Cryptography

Question 1

Explain the Caesar Cipher & Shift Cipher and why they are different?

Answer 1

Caesar Cipher is a special case of the shift cipher, because it uses a usual number as a the k for its shifting of letter which is usually 3, whereas shift cipher can use any arbitrary number. Both ciphers shift the words from the alphabet e.g. A->D if shift = 3

Question 2

Why is the affine cipher considered stronger than a basic shift cipher?

Answer 2

The affine cipher is considered stronger than the shift cipher because it adds an extra level of complexity which is to add multiplication and addition mod 26 increasing the key space.

Question 3

How does modular arithmetic help define ciphers like caesar and affine?

Answer 3

It helps by wrapping values around the alphabet using remainders, allowing letter positions to “loop” from Z back to A, this is what makes substitution reversible.

Question 4

What does it mean for 2 numbers to be congruent mod n?

Answer 4

Two numbers a and b are congruent mod n if n divides their difference: a = b mod n if and only if n divides a-b

Question 5

When does a number have a multiplicative inverse mod n?

Answer 5

When it is comprime with n, i.e. gcd(a,n) = 1 for example 3 has an inverse mod 7 which is 5 but 2 has no inverse mod 4

Question 6

Why is frequency analysis and brute force effective against classical substitution ciphers?

Answer 6

Because frequency analysis allow us to see the most frequent letters. If a cipher text uses a simple substitution common letters like ‘E’ or ‘T’ still appear more often, also with brute force because they have very small key space we can try all possible values.

Question 7

Explain a stream cipher and why XOR (mod 2 addition) allow both encryption and decryption in a stream cipher?

Answer 7

A stream cipher encrypt one bit at a time, using a keystream that is XORed with the plaintext and we use XOR for both encryption and decryption because XOR is reversible.e

Question 8

What is perfect secrecy in cryptography?

Answer 8

A system has perfect secrecy if the ciphertext reveals no information about the plaintext - even with infinite computing power. The OTP achieves this

Question 9

Why is the one-time pad not used in practice?

Answer 9

Because it requires a truly random key that is as long as the message, shared securly and never reused, which makes OTP impractical for most real-world systems.

Question 10

What happens if you reuse a key in a stream cipher like OTP?

Answer 10

It completely breaks the encryption because if you XOR two ciphertexts with the same key it removes the key and exposes relationships between plaintexts, attackers can recover both

Question 11

What is a CSPRNG and how does it differ from a regular PRNG?

Answer 11

A CSPRNGs produces an output that is unpredictable, even if some output is known because of secure key and keystream generation, a regular PRNG like rand in C only needs to look random statistically and also public seed and guessable that.

Question 12

Why are nonces important in modern stream ciphers?

Answer 12

They ensure a unique keystream even if the key is reused. This prevents keystream reuse attacks and enables safe encryption of multiple messages under the same key.

Question 13

How can a modern stream cipher safely generate a long keystream from a short key?

Answer 13

By using a CSPRNG seeded with the key + a unique nonce, which generates a pseudorandom keystream on demand.

Question 14

What is crib dragging, and when is it possible?

Answer 14

Crib dragging is an attack on reused keystreams, where the attacker guesses parts of one plaintext and uses XOR to recover parts of the other message.

Question 15

What do modern stream ciphers use to generate a keystream?

Answer 15

They use a CSPRNG seeded with a secret key and usually a nonce, to produce a long pseudorandom keystream for XOR encryption

Question 16

What is an LFSR and why is it insecure on its own?

Answer 16

An LFSR is a Linear-Feedback Shift Register which means its a register of bits that shifts with each clock tick just like a flip-flop, alone its insecure because its internal state can be reconstructed if enough output is known because it uses a trivial linear function.

Question 17

How does Trivium improve on basic LFSRs? and what’s one problem that it has?

Answer 17

Trivium improves on basic LFSRs by combining three LFSRs with non-linear feedback, using AND and XOR gates, rather than just XOR like traditional LFSRs. This non-linearity makes it more resistant to reverse engineering and statistical attacks. It’s problem is that it’s a synchronous stream cipher which means there’s no way to jump anywhere in a file system using this strategy since the keystream bits depend on each other.

Question 18

What are the key operations used in ChaCha20?

Answer 18

Add, XOR and Rotate bits - these are efficient and help mix input securely without complex structures like s-boxes.

