Cryptographic Concepts (part 1)

Question 1

Define cryptography.

Answer 1

Cryptography is the study of mathematical technique related to the aspects of information security.

Question 2

What are the 3 main properties of information security?

What about a 4th?

Answer 2

1. confidentiality - you want to keep things secret; don’t want others to know what you are emailing
2. data integrity - don’t want someone to intercept your email and modify it before it arrives at the recipient, or you want the recipient to be able to tell that it was modified
3. data origin authentication - want to be able to verify that the sender actually sent us the message that we received
4. entity authentication - verify who you are talking to; just because someone logged in with your password doesn’t mean it was you

Question 3

How does cryptography enforce the following properties of information security?

1. Confidentiality
2. Data Integrity
3. Data Origin Authentication
4. Entity Authentication

Answer 3

1. Encrypt your data, hoping no one else but the receipient(s) can decrypt it.
2. Use a cryptographic hash function, which generates a specific hash based on the data. If any bit of the data has changed, then the hash changes, so you know the data has altered.
3. To know that a document came from the person you think it did, they have to sign it with a digital signature.
4. To authenticate someone, you need cryptographic protocols to identify that someone is who they say they are. Not just that they know the account username and password.

Question 4

Define non-repudiation.

Answer 4

A digital signature has the property of non-repudiation, which prevents an entity from denying previous commitments or actions.

(i.e. Once you’ve sent an email, you cannot deny that it was you who sent it. There is mathematical proof!)

Question 5

Define symmetric key encryption.

Answer 5

Symmetric key encryption is when the secret key used by the sender and receiver is the same.

Question 6

What are the two basic types of cryptography?

Answer 6

1. Transposition (or permutation) ciphers, where you rearrange the letters in a seemingly random, but reversible manner, to create the ciphertext.
2. Substitution ciphers, where you map the letters to other letters to create the ciphertext.

(Substitution is the predominant form of encryption. But just because permutation ciphers are weak doesn’t mean they’re useless. There will be times when we use a permutation cipher as a part of a larger, more complicated cipher.)

Question 7

Define one-to-one.

Answer 7

A function is 1-1 if each element in the codomain Y is the image of at most one element in the domain X.

Question 8

Definie onto.

Answer 8

A function is onto if each element in the codomain Y
is the image of at least one element in the domain X

Question 9

Define bijection.

Answer 9

A function is a bijection if it is one-to-one and onto.

i.e. every element in the domain maps to a unique element in the codomain; so X and Y are the same size

Question 10

Define a one-way function.

[MEMORIZE THE EXACT WORDING OF THIS DEFINITION]

Answer 10

A one-way function should be:

• Easy to compute the f(x) values for all values of x.
• Computationally infeasible to calculate the x values for all values of y.

[When you are writing an encryption function to generate ciphertext, you want your encryption function to be a one-way function.]

Question 11

Define a trapdoor one-way function.

Answer 11

(So given the trapdoor information, for any y you can compute an x)

Question 12

What is the unique factorization problem?

Answer 12

This is the problem of factoring the product of two large prime numbers.

(It turns out that this is one of the hardest problems in mathematics, which is why RSA is so difficult to crack. Many trapdoor-oneway functions used in cryptography are baseed off of this problem.)

Question 13

Define a permutation.

Answer 13

Let S be a finite set of elements. A permutation p on S is a bijection from S to itself, (i.e. p: S –> S).

Question 14

How do you compute the inverse of a permutation function?

Answer 14

Simply reverse the arrows in the function mapping and switch the columns.

(The inverse permutation function will also be a permutation function, since it will map S back to S.)

Question 15

How do you programmatically compute the inverse permutation function array from a permutation array?

Answer 15

Question 16

Are permutation functions used for public or secret key cryptography? What about trapdoor one-way functions?

Answer 16

• Permutation functions are used for secret key cryptography (i.e. symmetric key cryptography), where the encryption and decryption keys are related in an easy way, and can easily be calculated from one another. (Just compute the inverse permutation function to perform decryption.)
• Trapdoor one-way functions are used for public key cryptography (i.e. asymmetric key cryptography), since it is computationally infeasible to compute the encryption key, given the decryption key.

Question 17

Define an involution.

Answer 17

Involutions are functions that are their own inverses.

Question 18

What do you need to define in order to define an encryption scheme?

Answer 18

encryption scheme = cipher

Question 19

What makes an encryption scheme breakable?

Answer 19

Question 20

Define the following:

• physically secured channel
• unsecured channel
• secured channel

Answer 20

• A physically secured channel is one which is not physically accessible to the adversary.
• An unsecured channel is one from which an adversary can reorder, delete, insert, or read.
• A secured channel is one from which an adversary does not have the ability to reorder, delete, insert, or read.

Question 21

Define what a passive adversary and an active adversary are.

Answer 21

• A passive adversary can read from an unsecured channel.
• An active adversary can transmit, alter, or delete information on an unsecured channel.

Question 22

What are Knudsen’s 4 categories of breaking an algorithm, in order of decreased severity?

Answer 22

Question 23

Define Knudsen’s 4 categories of breaking a security algorithm:

1. total break
2. global deduction
3. instance (or local) deduction
4. information deduction

Answer 23

Question 24

Define cryptanalysis.

Answer 24

Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques and information security services.

Question 25

Define cryptology.

Answer 25

Cryptology is the study of cryptography and cryptanalysis.

(cryptography = designing a cryptosystem)