yuh

Why is Double DES insecure

It is vulnerable to the meet-in-the-middle attack, reducing its effective security to ~57 bits

What is the meet-in-the-middle attack?

An attack that compares all encryptions of the plaintext with all decryptions of the ciphertext to find a matching middle value

How does 3-key 3DES work?

It encrypts the plaintext using three keys using a sequence of encrypting, decrypting, and encrypting again, effectively creating a stronger encryption for DES

Effective key length of 3-key DES

168 bits

Main weakness of ECB

Patterns in plaintext remain in ciphertext. Not secure for multi-block data

How does Cipher Block Chaining work?

Plaintext block XOR previoous ciphertext block —> encrypt

What does Cipher FeedBack do?

Converts a block cipher into a stream cipher by feeding back ciphertext

Why is Output FeedBack good for noisy channels

No error propagation — errors do NOT affect future blocks

Why is Counter mode so widely used today?

It is parallelizable, fast, supports random access, and simple.

What is XTS-AES used for?

Encrypting data at rest on sector-based storage devices.

What special input does XTS-AES use?

A tweak, usually based on block position.

What is FPE

Encryption that keeps the same format and length as plaintext (e.g., credit card numbers stay 16 digits).

Why is FPE important

It allows encryption in legacy systems without changing database structure.

What structure do FPE algorithms like FF1/FF3 use

Feistel network

What are the two requirements for a random sequence?

Randomness (uniform + independent) and unpredictability.

What is the key difference between TRNG and PRNG?

TRNG → nondeterministic physical randomness.
PRNG → deterministic algorithm using a seed.

What is an entropy source

A nondeterministic physical process producing random bits (e.g., thermal noise, timing data).

Why do TRNGs use conditioning?

To remove bias and increase entropy rate.

Why must a PRNG seed be secure

If the seed is known, the attacker can reproduce the entire PRNG output.

What is forward unpredictability?

Next bit cannot be predicted without knowing the seed.

What is backward unpredictability?

Previous outputs cannot be used to recover the seed.

What does the Frequency Test check?

1s ≈ 0s (balanced distribution).

What does the Runs Test check?

Runs of identical bits occur as expected in random data.

What does Maurer's Universal Test detect?

Whether the sequence is too compressible → not random.

Which mode is recommended for cryptographic PRNGs?

CTR mode (NIST SP 800-90).

How does a stream cipher encrypt?

XOR plaintext with a pseudorandom keystream.

What must a secure stream cipher keystream have?

Large period + near-true randomness.

Why is RC4 no longer secure?

Key scheduling weaknesses + biased keystream → key recovery attacks.

What is the difference between LFSR and NFSR?

LFSR is linear; NFSR adds nonlinearity (more secure).

What components does Grain-128a use?

LFSR + NFSR + nonlinear filter, producing balanced, long-period keystream.

Purpose of the Repetition Count Test?

Detects if noise source becomes stuck on one value.

Purpose of Adaptive Proportion Test?

Detects entropy loss when a value occurs too frequently.

What problem does public-key cryptography primarily solve?

Key distribution + providing digital signatures.

What is the main difference between public-key and symmetric-key encryption?

Public-key uses two keys (public/private); symmetric uses one shared key.

What is the main difference between public-key and symmetric-key encryption?

Public-key uses two keys (public/private); symmetric uses one shared key.

What is a trap-door one-way function?

A function easy to compute forward but infeasible to reverse unless you know secret information (the trap-door).

What is RSA’s core security assumption?

The difficulty of factoring a large number n = p × q.

RSA encryption formula?

C = M^e mod n

RSA decryption formula?

M = C^d mod n

What are the RSA public and private keys?

Public key: (e, n)
Private key: (d, n)

What is φ(n) in RSA and how is it computed?

φ(n) = (p − 1)(q − 1)

What is OAEP used for in RSA?

To defend against chosen-ciphertext attacks (CCA).

What is a timing attack?

An attack that recovers the private key by measuring how long decryption operations take.

What is the purpose of Diffie–Hellman?

To securely exchange a shared secret key over an insecure channel.

What is DH security based on?

The difficulty of the discrete logarithm problem.

What is a major vulnerability of Diffie–Hellman?

Man-in-the-middle attacks due to lack of authentication.

What cryptographic assumption does ElGamal rely on?

The discrete logarithm problem.

Where is ElGamal commonly used?

Digital Signature Standard (DSS) and S/MIME.

What is the main advantage of ECC over RSA?

Equal security with much smaller key sizes, reducing computation.

What is the hard problem underlying ECC security?

The elliptic curve discrete logarithm problem (ECDLP).

What operation in ECC is equivalent to modular exponentiation in RSA?

Scalar multiplication (repeated point addition).

What are the two main types of elliptic curves used in crypto?

• Prime curves (Zₚ) — best for software

• Binary curves (GF(2ᵐ)) — best for hardware

Why can ECC use shorter keys than RSA?

ECDLP is much harder than integer factoring, so smaller keys provide strong security.

What is the ECC equivalent to a 3072-bit RSA key?

Approximately 256 bits.

What is the main purpose of a cryptographic hash function?

To provide data integrity by producing a fixed-size hash value from variable-length input.

What is the one-way property of a hash function?

It is computationally infeasible to find an input that maps to a given hash value (preimage resistance).

What is a collision in hash functions?

When two different inputs produce the same hash value.

What is a Message Authentication Code (MAC)?

A keyed hash function used between parties sharing a secret to authenticate messages.

How does a digital signature use hash functions?

The hash of a message is encrypted with the sender’s private key to create a signature.

What is the advantage of hashing passwords instead of storing them in plaintext?

It creates a one-way password file, increasing security if the database is compromised.

What three resistance properties define a secure hash function?

• Preimage resistant

• Second preimage resistant

• Collision resistant

Which SHA version is considered insecure?

SHA-1

What family are SHA-256, SHA-384, and SHA-512 part of?

SHA-2

What structure does SHA-3 use?

The sponge construction, which absorbs input blocks and squeezes out the hash value.

What attack exploits the birthday paradox?

Collision attacks, where attackers search for two messages with the same hash output.

What is the block size of SHA-256?

512 bits

Why must hash functions for authentication be secure?

To prevent attackers from forging messages or signatures by finding collisions.

What is a pseudorandom function (PRF)?

A function that outputs apparently random values, sometimes built using hash functions.

What is cryptanalysis in the context of hash functions?

Attacks that exploit algorithm weaknesses rather than brute force.