Intro to Cryptography Flashcards
(80 cards)
1
Q
Hash Function
A
A function that given a byte-stream (file) input will output a fixed length n-bit number called the hash. The input can be any digital file.
2
Q
Is the hash number for each file unique
A
No, but its extremely unlikely that two different files will return the same hash. This is called a collision.
3
Q
Hashing is important for
A
File security, Data Transfer Integrity, Digital Signatures.
4
Q
Security in Hash Functions
A
Preimage resistance: Hard to go back from output to input
Second preimage resistance: Hard to fake a different input that gives the same output
Collision resistance: Hard to find any two inputs that give the same output
5
Q
SHA-256
A
most popular hash function. Hashing is one-way, you cannot derive the original document from the hash number. With SHA256 the probability of having two different files with the same output is 1/(2^256)
6
Q
Uses of Hash Functions
A
- Data communications, encryption and security
- The hash number of a secret document can be made public because there is no way to get the input from output
- Allows creation of one way password files (store password hash not password)
- Used for intrusion and virus detection
- Used to detect errors or malicious changes in files.
7
Q
Hash Functions
A
MD5- output 128bits, collision resistance broken in 2004
SHA1 - previously considered secure, deprecated in 2011
SHA2 (SHA-224, SHA-256, SHA-284, SHA-512) - outputs 224,256,384,512 bits respectively. No real security concerns yet. Used for Blockchain.
8
Q
Plaintext
A
original message to be encrypted
9
Q
Ciphertext
A
the encrypted message
10
Q
Enciphering or Encryption
A
the process of converting plaintext into ciphertext
11
Q
Encryption algorithm
A
an algorithm that performs encryption. (Two inputs: A plaintext and a secret key)
12
Q
Deciphering or Decryption
A
recovering plaintext from ciphertext.
13
Q
Decryption algorithm
A
an algorithm that performs decryption (Two inputs: ciphertext and secret key)
14
Q
Secret key
A
same key used for encryption and decryption. Also referred to as a symmetric key.
15
Q
Cryptography
A
the art of devising ciphers.
16
Q
Cryptanalysis
A
the art of breaking ciphers.
17
Q
Cryptology
A
A collective name for cryptography and cryptanalysis.
18
Q
Cryptanalysis Objective
A
- Recover Plaintext of a ciphertext or
- Recover the secret key
19
Q
Cryptanalysis common approaches
A
- Brute Force Attack
- Non-brute force (analytic) attack, often computationally infeasible
20
Q
Kerchhoff’s Principle
A
- All algorithms must be public - only the key should be secret
- A cryptosystem should be secure even if everything about a system except the key is public knowledge.
21
Q
Weak Encryption
A
Before 1930s most encryption was weak, meaning they can be easily broken using a PC today by brute force. Encryption is considered strong if the best cryptanalytic algorithm that breaks it is computationally infeasible.
22
Q
A cipher is unconditionally secure
A
if it is secure no matter how many resources the attacker has (time, memory)
23
Q
A cipher is computationally secure
A
if the best algorithm for breaking it will require so many resources that the cryptosystem is practically secure
24
Q
Strong Encryption
A
Algorithm that is computationally secure therefore highly resistant to cryptanalysis. In general all cryptanalytic methods will be NP-hard.
25
Alan Turing
Invented the Turing Machine and Halting problem to show some problems are undecidable. Cracked the enigma.
26
Factoring Numbers into Primes
Every integer can be expressed as a product of primes. Take two very large prime numbers A and B and multiply them to get C, given C how do you find A and B in reasonable time? This is one of the principles behind modern strong encryption.
27
Legal Issues
The US has defined strong cryptographic products as munitions since WW2. It prohibits the export of cryptographic products. Russia banned private use of cryptographic products.
28
What is symmetric encryption?
A method where the same key is used to both encrypt and decrypt data.
29
Why is symmetric encryption widely used?
It's fast, memory-efficient, and has many strong algorithms.
30
Name some strong symmetric encryption algorithms.
AES, DES, Rijndael, Blowfish.
31
What is the Key Distribution Problem in symmetric encryption?
The challenge of securely sharing the secret key with recipients before communication.
32
Why is the Key Distribution Problem critical?
Without solving it, secure online communication like PayPal and online shopping wouldn't be possible.
33
Why do countries develop their own encryption algorithms?
They don't trust foreign algorithms, fearing backdoors might exist.
34
How was encryption typically done before the 1980s?
Using symmetric algorithms with the same key for encryption and decryption.
35
What determines the strength of a symmetric encryption system?
The length of the encryption key, not the algorithm itself.
36
How does key length relate to cryptanalytic attacks?
Attacks have time complexity that is exponential or super-exponential in key length (on classical computers).
37
What is the complexity of key management in an n-party system using symmetric keys?
It requires n(n-1)/2 unique keys for secure pairwise communication.
38
How can a central server help in key distribution?
By managing only n keys instead of n(n-1)/2, but it introduces new risks.
39
What is a KDC in the context of symmetric encryption?
A Key Distribution Centre, like Microsoft's Kerberos, that helps manage keys.
40
What are the drawbacks of using a KDC?
It can become a single point of failure, a performance bottleneck, and requires trust and secure key retention.
41
Asymmetric Key Encryption
Imagine if it were possible to design an encryption algorithm that uses two keys A and B. If you encrypt a message with A you can only decrypt it with B and vice versa. These are called communicative keys. This would allow two parties to securely communicate without exchanging secret keys. In the 70s nobody believed that such an algorithm was possible. This was mainly because it did not seem to make sense and also because, mathematically it seemed impossible.
