Introduction to Cryptography

Questions and Answers

Which type of attack involves observing the decrypted plaintext from chosen input ciphertext?

• Side-channel attacks
• Brute-force attacks
• Chosen-ciphertext attacks (correct)
• Linear cryptanalysis

What directly influences the security of a cipher in relation to key management?

• The timing of encryption operations
• The complexity of the cryptographic algorithm
• The key size (correct)
• The implementation of the system

Which attack technique exploits the relationship between differences in input and output of a cipher?

• Brute-force attacks
• Birthday attacks
• Chosen-ciphertext attacks
• Differential cryptanalysis (correct)

What is the main principle behind birthday attacks in cryptography?

Finding collisions in hash values (A)

Which aspect is NOT a crucial part of effective key management in cryptographic systems?

Physical strength of the receiver (D)

What operation is used to combine the keystream with plaintext in stream ciphers?

XOR (B)

Which of the following best describes how block ciphers operate?

They encrypt data in fixed-size blocks independently. (A)

Which encryption method uses the same key for both encryption and decryption?

Symmetric-key cryptography (D)

What type of cryptographic attack occurs when the attacker only has standard ciphertext?

Ciphertext-only attack (B)

Which of the following is a security property unique to the Cipher Block Chaining (CBC) mode of operation?

Combines ciphertext with the next plaintext block before the next block is encrypted. (A)

What is the main function of Message Authentication Codes (MACs)?

To provide message integrity and authenticity. (C)

Which asymmetric-key cryptography example is primarily used for secure key exchange?

Diffie-Hellman (B)

What distinguishes hash functions from traditional encryption methods?

Hash functions transform an input into a fixed-size output. (D)

The hash value in bits for MD5 is _____?

128 (D)

IPSec ______ mode involves encryption from gateway to gateway?

Tunnel (A)

Chaskey is a lightweight cryptography method used for _____?

Signing messages (MAC) (B)

The minimum recommended key size to use with RC4 is _____ bits?

40 (C)

What has a block size of 64 bits and key size of 56 bits?

DES (A)

A(n) _____ is a collection of precomputed hash values of actual plaintext passwords?

Rainbow table (A)

Which encryption method allows for a variable key size up to a maximum of _____ bits?

RC4 (A)

Key sizes used with the Advanced Encryption Standard (AES) include _____?

128, 192, 256 (B)

What is a primary function of One Time Passwords (OTP)?

To allow for a unique passcode for each instance based on an initial seed (A)

Which key method is used to establish a secure connection in SSL/TLS?

Symmetric (B)

Which protocol number is assigned for the encapsulating security protocol (ESP) in IPSec?

50 (B)

What do miners receive as a reward for their mining efforts in blockchain technology?

Rewards (C)

Ethereum and Hyperledger are considered common options for implementing _____.

blockchain (C)

During which certificate management stage does validation occur?

Issued (A)

The Bifid cipher makes use of a grid to map letters into numeric values. What type of cipher is it?

substitution cipher (B)

What is the main function of an Online Certificate Status Protocol (OCSP)?

To check the validity of a certificate (D)

What is a defining characteristic of a 'Cut-and-paste' attack?

Merging parts of two different encrypted messages (A)

What is the block size for AES?

128 bits (A)

Which method allows government agents to potentially decrypt secure communication without the knowledge of the data owners?

NOBUS (nobody but us) (D)

Which block cipher mode exposes AES to a copy-and-paste attack?

ECB (A)

What is the key size for 3DES?

112 bits (A)

What key concept does the term 'gas' refer to in Ethereum applications?

The computational resources required to perform transactions (A)

During what stage of certificate management does certificate expiration occur?

Canceled (A)

The Paillier cryptosystem supports _____ encryption.

homomorphic (A)

What is the primary function of hash algorithms like SHA1 and MD5?

To establish a thumbprint or fingerprint in cryptography (A)

Which version of Elliptic Curve cryptography supports symmetric key exchange?

ECDH (D)

With NTLM, each character in a password is converted into _____.

Unicode (B)

Which of the following best describes a 'Man-in-the-middle (MITM)' attack?

Intercepting communication between two parties without detection (A)

What does the term 'exhaustive search' refer to in cryptography?

