d
Question 1The Navajo Code Talkers were a relatively modern example of a cryptosystem in which:A.a simple mathematical design produced a nearly unbreakable code.B.the Caesar shift cipher was used with different shift for each character.C.The Caesar shift cipher.D.the spoken language was the key.
d
2.Question 2The distinction between a 'code' and a 'cipher' is:A.that a cipher encrypts concepts while a code encrypts symbols.B.meaningless -- they are two terms for the same thing.C.that a code is a binary file while a cipher is text message.D.that a code encrypts concepts while a cipher encrypts symbols
a
Question 3The term used for the art and science of breaking codes and ciphers is:A.cryptanalysis.B.social engineering.C.cryptology.D.cryptography.
c
Question 4In World War II, the primary military cipher used by the Germans in the field was:A.JN-25B.The Vernam CipherC.the Enigma machineD.The Vigenere Cipher
c
Question 5The usual benchmark against which computational attacks are compared is:A.the best known attack against a similar cryptosystem.B.A chosen-plaintext attack.C.the brute-force attack that systematically searches the key space.D.the social engineering attack.
a
Question 6Which of the following, when used properly, is provably unbreakable?:A.The Vernam cipherB.The Venona cipherC.EnigmaD.The Vigenere cipher
d
Question 7Kerckhoff's Principle strongly recommends that:A.implementation details remain closely guarded secrets.B.essential elements of the algorithm be kept private.C.every detail about a cryptosystem be kept secret as much as possible.D.it be assumed that the adversary has all information about the cryptosystem algorithms and its implementations
a
Question 8The only piece of information that must be kept secret in most asymmetric cryptosystems is:A.the private key.B.the public key.C.the underlying algorithmD.which asymmetric algorithm is being used in this exchange.
c
Question 9In most cryptosystems the distribution and verification of keys is generally accomplished by:A.publishing the public keys on the sender's webpage.B.both parties performing some kind of 'key exchange' protocol.C.using a trusted third partyD.using a bonded courier.
c
Question 10The name generally given to the actor than can insert messages into a communications channel isA.EveB.AliceC.MaloryD.Bob
a
Which of the following is NOT one of the three primary security goals discussed?:A.AvailabilityB.AuthenticityC.IntegrityD.Confidentiality
d
Which term refers to the message as transmitted from Alice to Bob?A.encryptB.decryptC.plaintextD.ciphertext
b
Which cipher was believed unbreakable for about three centuries?A.The Caesar shift cipher.B.the Vigenere cipher.C.the scytale.D>the Caesar cipher.
d
Which of the following was a transposition cipher?A.The Caesar shift cipherB.The Caesar cipherC.The Vigenere cipherD.The scytale
a
The amount of ciphertext needed before, on average, no spurious messages remain is known asA.the unicity distance.B.the minimum key length.C.critical message length.D.ciphertext wrapping length.
c
The Achilles Heel of symmetric cryptosystems is generally1 / 1 pointA.agreeing on which of the many algorithms to use.B.the generation of a suitably strong key.C.the proper management of keys.D.implementing the algorithms so that they are sufficiently fast.
b
Attacks that exploit weaknesses in the implementation of a cryptographic system are generally known asA.Related key attacks.B.side channel attacks.C.social engineering attacks.D.timing attacks.
c
The term often used to describe using force or threats to coerce information from the user of a cryptosystem isA.traffic analysis.B.extortion.C.rubber-hose cryptanalysis.D.social engineering.
a
Frequency analysis exploits what characteristic of monoalphabetic ciphers?A.The underlying frequency of the plaintext languages.B.The number of distinct symbols in the cipher text.C.The frequency of vowels at the beginning of words.D.The frequency distribution of word lengths.
d
Which of the following does not typically complicate the use of frequency analysis.A.Using infrequently used letters as common punctuation marks.B.Using short abbreviations for longer words or concepts.C.Limiting messages to fairly short lengths.D.Spelling out numbers and other non-text items.
d
In the English alphabet, how many digraphs are there?A.17,576B.26C.456,976D.676
b
A principle motivation in developing polyalphabetic ciphers was:A.to reduce the size of the key to something that could be easily remembered.B.to flatten the frequency distribution of the ciphertext characters.C.to overcome the fact that nearly all monoalphabetic ciphers had already been used.D.to increase the size of the key space.
