Cryptography and Basic Security Mechanisms

Flashcards covering basic terminology, cryptographic techniques (Vernam, Transposition, Substitution, Concealment), Shannon's rules, cryptanalysis, and the comparison between symmetric and asymmetric cryptosystems.

What is the Oxford Dictionary (2006) definition of cryptography?

A secret manner of writing, either by arbitrary characters, by using letters or characters in other than their ordinary sense, or by other methods intelligible only to those possessing the key.

According to the transcript, what is the relationship between cryptology, cryptography, and cryptanalysis?

$$\text{Cryptology} = \text{Cryptography} + \text{Cryptanalysis}$$

What are the formal notation representations for encryption and decryption?

Encryption is represented as $C = E(P)$ and decryption is represented as $P = D(C)$, where $E$ is the encryption algorithm and $D$ is the decryption algorithm.

What is the requirement for a cryptosystem to ensure the original message can be recovered?

$$P = D(C) = D(E(P))$$

What convention is used for cleartext and ciphertext characters?

Cleartext is written in uppercase and ciphertext is written in lowercase.

How is the Vernam Cipher implemented regarding binary transformations?

It uses Modulo $2$ transformations using binary XOR; for example, if $P = 110101$ and $K = 101010$, then $C = P + K = 011111$.

Define transposition in the context of cryptographic techniques.

The method by which symbols in the plaintext are moved into different positions in the ciphertext, preserving the total number of $1$'s and $0$'s.

What is the substitution method in cryptography?

The method by which symbols in the plaintext are replaced with different symbols, often using a lookup table.

How does the Caesar Cipher function as a substitution method?

It uses a $3$ place offset in the alphabet, where the ciphertext character is calculated as $c_i = E(p_i) = p_i + 3$.

What is concealment encryption?

A method where message symbols are mixed with many other symbols that carry no useful information.

According to Shannon's criteria (1949), why should the size of the ciphertext be restricted?

The size of the ciphertext should not be greater than the plaintext because more text provides more data for cryptanalysts and requires more storage and transmission time.

What are the specific goals of a cryptanalyst?

To break a single message, recognize patterns, infer meaning without breaking encryption, deduce the key, or find weaknesses in the algorithm or implementation.

What is the difference between symmetric and asymmetric cryptosystems regarding keys?

In a symmetric cryptosystem, $K_E = K_D$ (the same key is used), while in an asymmetric cryptosystem, $K_E \neq K_D$ (different keys are used).

Define 'Confusion' as a characteristic of good encryption schemes.

Confusion means the interceptor cannot predict what will happen to the ciphertext when one character in the plaintext is changed; it hides the relationship between $P + K$ and $C$.

Define 'Diffusion' as a characteristic of good encryption schemes.

Diffusion means that changes in the plaintext spread out over many parts of the ciphertext, requiring an attacker to access more of the ciphertext to infer the algorithm.

What are the common commercial encryption examples mentioned in the notes?

DES (Data Encryption Standard), RSA (Rivest-Shamir-Adelman), and AES (Advanced Encryption Standard).

In a symmetric encryption system with $n$ communicating users, how many separate keys are required?

$$\frac{n \times (n - 1)}{2}$$

How does Public Key Encryption (PKE) handle key distribution?

The recipient keeps a private key ($K_D$) and distributes a corresponding public key ($K_E$) which does not require a secure channel and can be posted publicly.

What analogy is used for Asymmetric encryption in the lecture notes?

It is like using a safe with a locked deposit slot; a deposit slot key is needed to slide a document in (public key), but a safe door key is needed to retrieve it (private key).

Why is key management considered a major issue in cryptosystems?

Keys must be stored, safeguarded, and activated/deactivated (e.g., if they expire or a key is taken from a fired employee), and public keys must be correctly distributed.