A brute force approach to decrypt ciphertext by trying every key (A)

What does a digital certificate prove in HTTPS communications?

identity of the server (A)

Which block cipher mode enables parallel processing of data blocks?

CTR (A)

In symmetric cryptography, which aspect is better suited for real-time communications than asymmetric cryptography?

relative speed (D)

PKCS #5 is a standard used for _____.

password-based encryption (C)

What initialization vector (IV) value does WPA-supported TKIP use?

48 bits (D)

El Gamal is used for _____.

both encryption and digital signing (C)

Which key should be shared or distributed to facilitate decryption in asymmetric cryptography?

Public key (C)

What is the purpose of block cipher modes in symmetric encryption?

To manage the processing of data blocks (B)

Which symmetric block cipher modes operate similarly to stream ciphers?

CFB, OFB, CTR (A)

What component do symmetric block ciphers use to perform substitution during encryption?

S-boxes (B)

What is the block size of the PRESENT cipher?

64 bits (C)

What is the key size used with Skipjack, a symmetric block cipher?

80 bits (A)

IDEA cipher has specific characteristics including a block size of 64 bits and a key size of 128 bits. Which of the following is true about it?

It has more than 17 rounds of substitution and transposition. (D)

What type of cryptography uses a key pair for encryption and decryption?

Asymmetric (B)

What is the block size used with RC5, a symmetric block cipher?

32 bits (A), 128 bits (B), 64 bits (C)

When encrypting data with symmetric cryptography, which key is typically exchanged?

Secret key (B)

What is the minimum recommended key size when employing RC2?

40 bits (B)

What is the maximum key size for the RC5 cipher?

2048 bits (D)

Which lightweight cryptography method is used for signing messages (MAC)?

Chaskey (C)

What implementation is optimized for low-power operations in embedded systems?

SIMON (A)

Which encoding scheme for x.509 certificates supports Base64 format?

PEM (C)

What type of cipher is Blowfish categorized as?

Symmetric block cipher (A)

What is the block size used with XTEA?

64 bits (B)

What is the IV length used in the WEP encryption standard?

24 bits (A)

What cryptographic method involves creating a unique passcode based on a specific time period?

TOTP (A)

What must an entity generate to obtain a digital certificate?

Certificate signing request (CSR) (B)

What defines a Mono-alphabetic substitution cipher?

Creates a single mapping from an alphabet to a cipher alphabet (B)

Which light-weight cryptographic cipher is optimized for hardware implementations?

SIMON (B)

What unique capability does homomorphic encryption provide?

Mathematical operations on ciphertext (C)

What key size is typically associated with WEP?

40 bits (B)

What type of encoding supports up to 65,536 characters?

UTF-16 (D)

What is the main feature of symmetric block ciphers?

They use the same secret key for both encryption and decryption. (D)

What is the primary risk associated with a collision in hashing?

Two different input values producing the same hash signature. (C)

Which cipher is known for being unbreakable since it uses its cipher code only once?

One-time pad (A)

Flashcards

Chosen-ciphertext attack

An attacker can choose ciphertext and observe the corresponding decrypted plaintext.

Brute-force attack

Trying every possible key until the correct one is found. The security of a cipher is directly proportional to the key size.

Birthday attack

Exploits the probability of collisions when generating a large number of hash values.

Key management

Managing the creation, distribution, storage, and use of cryptographic keys.

Side-channel attack

Attacks that target information leakage beyond the algorithm itself, like timing or power consumption.

What is cryptography?

The process of transforming readable data into an unreadable format to protect its confidentiality, integrity, and authenticity.

What is a keystream?

A random sequence of bits generated by a special algorithm inside the cipher. It's used in stream ciphers to encrypt data bit by bit.

What are block ciphers?

Ciphers that work on fixed-size blocks of data, handling each block independently, like cutting a message into pieces and locking each piece separately.

What is symmetric-key cryptography?

A method of encryption that uses the same key for both encrypting and decrypting data. Common examples include AES, DES, and Blowfish.

What is asymmetric-key cryptography?

A method of encryption that uses two separate keys: one for encryption (public) and one for decryption (private). It's often used in digital signatures and public key infrastructure. Examples include RSA and ECC.

