Review Videos for Lecture 5: IND-CPA, One-Time Pads, Block Ciphers, Symmetric-Key Encryption
- Summer 2020 notes (part 1)
- Summer 2020 notes (part 2)
- Summer 2020 notes (part 3)
- Playlist (length: 2:13:25)
Intro to Cryptography
(True/False) Cryptography only reasons about defending against known attacks
(True/False) One difference between symmetric and asymmetric key cryptography is that in the former one key is held by both parties, while in the latter both parties have different keys
Kerckhoff’s Principle/Security Through Obscurity
What are three reasons cryptographic schemes should be public? Which part of a cryptosystem must be kept private?
Intro to Symmetric Encryption Schemes
Why do we allow the ciphertext to leak the length of the message in our definition of confidentiality?
Defining Security for Symmetric Encryption
What did our original idea of security fail to account for?
Security Games and IND-CPA
What is the adversary's goal in the IND-CPA game?
Is Enc(K, M) = 3*K +2*M, IND-CPA secure?
If we modify IND-CPA such that the messages sent in the challenge phase can't be queried during either of the query phases, which type of undesirable encryption scheme will now be considered IND-CPA?
One-Time Pads (OTP)
Consider a variant of IND-CPA, IND-CPA', where an attack can only make one query before submitting their challenge and no queries after. Is the OTP IND-CPA' secure?
Intro to Block Ciphers
As we'll see later in the class, everytime you use the internet you're
using block ciphers! The most common block cipher used today is called AES
which we'll discuss in a bit.
Fun fact: Prof. Wagner was part of the team that came up with a block cipher called TwoFish which was one of the top 5 block cipher designs chosen internationally when NIST was attempting to find a standard.
Random Functions and Permutations
(True/False) A Gaussian distribution is considered random
How many bits would it take to represent a truth table of a random permutation with input length of n bits?
Block Cipher Security
What does a block cipher need to computationally indistinguishable from in order to be considered secure? (Computationally indistinguishable means an efficient (ie. polynomial time) attacker can't distinguish)
Why Only Efficient Attackers?
Which input could an unbounded attacker brute force to win the block cipher distinguishing game?
Information Leakage of a Block Cipher
If an adversary could learn first bit of M when given E(K, M) where E is encryption for a secure block cipher, how would this lead to a contradiction?
Overview of AES
If you could prove a block cipher was unconditionally secure, what else would you likely prove in the process?
Which property of ECB Mode makes it not IND-CPA secure?
Which property must a block cipher have in order for CBC to be decryptable?
CBC Security and Pseudo-Random Number Generators (PRNGs/PRGs)
What undesirable property would CBC mode have if we always picked the same IV?
Where might computer hardware get sources of weak randomness?
(True/False) CTR mode also relies on a block cipher being invertible in order to be decryptable
(True/False) Like CBC mode, in CTR mode the nonce must be chosen randomly
Would appending a sequence of alternating bits (ie. 101010) be a valid padding scheme?