Test 1 Study Guide

Date: Tues Oct 7th, 2014

- Confidentiality, Integrity, and Availability (CIA)

- Kerchoff's Principle

- Mono-alphabetic simple substitution ciphers (e.g., Ceasar's)

- Keyspace of the two simple substitution variants and the
implications

- Definition of Secure
- One-Time Pad
- Why is it provably secure?

- How to encrypt & decrypt using One-Time Pag
- Codebook Ciphers
- The purpose of Additives

- How to encrypt and decrypt using additives.

- Stream Ciphers
- Generalization of On-Time Pad (e.g., XOR)

- Shared key
- A5/1 and RC4
- One generates bits, the other generates bytes

- What are these bits/bytes for?
- Blocks Ciphers
- Notation for encryption and decryption using block ciphers

- Feistel Cipher
- General principles (iteration, split plaintext blocks,
etc..)

- Same algorithm to encrypt and decrypt. (this is its main design principle)
- DES
- Are there any known attacks?
- Size of key (advertised security)

- Triple DES
- Why was triple DES created?
- Backwards compatible with DES?
- Size of key (advertised security)
- AES
- Is it a Feistel cipher? why or why not?

- What are the implications on the four functions in AES?
- What are those four functions again?

- TEA
- Is it a Feistel cipher? why or why not?
- do we encrypt and decrypt using the same logic? (as we would in a Feistel cipher?)
- Block Cipher Modes
- What are the different modes?
- What are the benefits and drawbacks to each mode (e.g., usage scenarios, vulnerabilities).
- MAC
- How can a block cipher (and in which mode) be used to provide integrity?

- Public key crypto vs symmetric key crypto (two keys vs one
key)

- What can you do with two keys (public, private) that you can't do with one key (private)?
- Knapsack (pick weights from a set that sum to a particular
value)

- General Knapsack vs SuperIncreasing Knapsack

- Why is GK harder to solve than SIK? (this is where Knapsack
gets its "security" from).

- GK is NP-complete and SIK can be solved in linear time, why?
- Given a knapsack public key, be able to encrypt a message
- Given a knapsack private key, be able to decrypt a message
- Why is the Knapsack insecure? What's the underlying flaw?

- RSA

- What hard problem (e.g., Knapsack) is RSA based on?
- Given an RSA public key, be able to encrypt a message
- Given an RSA private key, be able to decrypt a message
- Why can RSA be slow, and what can be done to speed it up?
- What's the advantage of selecting a small encryption exponent for everyone?
- What is the cube root attack and how can we prevent it?
- Diffie-Hellman
- What hard problem (e.g., factorization) is DH based on?
- General principles, what does Alice send to Bob and vice
versa.

- How does the Man-in-the-middle (Trudy) attack work and why does it work?
- Recall Trudy sets up two secrets, one between her and Alice, and one between her and Bob.
- ECC (we don't cover this)
- Digital signatures
- Confidentiality and non-repudiation
- How can Alice prove she didn't place an order?

- Pitfall of Sign and Ecrypt
- Pitfall of Encrypt and Sign
- PKI
- Digital certificates and Certificate Authorities (CA)

- PKI trust models