What are Hash functions?

Specialized functions that convert data of any size into a fixed-length hash. It's used for verifying data integrity and authenticity. Examples include MD5 and SHA-256.

What are stream ciphers?

Ciphers that encrypt data bit by bit, using a keystream to create a dynamically changing code. RC4 was a popular example but has known vulnerabilities.

What is a ciphertext-only attack?

Attacks that try to break a cipher by analyzing only the encrypted data (ciphertext). This is the most challenging type of attack.

MD5 hash size

The hash value in bits for MD5 is 128.

Hashing input & output

Hashing involves taking a variable length input and producing a fixed length output (message digest).

SHA-1 hash size

The hash value in bits for SHA-1 is 160.

MD4 hash size

The hash value in bits for MD4 is 128.

IPSec Transport mode

IPSec Transport mode involves "end-to-end" encryption; i.e. data remains encrypted from the time it leaves a sender's device to the time it arrives at the receiver's device.

IPSec Tunnel mode

IPSec Tunnel mode involves encryption from gateway to gateway, i.e. just through the public network space.

Analyst visibility in IPSec

A security analyst on a local network using monitoring tools is likely to only be able to read contents of traffic encrypted using IPSec Tunnel mode.

Chaskey

Chaskey is a lightweight cryptography method for signing messages (MAC). It boasts a relatively undemanding hardware implementation (only ~3,333 gates required at 1MHz clock rate) making it suitable for IoT implementation.

Chaskey key size

Chaskey has a key size of 128 bits.

Salt in hashing

A weakness of one-way hashing is that the same piece of plaintext will result in the same ciphertext unless salt is applied.

RC4 minimum key size

The minimum recommended key size to use with RC4 is 40 bits.

RC4 key size range

RC4 is a symmetric stream cipher with a variable key size up to a max of 2048 bits.

DES characteristics

Data Encryption Standard (DES) has a block size of 64 bits, key size of 56 bits, and 16 rounds of substitution & transposition.

Rainbow table

A(n) rainbow table is a collection of precomputed hash values of actual plaintext passwords used for password cracking.

3DES characteristics

Triple Data Encryption Standard (3DES) has a block size of 64 bits, key size of 112 bits, and 48 rounds of substitution & transposition.

AES key sizes

Key sizes used with the Advanced Encryption Standard (AES) include 128, 192, or 256.

AES block size

The Advanced Encryption Standard (AES) operates using 128 bit blocks.

Skipjack key size

Skipjack is a symmetric block cipher that uses a 80 bit key.

Enocoro key & IV size

Enocoro operates with a key size of 128 bits and an initialization vector (IV) of 64 bits.

Skipjack block size

Skipjack has a block size of 64 bits.

Light-weight hashing algorithms

PHOTON, SPONGENT, Lesamnta-LW, and Quark are examples of light-weight hashing algorithms.

IDEA characteristics

IDEA has a block size of 64 bits, key size of 128 bits, and >17 rounds of substitution & transposition.

RSA characteristics

RSA is a partially homomorphic crypto system that leverages prime number characteristics, operates with a 1024-4096 bit variable key size, and 1 round.

Blowfish & Twofish

Blowfish and Twofish are both symmetric block ciphers with common key sizes of 128, 192, or 256 bits.

RC5 characteristics

RC5 is a symmetric block cipher that uses block sizes of 32, 64, or 128 bits and boasts a variable key size up to 2048 bits.

Quark hash size

Quark produces a hash value of 64 or 112 bits.

XTEA block size

The block size used with XTEA is 64 bits.

XTEA key size

The key size used with XTEA is 128 bits.

Camelia

Camelia is a symmetric block cipher.

RC6

RC6 can best be described as a symmetric block cipher.

RC2 minimum key size

RC2 has a block size of 64 bits and variable key size up to 128 bits. What is the minimum recommended key size to use when employing RC2? 40

Mickey v2 key & IV size

The light-weight symmetric steam cipher Mickey v2 operates with a key size of 80 bits and an initialization vector (IV) variable up to 80 bits.

RC4 type

RC4 is a(n) symmetric stream cipher.

CSR role

An entity seeking to obtain a digital certificate must generate and submit a certificate signing request (CSR) to a certificate authority to request the certificate.