b
What is the index of coincidence for a language that uses it's alphabet randomly.A.0.0B.1.0C.1/N, where N is the number of characters in the alphabet.D.1.73
b
A Vigenere cipher using a particular non-English alphabet has a keylength of 20. We would like the most common plaintext letter (which has a frequency of about 10%) to appear about 5 times in each key-letter group ing. About how much ciphertext do we need access to?A.20B.1000 characters.C.Indeterminate without knowing the length of the alphabet.D.50
a
The coincidence rate of a Vigenere cipher peaks strongly at offset distances of 35 and 42. Key lengths to focus on quickly includeA.7B.Indeterminate, since 42 is not a multiple of 35.C.35 or 42D.5, 6, or 7
d
The fact that some letters are almost always (or almost never) followed by certain other letters can help with all of the following exceptA.Calculating the correct single-character frequencies in the ciphertext.B.helping to identify potential breaks between words.C.Help to identify ciphertext characters that probably represent vowels.D.helping to "break ties" when single-character frequency analysis fails to distinguish mappings
a
The method used by the Americans in World War II to discover that the Japanese were targeting the island of Midway was an example of what type of cryptanalytic attack?A.Chosen-plaintext attackB.Related key attackC.Ciphertext-only attackD.Traffic analysis.
d
Today, which of the following are seldom successful ways to break a cryptosystem?1 / 1 pointA.Side-channel attacksB.Exploiting user sloppiness or greed.C.Social engineering.D.Key recovery via plaintext-only attacks.
d
The typical order of the most frequent six characters in the English alphabet areA.AEIOUTB.AEIONTC.SHRDLUD.ETAOIN
c
Question 4The most frequent six characters account for about how many of the symbols in a typical sample of English text.A.25%B.50%C.70%D.1/8
a
The only trigraph(s) to account for 1% of all trigraphs in a typical English ciphertext is(are)A.THEB.THE, AND, INGC.AND, INGD.THE, AND, ING, ENT, ION
d
Question 6The most common double-letter (repeated digraph) is:A.EEB.AAC.TTD.LL
c
In the 250 character ciphertext example, how many clear ciphertext/plaintext pairings did there appear to be?A.20B.10C.4D.1
a
In the 2500 character ciphertext example, straight application of frequency analysis resulted in how many correct mappings.A.26, although 2 were very weak and 5 others were somewhat weak.B.12C.18D.4
c
The technique developed by Charles Babbage to determine the key length in a polyalphabetic cipher involves a metric known asA.the coincidence offset.B.the key-length index.C.the index (or rate) of coincidence.D.the polylength.
b
Which of the following equations describes the relationship between a plaintext character, P, and a ciphertext character, C, in a language of length N with a key character, K?A.P = (C + K) mod NB.(C - P) mod N = KC.K = (P - C) mod ND.C = (P - K) mod N
c
If the offset with the highest coincidence rate is 24, then the most likely key length1 / 1 pointA.4B.2C.is 2, 3, 4, 6, or 12.D.18
d
Before using a keyphrase in a Vigenere cipher, the parties first encipher it with a Caesar shift cipher. What affect is this likely to have on the cryptanalysis?A.None at all.B.It multiplies the key space by 26 (the possible shift amounts)C.It makes it much harder to confirm that the correct key has been found.D.Only slight since the basic cryptanalysis is the same whether the key is readable or random.
b
In the 250 character ciphertext example, there were two strong outliers, one ciphertext character ('H') and one plaintext character ('e'). What was the likely result of these outliers?A.The plaintext character wasn't used in the ciphertext.B.They would probably break up one or more of the "obvious" pairings.C.Those two characters likely form a pairD.The ciphertext characters wasn't used in the ciphertext.
a
In the 2500 character ciphertext, a strong clue regarding which ciphertext character(s) might represent 'q'A.are any characters which have no repeated-character digraphs.B.is to look at the characters preceding the ciphertext character representing 'u'.C.is the least frequently used character.D.are any characters for which the single letter frequency is approximately four times the double letter frequency.
a
The set of all inputs that produce the same hash value is known asA.the preimage.B.the collision space.C.the input partition.D.a collision.
a
The effect of a Birthday Attack is toA.effectively cut the width of the digest in half when looking for two random messages whose digests collide.B.find a preimage for a given digest in significantly less time than brute force.C.significantly improves the performance of a second-preimage attack.D.reduce the complexity of the attack to the order of the number of bits in the digest.