Question 19

How does ChaCha20 generate a keystream?

Answer 19

It initialises a 512 bit matrix with a key, nonce and constants then applies 20 rounds of transformations to mix the state and produce a secure keystream.

Question 20

What’s the issues with ChaCha20 and Trivium?

Answer 20

They do not provide integrity! meaning if a ciphertext is flipped, the decrypted plaintext bit flips too and there’s no way to detect tampering.

Question 21

How can we ensure integrity when using a stream cipher?

Answer 21

Use a MAC (Message Authentication Code) alongside the stream cipher to verify the message hasn’t been tampered with (modified)

Question 22

What is a block cipher and how is it different from a stream cipher?

Answer 22

A block cipher encrypts a fixed-sized blocks e.g. 64 or 128 bits, whereas stream ciphers encrypt one bit at a time, using a keystream.

Question 23

What is a pseudorandom permutation

Answer 23

A PRP is a function that looks indistinguishable from a random permutation to someone without the key. It’s reversible

Question 24

What are shannons principle of confusion and diffusion

Answer 24

Confusion hides the relationship between the key and the cipher text (substitution) making it seem like random noise and diffusion spreads the influence of each input bit across many output bits (permutation)

Question 25

What is a feistel network, why is it useful

Answer 25

A feistel network is a cryptographic structure which splits a block into L and R halves, applies a function to one half and XORs it with the other half, it allows for secure encryption/decryption even with non-invertible functions.

Question 25

What is the basic round function in DES?

Answer 25

Permutation to 48 bits (expand R) -> XOR with subkey -> pass through 8 S-boxes -> compress to 32 bits -> permute XOR with L

Question 26

How do S-Boxes add confusion in DES?

Answer 26

Because it has 8 boxes and each maps 6 inputs to 4 output in a non-linear way, they're carefully designed to avoid patterns and predictability.

Question 27

Why is DES Considered insecure today?

Answer 27

The 56-bit key is too small, it can be brute-forced with modern hardware.

Question 28

What is the avalanche effect?

Answer 28

It's the property of where a small change in input e.g. flipping 1 bit, causes many output bits to change increasing security.

Question 29

What does the DES key schedule do?

Answer 29

It generates 16 subkeys from the main 56-bit key using permutations and left rotations. Each round uses a different 48-bit subkey derived via PC-1 and PC-2 tables.

Question 30

Why is DES vulnerable to brute-force attacks?

Answer 30

DES is vulnerable to brute-force attacks because it's key size is too small for modern hardware

Question 31

What is double encryption? and does it double the key strength?

Answer 31

Using 2x the encryption of DES would in theory be good since it would increase to 2^112 but the meet in the middle attack reduces it to 2^57 which is only slightly better than brute force but since it nowadays take a day or two it would just take another day or two.

Question 32

What is the meet-in-the-middle attack and what does it target?

Answer 32

It targets double encryption by storing all encryptions of plaintext and decryption of ciphertext to find a matching intermediate value, reducing the key space from 2^112 to 2^57.

Question 33

How does 3DES improve security over DES

Answer 33

It applies DES three times, with different keys, making brute-force and MITM attacks significantly harder, still used in legacy systems

Question 34

What is differential cryptanalysis?

Answer 34

a chosen-plaintext attack that analyses how specific input differences lead to output differences helping recover key bits to exploiting patterns.

Question 35

How does DES protect against differential cryptanalysis

Answer 35

DES uses specially designed S-boxes with low-probability differentials and 16 rounds to spread differences unpredictably

Question 36

In modern cryptography what does it mean to say a cipher is "broken"?

Answer 36

If any attack is faster than brute force it is considered broken, even if not practical in the real world

Question 37

What’s the difference between a prime field and an extension field?

Answer 37

Prime field (GF(p)): elements are integers Extension field (GF(p^m)): elements are polynomials of degree less than m, with coefficients in GF(p).

Question 38

How is addition done in GF(2^m)?

Answer 38

A: It’s just XOR of the coefficients. There’s no carry, and addition = subtraction. For example, (x^2 + 1) + (x^2 + x) = x

Question 39

How do you multiply in GF(2^m)?

Answer 39

Multiply the polynomials normally, then reduce the result modulo an irreducible polynomial of degree m. This keeps the result inside the field.

Question 40

How do you find a multiplicative inverse in GF(2^m)?