What is the MD5 hash value size?

MD5 is a 128-bit hash algorithm, meaning it produces a 128-bit hash value.

What is the SHA-1 hash value size?

SHA-1 is a 160-bit hash algorithm, meaning it produces a 160-bit hash value.

What is IPSec Tunnel Mode?

IPSec Tunnel mode encrypts data between network gateways, leaving traffic between the end user device and the local network boundary unencrypted.

What is IPSec Transport Mode?

IPSec Transport mode encrypts data from the sender's device to the receiver's device, ensuring end-to-end security.

What is Chaskey?

Chaskey is a lightweight cryptography method designed specifically for signing messages and is suitable for resource-constrained devices like IoT devices.

What is salt in hashing?

Salt is used in hashing to make it more difficult to crack passwords by adding a random value to the input before hashing.

What is the minimum recommended key size for RC4?

The minimum recommended key size for the RC4 cipher is 40 bits.

What is the AES block size?

The Advanced Encryption Standard (AES) operates using a block size of 128 bits.

Asymmetric cryptography

Asymmetric cryptography relies on a pair of keys - one public and one private. Data encrypted with one key can only be decrypted with its corresponding pair.

Block cipher modes

Block cipher modes are techniques used in symmetric encryption to manage how data blocks are processed. They determine how the cipher handles multiple blocks.

CFB, OFB, & CTR modes

CFB, OFB, and CTR are block cipher modes designed to mimic stream ciphers. They process data in a continuous stream rather than fixed blocks.

S-boxes in ciphers

S-boxes are tables used in symmetric block ciphers for substitution. They replace specific input bits with different output bits during encryption.

PRESENT cipher

PRESENT is a lightweight symmetric block cipher that encrypts data in blocks of 64 bits. It offers a small size, making it suitable for resource-constrained devices.

Cramer-Shoup encryption

Cramer-Shoup is an enhanced public-key encryption method that incorporates one-way hashing to protect against specific attacks. It's a more secure version of El Gamal.

Homomorphic encryption

Homomorphic encryption allows computations to be performed on encrypted data without decryption. You can manipulate the ciphered data without knowing the plain text.

TOTP

TOTP stands for Timed One Time Password. It generates unique passcodes for a specific time window based on a seed and a time value. Each code is valid for a short period.

PEM encoding

PEM (Privacy Enhanced Mail) is an encoding scheme for X.509 certificates that supports Base64 and ASCII formats. This allows certificates to be easily exchanged via email.

Conventional cryptography devices

NIST categorizes servers, desktops, tablets, and smartphones under the 'conventional' device spectrum for cryptography. These devices typically have more resources for encryption.

Lightweight cryptography devices

NIST categorizes embedded systems, RFID tags, and sensor networks as 'lightweight' cryptography devices. These devices have limited power and resources.

HOTP

HOTP stands for Hashed One Time Password. It generates unique passcodes based on a counter value, a secret seed, and a hashing algorithm. Each code is valid for a single use.

SIMON cipher

SIMON is a lightweight symmetric block cipher specifically designed for hardware implementations. It offers fast and efficient encryption for resource-constrained devices.

SPECK cipher

SPECK, like SIMON, is a lightweight symmetric block cipher designed for software implementations. It offers fast performance and a small footprint for software applications.

ECC in RFID

A lightweight public key solution in RFID implementations that leverages elliptic curves and Diffie-Hellman for secure communication.

Non-Cryptographic Hash

Hash algorithms such as Buzhash, Cityhash, Spookyhash, and Bernstein focus on speed and efficiency rather than cryptographic security.

One Time Password (OTP)

One-time passwords (OTP) are generated dynamically based on an initial seed. Each time an OTP is generated, a unique code is created. This increases security by making each code valid for only one use.

IPSec Handshake Port

The IPSec handshake, a part of the secure communication process, takes place on UDP Port 500 for key exchange.

ESP Protocol Number

The Encapsulating Security Payload protocol (ESP) is used for data confidentiality and integrity in IPSec and is identified by the protocol number 50.

AH Protocol Number

The IPSec Authentication Header (AH) provides message authentication and integrity but does not encrypt the data itself. It is identified by the protocol number 51.

