Encryption Flashcards
(16 cards)
What is a cryptosystem, and what are its key components?
A cryptosystem disguises messages so only authorized recipients can understand them. Components include plaintext (original message), encryption (plaintext to ciphertext), decryption (ciphertext to plaintext), and keys (labels for algorithms).
What is the difference between cryptography and cryptanalysis?
Cryptography is the art of creating cryptosystems. Cryptanalysis is the art of breaking them, seeing through the disguise without authorization. Cryptology studies both.
What is a keyless cipher, and give an example?
A keyless cipher uses no keys. Example: Julius Caesar’s ‘shift by n’ substitution cipher, where letters are shifted by a fixed number.
Who are recipients in a cryptosystem, and who are threats?
Recipients are authorized to see through the cipher’s disguise. Threats include eavesdroppers, opponents, and spies who are not authorized.
What techniques are used in cryptanalysis?
Analytical reasoning, mathematical tools, pattern finding, determination, luck, factoring integers, taking logarithms, and brute force searches (trying every possible key).
Why is brute force search impractical for strong cryptosystems?
Strong cryptosystems have large key spaces (e.g., DES with 2^56 keys). Brute force is slow, though faster machines threaten weaker systems like DES.
What are the properties of a strong cryptosystem?
Security relies on key secrecy, not algorithm secrecy; large keyspace; ciphertext appears random to statistical tests; resists known attacks; may be mathematically proven strong (e.g., tied to factoring integers).
What is a known plaintext attack, and how was it used historically?
Attackers know some plaintext and matching ciphertext to deduce the key. Example: WWII German Enigma exploited via predictable content (e.g., “wetter” in daily weather reports) to decipher messages.
What are cribs, and how do they aid cryptanalysis?
Cribs are stretches of probable plaintext (e.g., greetings, headers). If correct, they help deduce the key, enabling decryption of the remaining message.
What is an adaptive chosen plaintext attack?
The attacker chooses plaintexts iteratively, analyzing results from round N to select plaintext for round N+1, used in differential cryptanalysis to break product ciphers.
What is DES, and what are its strengths and weaknesses?
DES encrypts/decrypts 64-bit data with a 56-bit key, once considered strong against adaptive chosen plaintext attacks. Weaknesses: short key length, classified design, NSA backdoor. Now insecure.
How do Triple DES and AES compare to DES?
Triple DES, with 112-bit effective security (80-bit per NIST), is mostly secure and used in payments. AES (128+ bit keys) superseded DES, offering stronger security.
What are the types of crypto attacks, from hardest to easiest?
Ciphertext only (only encoded message);
known plaintext (know plaintext-ciphertext pair);
chosen plaintext (choose plaintext, get ciphertext);
chosen ciphertext (choose ciphertext, get plaintext);
adaptive chosen plaintext (iterative plaintext selection).
What is a ciphertext-only attack, and why is resistance to it important?
The attacker has only the ciphertext to deduce plaintext. Resistance to this attack is the basis of cryptographic security, as it assumes minimal information.
Why is resistance to known plaintext attacks essential?
If one known plaintext-ciphertext pair compromises the system, the entire code is insecure, as attackers can exploit standard or guessed content to break the cipher.
What is a chosen ciphertext attack, and where is it relevant?
The attacker chooses ciphertext and obtains decrypted plaintext, potentially revealing private keys in public key systems.
