Knowledge Points of ITIS 6200/8200 Spring Semester of 2011 Chapter 1: 1. The basics of modern crypto systems. 2. Why in the modern crypto systems we want to make the encryption/decryption algorithms public? 3. Name at least two advantages and two disadvantages of symmetric encryption algorithms, and provide examples to explain them. 4. Name at least two advantages and two disadvantages of asymmetric encryption algorithms, and provide examples to explain them. 5. Why do we say a public/private key encryption algorithm should be robust against chosen plaintext attacks? 6. What is a one-time pad? Why is it safe even under brute-force attacks? 7. What is a transposition cipher? What is a substitution cipher? You should be able to provide an example of each kind of ciphers. Chapter 2: 1. What are the expected properties of a good hash function? 2. Why do we call an asymmetric encryption algorithm a trap-door one-way function? 3. Revisit page 17 of the slides, and link the functionalities of the hash functions to the protocols (such as bit commitment, fair coin flip, etc) that we introduce later. 4. How to use the hash values of the files to verify the integrity of the file system? Why do we need a keyed hash function to solve this problem? 5. Understand the forward search attack. If we describe a scenario, you should be able to figure out whether or not it is vulnerable to forward search attack, and how the attack is conducted. 6. Why is it very difficult for an eavesdropper to figure out the selected encryption in the Merkle’s puzzle protocol? 7. Understand the replay attack. If we describe a scenario, you should be able to figure out the replay attack. Note that some similar attack happens when we introduce the authentication/key management protocols in Chapter 3. 8. When we are doing dual asymmetric encryption, why should we always sign with our private key first, then encrypt with the other party’s public key? Chapter 3: 1. Why should we distinguish the usage of short term keys (session keys) and long term keys (interchange keys)? 2. Understand man-in-the-middle attack. If we describe a scenario, you should be able to figure out how the man-in-the-middle attack will be conducted. 3. Why can an interlock protocol defend against man-in-the-middle attack? What is a good interlock protocol and what is a bad interlock protocol? 4. How should a system store the user names and corresponding passwords? Why is it not safe enough to store the hash results of the passwords? What is a slat? The difference between a public salt and a private salt. Why can a salt make the dictionary attack impractical? Why do we say that the salt improve the safety of the overall system but not for a specific user? 5. Understand the one-key per time login through a hash chain. 6. Understand the five authentication and key exchange protocols that we introduce in the class. Understand their vulnerabilities and the potential attacks. You do not need to remember the protocols. We may describe some protocols similar to these protocols and vulnerable to similar attacks and you should be able to figure the attacks out. 7. Understand the concept of secret splitting and secret sharing. Chapter 4: 1. How to use a hash function to timestamp a file? 2. Why can the linking protocol defend against the collusion attack between the signer and the end users? What is a good chaining mechanism? 3. How can we construct a hash tree so that we need to publish only one result and we can timestamp a large number of files? How can we determine the corresponding values in the hash tree that should be provided to each user? 4. Understand the bit commitment protocols. Why are some commitment protocols vulnerable to forward search attacks? 5. How to use a bit commitment protocol to achieve fair coin flip? 6. The usage of commutative encryption function. 7. How can multiple parties generate an encryption key jointly so that the final result is out of the control of any collusive groups as long as there is one honest party? When we generalize this approach, how can multiple parties jointly do YYY? 8. How can multiple parties shuffle a deck of cards jointly so that no parties can collude to control the card dealing procedure? 9. The usage of commutative encryption algorithms. Chapter 5: 1. What is a general procedure of Zero knowledge proof? Why should we make sure that the solution to the new problem cannot be easily mapped back to the solution of the original problem? What are the questions that the verifier can challenge the proofer? Why for each round the proofer will answer only one of the questions? 2. Understand the two zero knowledge proof problems that we introduce in the class. 3. Why for the non-interactive zero knowledge proof problem, we need many more rounds? 4. What are the two blind signature algorithms that we introduce? Under what scenarios does each of the algorithms work? 5. For the second type of blind signature, why is it a better approach to leave a subset of messages unchallenged? 6. The concept of oblivious transfer. What are the two approaches that we design to achieve oblivious transfer? Why do we always need the verification at the very end of the oblivious transfer? DES and RSA 1. In DES, which component contributes the most to the safety? How large is the block size? How long is the key? 2. What is the complementation property of DES? And why does this property effectively impact the safety of the algorithm? 3. Why cannot double DES make the effective key length to be 112 bits? What is the meet in the middle attack? Why can triple DES make the effective key length 112 bits? 4. Different modes of DES. Specifically, you should understand the structure of ECB mode and CBC mode. What security problems may be caused by the ECB mode? In the CBC mode, if we provide one of the encryption/decryption chain structures, you should be able to draw the other one. 5. What are the advantages of an initial vector? Why can we transmit the IV in plaintext? 6. You should be able to identify how the errors in transmission will impact the decryption results. The self-healing property of DES. 7. You should be able to conduct modular calculation using the equations (a * b) mod p = ((a mod p) * (b mod p)) mod p and (a + b) mod p = ((a mod p) + (b mod p)) mod p 8. You should be able to calculate the Totient function (n) of a number. Why for the product of two different prime numbers p and q, its Totient value is (p-1)*(q-1)? 9. You should understand the encryption/decryption procedures of RSA. Understand why for some special numbers (such as 0 or 1), the cipher text will be the same as plaintext. Understand why in practice, we should use a very long block instead of a single-character block in RSA. 10. When RSA is adopted, why should we always sign first, then encrypt with the other party’s public key?