Symmetric Key in SSL/TLS

SSL/TLS uses a symmetric key method for establishing the secure tunnel. This allows for fast and efficient encryption of the data between the client and server. A separate signature mechanism, often utilizing a hashing method, is used for authentication and integrity.

Virtual Private Network (VPN)

A VPN tunnel allows a device on a private network to connect to a remote network over a public network, creating a secure and private communication channel.

Onion Routing

Onion routing is a technique that routes data through a series of nodes, obscuring the origin and destination of the data. Each node only knows the previous and next node in the chain.

Tor Network

The Tor network is a peer-to-peer network where volunteers act as nodes, providing a path for data transmission. This distributes the traffic, making it difficult to identify the source or destination.

Cryptography Fingerprinting

Hash algorithms like SHA-1 or MD5 create unique fingerprints (hash values) of data. This allows verifying integrity and authenticity by comparing hashes. If the data is changed, the hash will be different.

Blockchain Block Frequency

Every 10 minutes, a new block of transactions is added to the blockchain, marking a new set of transactions as complete and permanently recorded.

Blockchain in Bitcoin

The blockchain is a distributed ledger that records all Bitcoin transactions. It allows the network to track how many bitcoins each user owns.

Miners in Blockchain

Miners are responsible for verifying and adding new blocks to the blockchain. They solve complex computational puzzles to earn rewards and validate Bitcoin transactions.

Miner Rewards

Miners receive rewards for their efforts in validating and adding new blocks to the blockchain. These rewards incentivize miners to continue securing the network.

Smart Contracts

Smart contracts are self-executing programs stored on a blockchain. They automate agreements based on predefined conditions, eliminating the need for intermediaries and ensuring trust and transparency.

Gas in Ethereum

Gas refers to the unit of measurement for the computational work required to execute a single Keccak-256 hash operation within the Ethereum network.

NOBUS Backdoor

A NOBUS backdoor is a secret method that allows government agents to decrypt information, but is theoretically inaccessible to any other parties.

Entropy

A measure of unpredictability in cryptographic systems. It's crucial to ensure that the encryption process is difficult to guess.

Digital Signature

A method of encrypting data using a digital signature, which is a unique code generated using a private key. It's commonly used for secure communications and to verify the sender's identity.

PKCS #7

A standard that defines how to encrypt and decrypt data using public-key cryptography. It's used in a wide range of applications, including SSL/TLS for secured web transactions.

PKCS #5

A standard commonly used for password-based encryption. It helps to protect sensitive information stored in a password-protected format.

El Gamal

A public-key cryptographic method used for digital signatures and key exchange. It relies on the difficulty of solving the discrete logarithm problem.

ECB (Electronic Codebook)

A block cipher mode that encrypts data blocks independently, making it susceptible to attacks if the same block appears multiple times.

CTR (Counter Mode)

A block cipher mode that uses a counter to generate a unique keystream for each block, improving security and enabling parallel processing.

LM Hash

A cryptography method used for password storage in many Microsoft Windows operating systems. It's vulnerable to attacks if passwords are short and frequently used.

TSP (Time-Stamp Protocol)

A cryptography method that provides a verifiable timestamp for data entities. It's used to ensure that a document or file was created or modified at a specific time.

Substitution Cipher

A cryptographic method used to encrypt and decrypt data by substituting plaintext characters with other characters based on a pre-defined key.

IPSec

A network security protocol that provides authentication and confidentiality for data communication. It's used to secure VPNs and other networks.

What is the block size of AES?

The Advanced Encryption Standard (AES) operates using 128-bit blocks, which means it encrypts data in chunks of 128 bits.

What is the key size of Skipjack?

Skipjack is a symmetric block cipher that uses an 80-bit key for both encryption and decryption.

What are the key and IV sizes for Enocoro?

Enocoro uses a 128-bit key to scramble the data and a 64-bit initialization vector (IV) to add extra randomness to the encryption process.

What is the block size of Skipjack?

Skipjack operates on data blocks of 64 bits at a time.

What are some examples of light-weight hashing algorithms?

PHOTON, SPONGENT, Lesamnta-LW, and Quark are all examples of light-weight hashing algorithms designed for low-resource environments like IoT devices.