Answer 40

Use the Extended Euclidean Algorithm, just like in integer modular arithmetic, but with polynomials instead of numbers.

Question 41

What is the binary representation of the polynomial: x^4 +x + 1

Answer 41

Start from the highest power and fill in 1s for terms that are present, 0s for those that are not. so: x^4 = 1, x^3 = 0, x^ 2 = 0, x^1 = 1, x^0 = 1 (since x^0 is just 1) so final -> 10011

Question 42

In GF(2³), reduce: x^4 + x^3 + x^2 using modulus x^3 + x + 1

Answer 42

1

Question 43

What is AES and what algorithm is based on?

Answer 43

AES stands for Advanced Encryption Standard, block cipher that is a SP network.

Question 44

What are the 3 main operations in one AES round?

Answer 44

1. SubBytes - byte substitution using a precomputed S-Box 2. ShiftRows - shift rows of the state matrix 3. MixColumns - mixes bytes within each column

Question 45

How does AES S-Box achieve confusion

Answer 45

S-box achieves confusion through applying a multiplicative inverse, then an affine transformation producing a non-linear invertible substitution with no fixed points.

Question 46

How does AES achieve diffusion?

Answer 46

ShiftRows moves bytes across rows breaking up byte alignment MixColumns combines bytes within each column using matrix multiplication in GF(2^8) so each output depends on multiple input bytes.

Question 47

What is the AES Key Schedule?

Answer 47

It expands the input key into a set of round keys using rotations, S-box lookups and XORs, each AES round uses a different 128-bit round key derived from the original key.

Question 48

Why is AES considered hard to implement securely?

Answer 48

Because operations must avoid timing leaks, Lookup tables like s-boxes and conditional branches can leak information unless implemented in constant time. AES-NI (hardware support) helps mitigate this.

Question 49

What is a weakness of ECB mode?

Answer 49

ECB encrypts each block independently, so identical plaintext blocks produce indetical ciphertext block which reveals patterns in the data, making it insecure.

Question 50

How does CBC mode work? and what is an IV?

Answer 50

CBC (Cipher Block Chaining) XORs each plaintext with the previous ciphertext bock before encryption, the first block is XORed with an IV (initialisation vector) to prevent predictable outputs.

Question 51

What is a padding oracle attack?

Answer 51

It's an attack on CBC mode where an attacker uses responses from a system e.g. error messages to guess padding correctness, by manipulating ciphertext blocks and observing whether padding is accepted, they can recover plaintext bytes.

Question 52

How does CTR mode turn a block cipher into a stream cipher

Answer 52

CTR mode encryptes a nonce + conuter value for each block and XORs it with the plaintext, it produces a unique keystream for each block allowing for parallel encryption and avoiding ECB issues.

Question 53

What is a probabilistic encryption and which modes use it?

Answer 53

Probabilistic encryption adds randomness (like a unique IV or nonce) so the same plaintext results in different cipher texts. CBC with random IV and CTR with nonce are probabilistic. ECB is deterministic.

Question 54

What is a GCM? and why is it important?

Answer 54

A Galois Counter Mode is based on cTR that also provides authentication. It adds an authentication tag using operations in GF(2^128) ensuring confidentiality and integrity. It's widely used in TLS 1.3 and other protocols.

Question 55

What is square-and-multiply, and why is it used in RSA?

Answer 55

It's a fast method to compute large exponents like m^d mod n efficiently.

Question 56

What is RSA based on, and what’s the key idea behind its security?

Answer 56

RSA is based on the Integer Factorisation problem, it's easy to multiply large primes p and q, but hard to factor their product n pq, without knowing p and q it's hard to compute ϕ(n) and therefore hard to get the private key.

Question 57

What is Euler’s Totient Function ϕ(n), and how is it used in RSA?

Answer 57

ϕ(n) is the number of integers from 1 to n-1 that are coprime with n. If n = p * q then ϕ(n) = (p-1) (q-1) It's used in RSA to calculate the private key exponent d such that d*e = 1 mod ϕ(n) so the multiplicative inverse.

Question 58

What does the Extended Euclidean Algorithm give you that the normal one doesn’t?

Answer 58

It gives you integer x and y such that ax+ny = gcd(a,n) if the result is 1, then x is the modular inverse of a mod n.

