What are the three pillars of information security?
Confidentiality, Integrity and Availability (CIA)
What is the role of cryptography in each pillar?
Confidentiality: hides information via encryption
Integrity: ensures data hasn’t been altered (e.g., MACs, signatures)
Availability: indirectly supported by authenticating network links and managing traffic
According to Kerckhoff’s principle, where should security lie in a cryptosystem?
In the secrecy of the key, not the algorithm – algorithms are assumed to be public.
What is the key principle that underlies most cryptosytems?
The existence of a shared secret between communicating parties
When might cryptography be inappropriate for security?
When performance is critical, or when long-term sensitive data may become decryptable in the future (e.g., post-quantum threats).
Define a symmetric cryptosystem mathematically
E: K x M –> M
D: K x M –> M
Such that for all m β M, π·(π,πΈ(π,π)) = π
Why is identifying the key sufficient to attack a symmetric system?
Because once the key is known, all ciphertexts encrypted under it can be decrypted.
What are the four classical attack models?
- Ciphertext-only
- Known-plaintext
- Chosen-plaintext
- Brute-force attack
What is the chosen plaintext attack (CPA)?
When the attacker can select plaintexts and observe their ciphertexts to derive the key or system structure.
Why is brute force infeasible in modern cryptography?
Key spaces are astronomically large, making full search computationally infeasible with current hardware.
Describe the Caesar cipher
Each letter is shifted by a fixed key value k modulo 26. Encryption adds k; decryption subtracts k.
Describe a substitution cipher
Each letter of the plaintext is replaced by a corresponding letter from a permuted alphabet (key = permutation)
How many keys exist for a substitution cipher on the 26-letter alphabet?
26! (about 4 x 10^26), but still breakable via frequency analysis.
Why are substitution ciphers weak?
Because letter frequency and structure in natural languages leak information about plaintext patterns.
Describe the Vigenere cipher
A polyalphabetic substitution cipher that applies a repeating sequence of Caesar shifts defined by a key word.
How can the Vigenere cipher be broken?
Friedman test: estimates key length using frequency analysis.
Kasiski examination: looks for repeated trigrams to infer key length.
Why does the Vigenere cipher lack perfect secrecy?
Because key reuse introduces ciphertext patterns that can be exploited statistically
What is perfect secrecy?
A system where the ciphertext reveals no information about the plaintext, even to an attacker with unlimited power.
Who defined perfect secrecy?
Claude Shannon
What is the mathematical condition for perfect secrecy?
For any two messages m0, m1 and any ciphertext c, the number of keys mapping m0 –> c equals the number mapping m1 –> c
How does a one-time pad achieve perfect secrecy?
Encryption: c = k β m
Decryption m = k β c
Each key is random, used once, and as long as the message.
What are the main problems with one-time pads?
- Key must be as long as the message
- Keys must never be reused.
- Secure key exchange and storage are impractical for large data.
How does asymmetric cryptography differ from symmetric?
Uses a key pair – a public key for encryption and a private key for decryption
What happens if the one-time pad key is reused?
It becomes vulnerable to XOR-based statistical analysis, revealing relations between plaintexts.