What are some important features of IDEA?

IDEA is a symmetric block cipher that uses a 64-bit block size, a 128-bit key, and has more than 17 rounds of complex processing to ensure strong encryption.

What are key features of RSA?

RSA is an asymmetric cryptography method that uses a 1024-4096 bit key and relies on prime number properties for its security.

What type of cipher are Blowfish and Twofish, and what key sizes do they use?

Blowfish and Twofish are both symmetric block ciphers that use a single key for both encryption and decryption. They support key sizes of 128, 192, or 256 bits.

What are some interesting features of RC5?

RC5 is a versatile symmetric block cipher that can work with blocks of 32, 64, or 128 bits. It also allows for key sizes up to 2048 bits for even greater security.

What is the hash output size of Quark?

Quark produces a hash value that can be either 64 or 112 bits long, depending on the implementation.

What is the block size of XTEA?

XTEA uses a 64-bit block size when encrypting data, dividing the message into these fixed-size chunks.

What is the key size of XTEA?

XTEA utilizes a 128-bit key for encryption; this key determines the specific transformations applied to the data.

What type of cipher is Camelia?

Camelia is a symmetric block cipher, meaning it uses the same key for encryption and decryption.

What type of cipher is RC6?

RC6 is a symmetric block cipher designed for speed and efficiency, focusing on encrypting data in blocks.

What are the key and IV sizes of Mickey v2?

Mickey v2 operates with an 80-bit key and uses an initialization vector (IV) that can be up to 80 bits long.

What type of cipher is RC4?

RC4 is a symmetric stream cipher, which means it encrypts data bit by bit using a keystream.

What is a certificate signing request (CSR)?

A certificate signing request (CSR) is a formal request from an entity to a certificate authority (CA) to issue a digital certificate.

What type of cipher is ChaCha?

ChaCha is a symmetric stream cipher, meaning it encrypts data bit by bit using a constantly changing keystream.

What type of algorithms are RSA and DSA?

RSA and DSA are both asymmetric algorithms, meaning they use two separate keys (public and private) for encryption and decryption.

What does Diffie-Hellman provide a method for?

Diffie-Hellman is a method for key exchange using a one-way function, allowing two parties to securely establish a shared secret key over an insecure channel.

What is Chaskey used for?

Chaskey is a lightweight cryptography method for signing messages, ensuring that messages are authentic and haven't been tampered with during transmission.

What key size does WEP use?

WEP uses 40-bit RC4 for encryption, which is considered weak and vulnerable to security breaches.

What must an entity do to obtain a digital certificate?

An entity needs to create a pair of keys, one public and one private, to obtain a digital certificate from a Certificate Authority.

What key size does WPA use?

WPA employs 128-bit RC4 for encryption, offering more robust security than WEP.

What encryption method does WPA2 use?

Wi-Fi Protected Access 2 (WPA2) utilizes 128-bit AES for encryption, offering the highest level of security for Wi-Fi networks.

What is Mono-alphabetic substitution?

Mono-alphabetic substitution involves creating a single mapping from the original alphabet to a cipher alphabet, where each letter has a fixed replacement.

What step does a Certificate Authority (CA) take before issuing a digital certificate?

Before issuing a digital certificate to a requester, a Certificate Authority (CA) signs the certificate with its own private key, guaranteeing the certificate's authenticity.

What is Polyalphabetic substitution?

Polyalphabetic substitution uses multiple cipher alphabets, where the mapping from the original alphabet changes depending on the position of the letter in the message.

What is the One-time pad?

The One-time pad, also known as the Vernam cipher, is a theoretically unbreakable encryption method where the key is used only once and is as long as the message itself.

What is ASCII encoding?

ASCII encoding uses 8-bit values to represent characters, allowing for up to 256 unique characters.

What happens when two different inputs produce the same hash?

A collision occurs when two different input values produce the same hash signature, potentially leading to security vulnerabilities.

What is UTF-16 encoding?

UTF-16 encoding utilizes 16-bit values to represent characters, allowing for a wider range of characters (up to 65,536) compared to ASCII.

What are the key and IV sizes of Trivium?

