CS4236 Final Examination Cheat-sheet, Study notes of Cryptography and System Security

Download CS4236 Final Examination Cheat-sheet and more Study notes Cryptography and System Security in PDF only on Docsity! CS4236 Cryptography Theory and Practice Final Examination Cheat-sheet (AY2018/2019 Semester 1) Niu Yunpeng @ NUS CEG Page 1 Good Luck! CS4236 Final Examination Cheat-sheet 1. CBC Encryption & MAC 1) Cipher Block Chaining (CBC) mode: and . 2) IV requirements: randomly selected, unpredictable & cannot be reused. 3) Drawbacks: cannot be parallelized, 1 additional ciphertext block (c0, IV), F must be invertible (thus we cannot use PRP, pseudorandom permutation). 4) Error propagation: If a bit in block ci is flipped in the transmission of the ciphertext, then pi is garbled and the corresponding bit in pi+1 is flipped. 5) Stateful CBC: insecure because IV becomes predictable (SSL 2.0 BEAST attack, because IV is the last block of the previous ciphertext). 6) CBC-MAC: 1 and , only output the last block . 7) Concatenation attack: possible for arbitrary length CBC-MAC (either use the length of the message as or encrypt the tag with another key). 8) CBC-MAC cannot use random IV: doing so (thus must send IV in clear with the message) is vulnerable because the attacker can change the same bit in IV and the first block in message body , without affecting the tag. 2. RSA Encryption 1) Key pair: public key and private key . 2) Derivation: we have and , then we could get , . 3) Encryption & decryption: and . 4) Selection of p and q: two large-enough primes of equal length. We could use Miller-Rabin test to generate large primes efficiently. 5) Textbook RSA is neither CPA-secure nor CCA-secure since deterministic. 3. Diffie-Hellman Key Exchange 1) = invertible elements in under multipcation modulo N. 2) Theorem: b is invertible modulo N if and only if they are co-prime. 3) Cyclic group: given a finite group G of order m, G is cyclic if and only if there exists a generator g such that represents all elements in G. a. Any group of prime order is cyclic, any non-identity element is a generator; b. Thus, if p is prime, (of order ) is cyclic. 4) Order of element in cyclic group: for all , the smallest positive integer such that . In cyclic group , the order of any element is a factor of (the order of the group ). 5) Quadratic residue (QR): an element which has a square root in . a. Each element has either 0 or 2 square root(s) in ; b. Exactly half of the elements in are QR; c. It is computationally feasible to compute square roots in . 6) Discrete log (DL): given the generator g and an element x in a cyclic group, find e such that . DL is hard relative to G for all PPT algorithms. 7) Diffie-Hellman (DH) problem: given a cyclic group G with its generator g, define . a. Computational Diffie-Hellman (CDH): given , find ; b. Decision Diffie-Hellman (DDH): given , and distinguish from a uniform element in G; c. If DL is easy, then CDH problem is also easy; d. DDH is only hard if and are QRs inside . 8) DH key exchange: set up p & g, exchange & to get as key. a. DH key exchange achieves forward secrecy;