Question 59

What is a generator in a cyclic group, and why is it important for DH?

Answer 59

A generator (primitive root) is an element that produces every other element in the group when raised to successive powers. Using a generator of maximum order ensures the full strength and randomness of the key space in Diffie-Hellman.

Question 60

What problem is Diffie-Hellman based on, and why is it secure?

Answer 60

It’s based on the Discrete Logarithm Problem: given 𝑔^a mod 𝑝 , it's hard to compute 𝑎 a without knowing the exponent. This is what keeps the shared secret safe even when public values 𝑔 𝑎 g^a and 𝑔 𝑏 g^b are visible.

Question 61

What do Alice and Bob each do in the Diffie-Hellman key exchange?

Answer 61

Agree on public values 𝑝 (a large prime) and g (a generator) Alice chooses secret 𝑎, sends 𝐴 = 𝑔^𝑎 mod 𝑝 A=g^a mod p Bob chooses secret 𝑏, sends 𝐵 = 𝑔^𝑏 mod 𝑝 B=g^b mod p Both compute shared secret: and get the same shared secret.

Question 62

What is a safe prime, and why is it used in DH?

Answer 62

A safe prime is a prime 𝑝 p such that ( 𝑝 − 1 ) / 2 is also prime. It ensures that the subgroup used for key exchange has no small factors, which protects against attacks like Pohlig-Hellman.

Question 63

Why can’t an attacker compute the shared key in DH, even if they know g, 𝐴, 𝐵, and 𝑝?

Answer 63

Because they would need to solve the discrete log problem to recover 𝑎 or 𝑏, which is computationally infeasible for large enough primes (e.g. 2048 bits).

Question 64

What is an elliptic curve in cryptography?

Answer 64

It's the set of points (x,y) satisfying the equation: y^2 = x^3 + ax + b mod p where a and b are constants (coefficients) and p is a prime. Points on this curve together with the point of infinity, form a group under an operation called point addition.

Question 65

How do you add two points 𝑃 and Q on an elliptic curve?

Answer 65

Draw a line through 𝑃 and Q, find the third intersection point on the curve, then reflect it across the x-axis. The result is 𝑃 + 𝑄. Algebraically, the slope and coordinates are computed using specific formulas (given in the exam).

Question 66

What is point doubling on an elliptic curve?

Answer 66

It's when you add a point to itself (P+P) instead of drawing a line through two points, you use the tangent line of P, find its intersection then reflect the result.

Question 67

What is the point of infinity? why is it important?

Answer 67

The point of infinity is a neutral element of the elliptic curve group. Adding it to any point returns that point. It appears when adding a point to its inverse, and it doesn’t have coordinates.

Question 68

What is the elliptic curve discrete logarithm problem (ECDLP)?

Answer 68

Given a base point 𝑃 and a multiple 𝑄= aP , the ECDLP asks: What is 𝑎? This problem is believed to be hard and forms the basis of elliptic curve cryptography (e.g. ECC Diffie-Hellman).

Question 69

Why are elliptic curves used in cryptography?

Answer 69

ECC provides equivalent security to RSA or DH but with smaller key sizes, faster computation, and resistance to known attacks (like index calculus). That makes it ideal for modern applications like mobile messaging and TLS.

Question 70

What is the general equation of an elliptic curve over a finite field?

Answer 70

y^2 = x^3 + ax + b mod p

Question 71

What is scalar multiplication in ECC?

Answer 71

It's the repetition of addition of a point, e.g. P + P + P + P... (a times)

Question 72

Why is the Elliptic Curve Discrete Logarithm Problem (ECDLP) hard?

Answer 72

Because index calculus doesn't work on ECs so there's no known efficient way to reverse Q = aP to find a.

Question 73

What are the steps of the double-and-add algorithm?

Answer 73

Convert scalar to binary → process bits: 1. Always (double the current result) on each step 2. If bit is 1 then add to it another P

Question 74

How does ECDH (Elliptic Curve Diffie-Hellman) key exchange work?

Answer 74

Alice sends A = aG Bob sends B = bG Shared secret = S = abG

Question 75

What is point compression?

Answer 75

Instead of sending full (x,y) send just x+1 bit to recover y (since curve is symmetric).

Question 76

Why shouldn't you generate your own curve parameters?

Answer 76

Because it's not secure, since you might introduce weak subgroups or structure. Always use standard curves.