The light-weight symmetric stream cipher Trivium uses an 80-bit key and an 80-bit initialization vector (IV) for secure communication in devices with limited resources.

What is a hardware security module (HSM)?

A hardware security module (HSM) is a dedicated and secure hardware device that protects and manages cryptographic keys, providing a high level of security for sensitive cryptographic operations.

What is a trusted platform module (TPM)?

A trusted platform module (TPM) is a dedicated chip within a computer system that handles hardware-level encryption, providing security features like full disk encryption for greater data protection.

What is HMAC?

HMAC is a message authentication code that combines hashing with a secret key to verify the integrity and authenticity of a message, making it harder to forge or alter.

What is a Symmetric cipher?

Symmetric ciphers use the same secret key for both encryption and decryption, requiring both parties to share the key.

What does the binary XOR operation do?

The binary XOR function, denoted by the symbol ^, compares two bits at a time. If the bits are different, the result is 1; if they are the same, the result is 0.

What does the binary AND operation do?

The binary AND function, denoted by the symbol &, compares two bits at a time. If both bits are 1, the result is 1; otherwise, the result is 0.

What does the binary OR operation do?

The binary OR function, denoted by the symbol |, compares two bits at a time. If at least one of the bits is 1, the result is 1; otherwise, the result is 0.

What does the modulo operation (%) do?

The modulo operation, denoted by the symbol %, gives you the remainder when one number is divided by another.

What are the two main types of symmetric ciphers?

The two main types of symmetric ciphers are block ciphers and stream ciphers.

Study Notes

Introduction to Cryptography

• Cryptography secures communication and data by transforming it into an unreadable format.
• Key techniques encode and decode information to protect confidentiality, integrity, and authenticity.
• Fundamental components include encryption/decryption algorithms and key management for secure communication.

Keystream

• A keystream is a pseudo-random bit sequence generated by a PRNG.
• Combining keystream with plaintext (XOR) creates ciphertext.
• Decryption uses the same keystream (XOR).

Block Ciphers

• Block ciphers encrypt fixed-size plaintext blocks independently.
• Common modes: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Output Feedback (OFB), and Counter (CTR). Each mode has security properties. ECB is vulnerable to copy-and-paste attacks.
• Feistel networks use substitution-permutation networks (SPN).

Encryption Methods

• Symmetric-key cryptography: Same key for encryption/decryption. Examples: AES, DES, Blowfish, Skipjack, IDEA, RC6, Camelia, 3DES.

  • AES uses 128, 192, or 256 bit keys, operates in 128 bit blocks.

• Asymmetric-key cryptography: (Public-key cryptography) Different keys for encryption/decryption. Examples: RSA, ECC, Diffie-Hellman, Cramer-Shoup.

• Hash functions: Transform any-length input into a fixed-size hash. Crucial for message integrity. MD5 (128 bits), SHA-1 (160 bits), SHA-256 (256 bits are some examples), as well as non-cryptographic hashing solutions such as Bernstein, Buzhash, Cityhash, and Spookyhash. Quark produces 64 or 112 bit hash values. MD4 (128 bits).

• Stream ciphers: Encrypt bit-by-bit using a keystream. RC4 (40, 128 bits max key size, min 40 bits recommended), ChaCha, Trivium, Rabbit, Mickey v2, Grain are examples. AES 128, 192, or 256 bits. Considered less secure than AES for modern use cases.

• Message Authentication Codes (MACs): Generate unique codes for message integrity and authenticity. Chaskey (128-bit key), lightweight MAC.

• Key exchange: Diffie-Hellman, Elliptic Curve (Elli) are used for key exchange. Supports symmetric key establishment.

Cryptographic Attacks

• Ciphertext-only attacks: Only ciphertext.
• Known-plaintext attacks: Known plaintext-ciphertext pairs.
• Chosen-plaintext attacks: Choose plaintext, observe ciphertexts.
• Chosen-ciphertext attacks: Choose ciphertext, observe plaintexts.
• Brute-force attacks: Try all possible keys.
• Other attacks: Differential cryptanalysis, linear cryptanalysis, side-channel attacks, birthday attacks, rainbow tables (precomputed hashes of passwords).

