's size is much larger than simpler substitutions.

The one-time pad

• A method of encryption considered perfectly secure (as long as the key is used only once).
• It involves applying the bitwise XOR operation between the plaintext and the randomly generated key of the same size.
• The key must be as long as the message. This is computationally inefficient.

Kerckhoffs's Principle

• The idea that security should not depend on the secrecy of the algorithm, but rather on the secrecy of the key.
• All details of a cryptosystem's operation must be public.
• The only secret is the key, promoting scrutiny and analysis by the community which reduces the number of vulnerabilities.

AES (Advanced Encryption Standard)

• A widely used block cipher.
• Standardized in 2000, replacing older standard algorithms.
• Key features include SubBytes, ShiftRows, MixColumns, AddRoundKey, which combine substitution and permutation operations to secure the cipher.
• AES uses a block size of 128 bits and varying key sizes.

Modes of Operation

• Block ciphers by themselves are insecure.
• Modes of operations are methods used to encrypt messages of varying lengths.
• In the presentation, ECB, CBC, CTR are covered.

Cipher Block Chaining (CBC)

• A more sophisticated mode, where each block is dependent on the preceding blocks, making it more secure.
• It involves an Initialization Vector.

Counter Mode (CTR)

• A very efficient mode, where the key stream can be preprocessed.
• Used in nonce based cryptography, where the counter is used to create a pseudo-random string of the same length as the message, which creates the keystream needed for encryption.

Quantifying Security

• Best attack to break a cipher with 'n' bit security, requires 2ⁿ steps in a brute-force attack.
• n-bit security means the minimum number of steps for breaking the scheme is 2ⁿ.

Good Security Values (Real-world Crypto)

• A 2¹²⁸ rule of thumb approach is considered a good benchmark.
• Designers aim for security that needs an effort proportional to the age of the universe to break.

Key Takeaways

• Encryption involves encryption and decryption algorithms which transform plain text into cipher text and vice versa.
• Classical ciphers can be subject to attacks if their keyspace is not large. The one-time pad is a theoretical exception to this.
• Modern ciphers use modes of operation which combine the block cipher primitive for encrypting messages of all lengths correctly.
• Randomness is crucial to cryptographic security.
• Proper key management prevents key recovery, and key wrapping provides another layer of protection for the keys.

Description

Test your understanding of encryption concepts, including how encryption transforms plaintexts and the type of encryption that uses the same key for both encryption and decryption. This quiz will help reinforce key ideas related to data security.