42
What is asymmetric encryption also called?
Public Key Encryption.
43
How does asymmetric encryption differ from symmetric encryption?
It uses two different keys — one for encryption and one for decryption — instead of the same key.
44
What is the key rule in asymmetric encryption?
You cannot encrypt and decrypt with the same key.
45
What does each person have in an asymmetric encryption system?
A pair of keys: one public and one private.
46
How are the public and private keys decided?
Each person chooses arbitrarily which key to make public and which to keep private.
47
What should you do with your private key?
Keep it secret and never share it.
48
Is it safe to share your public key?
Yes, public keys are meant to be shared openly.
49
What happens when you encrypt with the receiver’s public key?
Only the receiver can decrypt it using their private key — ensures confidentiality.
50
What is a limitation of using only the receiver’s public key for encryption?
The receiver cannot verify who sent the message.
51
What happens when you encrypt with the sender’s private key?
Anyone can decrypt it using the sender’s public key — proves the sender’s identity.
52
What does encrypting with the sender’s private key solve?
The non-repudiation problem — the sender cannot deny sending the message.
53
What is the purpose of encrypting a message with both keys?
To ensure both authenticity and confidentiality.
54
In what order are the keys used in double encryption?
First encrypt with the sender’s private key, then with the receiver’s public key.
55
How does the recipient decrypt a doubly encrypted message?
First with their private key, then with the sender’s public key.
56
Is generating your own public-private key pair enough to be trusted?
No, self-generated keys are not trusted by others.
57
Who should you get your keys from to be trusted?
A Certificate Authority (CA).
58
What does a Certificate Authority do before issuing a key pair?
It verifies your identity and issues a Digital Certificate.
59
Digital Certificates
- Provide an automatic and electronic means to verify the identity of a person or entity.
- Issued by a Certification Authority (CA) and signed with the CA’s private key.
- Typically contain owner’s public key, name, expiry date, issuer, serial number.
- Used to authenticate identity.
- Used for email, ecommerce, groupware, funds transfer etc.
60
Benefits of Dual Encryption
- Confidentiality: Your data/service provides no useful information to unauthorized parties
- Integrity: If anyone tampers with your digital asset it will be immediately evident
- Non-repudiation: The author, owner, curator, or caretaker of the asset cannot deny association
- Authenticity: We can verify that an asset is associated with its authors, owners, curators, or caretakers.
61
Diffie and Hellman
In 1976 they published details on how asymmetric encryption could work. This instantly solved KDP. It is now possible to communicate securely without having to securely share keys. It turned out that the British signals intelligence agency had invented this a few years before. One of the most popular implementations of public key cryptography is the RSA algorithm.
62
Digital Signatures
- Compute the hash of a document.
- Use private key to encrypt the hash and send encrypted hash and document
- The encrypted hash is your signature of the message
- Recipient uses your public key to decrypt the hash and then matches the hash to the document.
- The document itself does not need to be encrypted. This solves both the authenticity and the non-repudiation problems.
63
Asymmetric Encryption - the Legacy
Asymmetric encryption allows parties to communicate without having to securely exchange keys. This brought about an explosion in secure communication. Many NSAs were not happy.
64
Why are modern cryptographic methods (symmetric and asymmetric) considered secure today?
Because breaking them with brute-force methods requires exponential time on classical computers.
65
How long would it take to break 4096-bit symmetric encryption on a supercomputer?
Millions of years.
66
What is a backdoor in encryption, and why is it dangerous?
A mathematical weakness in an algorithm that allows it to be broken much faster.
67
Why should you avoid writing your own cryptographic algorithms?
Because without expert knowledge, you might unintentionally include vulnerabilities or backdoors.
68
What assumption is RSA encryption based on?
That factoring large integers into primes is computationally intractable.
69
What key mathematical problem does Shor’s Algorithm solve efficiently?
Factoring large integers into primes.
70
How long does it take to factor a 617-digit number (2048-bit) using classical methods?
Around 300,000 years on a typical PC.
71
How long would Shor’s Algorithm take to factor a 2048-bit number?
Around 85 days using a quantum computer.
72
What is the time complexity of Shor’s Algorithm on a quantum computer?
Polynomial time, specifically about n³log₂(n) when accounting for probability.
73
Why must Shor’s Algorithm be run multiple times?
Because quantum mechanics introduces probabilistic results, and repeated runs improve accuracy.
74
When was Shor’s Algorithm first demonstrated and on what number?
In 2011, factoring 15 = 3 × 5 using a 7-qubit quantum computer.
75
What is the “scraping threat” in data security?
The risk that attackers collect encrypted data now to decrypt it later using quantum computers.
76
Why is it important to implement quantum-resistant encryption before quantum computers are available?
Because once encrypted data is scraped, it can be decrypted in the future, compromising its confidentiality.
77
What is the goal of quantum-resistant cryptography?
To develop systems secure against both classical and quantum computers, and compatible with current networks.
78
Which classical encryption method is still considered safe against quantum computers?
Symmetric encryption (e.g., AES). There are several families of quantum resistant PK systems: Lattice-based, code-based, hash-based, isogeny-based and multivariate systems
79
Which public-key encryption methods will quantum computers break?
Systems like RSA and Diffie-Hellman.
80
What are standards bodies currently doing in response to quantum threats?
Evaluating quantum-resistant algorithms to find ones with no known classical or quantum vulnerabilities.