Key Management

• Key management is critical.
• Processes for generation, distribution, storage, and key management.
• Secure key exchange protocols are employed for safe key establishment.

Security Considerations

• System security depends on strong algorithms, keys, and implementation.
• Security protocols require careful design and implementation to defend against attacks.
• Algorithm selection should match security needs.

Specific Cryptographic Algorithms

• Block Cipher Modes: CFB, OFB, CTR can make a block cipher function like a stream cipher.
• DES (Data Encryption Standard): Block size 64 bits, key size 56 bits, 16 rounds.
• 3DES (Triple DES): Block size 64 bits, key size 112 bits, 48 rounds.
• AES (Advanced Encryption Standard): 128 bit blocks, 128, 192, or 256 bit keys
• RC5: Block sizes 32, 64, or 128 bits; variable key size (up to 2048 bits).
• RC2: Block size 64 bits; variable key size up to 128 bits, minimum key size 40 bits recommended.
• Skipjack: 80 bit key, 64 bit block size
• IDEA: 64 bit block size, 128 bit key size, >17 rounds.
• PRESENT: 64 bit block size; 80 or 128 bit key size, 32 rounds.
• XTEA: 64-bit block size, 128-bit key size.
• CLEFIA: 128-bit blocks; 128, 192, or 256-bit keys.
• SIMON/SPECK: Lightweight block ciphers, optimized for hardware/software respectively.
• Rabbit: Symmetric stream cipher, 128-bit key size, 64-bit initialization vector (IV).
• Trivium: Symmetric stream cipher, 80-bit key size, 80-bit IV.

Special Algorithms

• Chaskey: Lightweight cryptography method for signing messages (MAC), ~3,333 gates at 1MHz clock rate, 128-bit key.
• HMAC: Message Authentication Code (MAC) that verifies message integrity and authenticity (Hashes message with secret key).
• IPSec transport/tunnel modes: Transport mode: end-to-end encryption; tunnel mode: encryption gateway-to-gateway.
• Hashing: Variable input length, fixed output length; uses salt to improve security against collisions (128, 160, 256 bits for e.g. MD5,SHA-1, SHA-256 respectively).
• One-Time Pad: Unbreakable, uses cipher code only once.
• Message Authentication Codes (MACs): Verify message integrity and authenticity, based on secret key and the message itself.
• Certificates (x.509): .cer, PEM, DER formats for certificates.
• Certificate Signing Request (CSR): Entity creates CSR to obtain a certificate. Authority signs with private key before issuing.
• Hash collisions: Two different inputs producing same hash.
• Initialization Vectors (IVs): Used in block cipher operations; commonly used in CFB, OFB, CTR modes.
• Homomorphic encryption: Perform mathematical operations on ciphered values.
• Key escrow: Keeps backup copies of cryptographic keys, raising privacy concerns, a backdoor condition.
• Public-key cryptography: uses a key pair for encryption and decryption; one is public, the other is private.
• Password cracking tools: Rainbow tables: collection of precomputed hashes of passwords for cracking.
• One-Time Passwords (OTPs): HOTP (hashed), TOTP (timed) methods for generating unique passcodes (used with 1-time passwords).
• WEP, WPA, WPA2: Different Wi-Fi encryption standards using varying key sizes and ciphers (RC4, AES). WEP:40 bit RC4 key, WPA: 128 bit RC4, WPA2: AES (128-bit block cipher) in their respective implementations.

Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs):

• HSMs manage cryptographic keys and provide cryptographic processing within a secure environment.
• TPMs are dedicated hardware processors handling hardware-level encryption for full disk encryption.

Data Encoding

• ASCII encoding: 8-bit values, 256 characters range.
• UTF-16 encoding: 16-bit values, 65,536 characters/range.

Standard Cipher Suites

• Various standards are available such as WEP, WPA, WPA2 with their associated symmetric algorithms, keys, and Initialization Vectors (IVs). These have been implemented for security in networking (using RC4 and AES ciphers).

Additional notes

• Conventional cryptography: used on servers, desktops & smartphones.
• Light-weight cryptography: used within embedded systems, RFID, sensor networks.
• Quantum computers: potential for breaking existing algorithms (especially RSA) due to fast multiplication circuits.
• IPSec Handshake: UDP port 500.