Question 77

How does signing work in RSA?

Answer 77

Signing: s = m^d mod n Verify: m = s^e mod n

Question 78

Why is “non-repudiation” not possible with symmetric MACs?

Answer 78

Because both parties share the key, so either could have created the signature.

Question 79

What is an existential forgery?

Answer 79

An attacker creates any valid message-signature pair, even if the message is meaningless.

Question 80

What is RSA malleability and why is it bad?

Answer 80

Multiplying signed messages/signatures gives a new valid one so attacker can manipulate signatures algebraically.

Question 81

What is a selective forgery?

Answer 81

The attacker picks a specific message m in advance and successfully produces a valid signature for it

Question 82

What is a universal forgery?

Answer 82

The attacker can generate valid signatures for any message equivalent to having the private key.

Question 83

What is "hash-then-sign" and why is it important?

Answer 83

it means sign the hash of the message, not the raw message, prevent small-messages attacks, and enables long messages.

Question 84

Why do we need padding schemes in RSA signatures?

Answer 84

To: 1. Prevent existential forgeries 2. Prevent malleability 3. Enforce structure in the signed message.

Question 85

What is PKCS#1 v1.5?

Answer 85

A deterministic RSA padding scheme

Question 86

What is PSS and how is it better than PKCS#1 v1.5?

Answer 86

It's a Probabilistic Signature Scheme, it adds random salt and so it produces different signatures on the same message which is more secure.

Question 87

What is ElGamal based on?

Answer 87

Elgamal is based on the Discrete Algorithm Problem

Question 88

Why is elgamal probabilistic?

Answer 88

Because it uses a random y to encrypt each time -> produces different ciphertexts for the same message.

Question 89

What are the 2 components of an Elgamal Signature?

Answer 89

A private and public key.

Question 90

What properties makes elgamal signatures malleable?

Answer 90

Given (r,s), you can modify s to generate another valid signature for the same message.

Question 91

What are the 3 basic properties of hash functions?

Answer 91

1. Any input length 2. Fixed output length 3. Fast to compute

Question 92

What are the 3 cryptographic properties of hash functions?

Answer 92

1. Preimage resistance 2. Second Preimage resistance 3. Collision Resistance

Question 93

What is preimage resistance?

Answer 93

Given H(x), it's infeasible to find x

Question 94

What is second preimage resistance?

Answer 94

Given x1 is infeasible to find x2 != x1 s.t H(x1) = H(x2)

Question 95

What is collision resistance?

Answer 95

It's hard fo find any two values x1,x2 with teh same hash.

Question 96

Why is the Birthday Paradox relevant to hash collisions?

Answer 96

Collisions can occur after about 2^n/2 tries for an n-bit hash same for the birthday paradox

Question 97

What does Avalanche Effect mean in Hash Functions? and why is it good?

Answer 97

It means changing 1 input bit changes in average 50% of output bits, critical for hiding patterns.

Question 98

What does a Merkle-Damgard Construction do?

Answer 98

hashes data block-by-block using the output of each round as input for the next.

Question 99

What do Message Authentication Codes (MACs) provide?

Answer 99

MACs provide integrity and authenticity, but not confidentiality.

Question 100

What is a length extension attack?

Answer 100

In Merkle-Damgard hashes, attacker can append data to the final hashed message and compute H(k|m|x) without knowing k

Question 101

How does HMAC prevent length extension attack?

Answer 101

By hashing the key twice with fixed inner and outer pads - stops internal state reuse.

Question 102

What does AEAD stand fo? and what does it do?

Answer 102

Authenticated Encryption with associated data - combines encryption + MAC in one mode (e.g AES-GCM)

Question 103

What does TLS do?

Answer 103

Provides confidential, authenticated communication over a network (e.g. https)

Question 104

What are the 2 main layers in TLS?

Answer 104

1. Record layer (encryption and sending messages) 2. The handshale Layer (key change + authentication)

Question 105

What is the purpose of the TLS handshake

Answer 105

1. Server Authentication 2. Exchange Keys 3. Establish Session securely.

Question 106

What is a digital certificate used for?

Answer 106

Digital certificates are used to verify the identity of the server by binding their public key to a certificate which is signed by a Certificate Authority (CA).

Question 107

What is a chain of trust?

Answer 107

A sequence of certificates, ending in a trusted root CA on your device.