d
If Alice send Bob a plaintext message along with the digest that has been encrypted with her private key,A.then Bob can verify the authenticity, but not the integrity, of the message.B.then Bob can verify the integrity, but not the authenticity of the message.C.then Bob can't confirm either the integrity or the authenticity of the message because he would also need her private key to decrypt the digest.D.then Bob can verify both the integrity and the authenticity of the message.
c
The time complexity of a brute force preimage attack against an N-bit hash function scalesA.exponentially with N/2.B.as the square root of N.C.exponentially with N.D.linearly with N.
d
Even though preimage and second preimage attacks against most hash functions are nearly equivalent, they are treated separately becauseA.cryptanalysts are purists.B.the attacks are still completely different.C.it allows hash function developers to claim more attacks against which their function is resistant.D.they might not be equivalent.
a
The goal of a hash collision attack is toA.find any two messages that have the same digest.B.A message that hashes to the same digest as a target message.C.A message that has a specific target digest.D.find messages that are the same as their digest
a
The effectiveness of birthday attacks is evidenced byA.the fact that a significant fraction of breaks into real systems involve this type of attack.B.the width of modern hash functions.C.the fact that they have a been given a specific name.D.the ease with which they can be used to carry out a preimage attack.
a
Strong avalanche behavior is important in order for:A.messages and digests to be uncorrelated.B.the hash function to be non-invertible.C.the hash function to be computationally fast.D.the hash function to be deterministic.
a
Noninvertibility is required for a hash function to be:A.preimage resistant.B.hash collision resistant.C.computationally efficient.D.deterministic.
a
Which of the following is NOT true of an ideal hash function?A.The same input always produces the same output.B.No two inputs produce the same output.C.The length of the input can be any value.D.Changing any bit in the input causes about half of the bits in the output to change.
a
Which of the following is NOT true regarding hash functions.A.Hash functions must be irreversible.B.The Random Oracle is often considered the ideal cryptographic hash function.C.Hash functions suitable for one purpose may be unsuitable for others.D.Cryptographic hash functions may be poor choices for some applications.
c
A common name for the output of a hash function, particularly in cryptography, isA.the message summary.B.the post image.C.the digest (or fingerprint) of the message.D.the tag.
c
If the digest of a message is transmitted along with the messageA.then the authenticity of the message can be confirmed by the recipient.B.the recipient can be confident that the message has not been altered by the enemy.C.then the integrity of the message can be confirmed, but only in a nonadversarial environment.D.the recipient can be confident that the message has not been accessed by an unauthorized party.
a
Chuck provides a sales contract and it's digest, asking Alice to acknowledge the digest as being the signature of their agreed upon contract. What should Alice do?A.Make a benign change to the document, such as adding an additional space after the first paragraph, and insist that they both acknowledge the digest of this document as the signature of their contract.B.Run the hash function on the document herself, verifying that it produces the digest presented by Chuck, before accepting it.C.Insist that the digest be verified by Trent, a trusted third party.D.Examine the document closely for the inevitable tell-tale signs that it has been altered
a
The largest cryptographic hash function which is currently susceptible to a brute-force preimage attack is closest toA.64 bits.B.128 bits.C.32 bits.D.256 bits.
d
An example in which a second-preimage attack is not effectively equivalent in difficulty to a preimage attack is when the hashA.is a one-way hash function.B.is longer than the message.C.is a Random Oracle.D.is a perfect hash.
c
The difference between a hash collision attack and a second-preimage attack isA.is that a hash collision attack involves adjusting a message until it produces the same digest as a target message.B.that a hash collision attack is still possible against a perfect hash fuction.C.that a second-preimage attack forces the attacker to find a message with a specific digest.D.semantics; these are actually the same attack.
c
A hash collision attack is significantly more effective than a preimage attack due toA.the ability to choose the target hash randomly.B.the pigeonhole principle.C.the Birthday Paradox.D.there not being a requirement that the colliding message make sense.
a
For cryptographic hash functions, the first goal that we typically sacrifice isA.speed.B.determinism.C.noncorrelation between messages and digests.D.collision resistance.
b
If a hash function is collision resistant, then it is alsoA.deterministic.B.second-preimage resistant.C.preimage resistant.D.computationally efficient
a
Which of the following numbers is prime?A.563B.817C.423D.679
c
What is the prime factorization for 6,469,693,230?A.577111317191923*29B.2311131719192329*31C.23571113171923*29D.2571113171919232931
a
What is the least residue of 95 (mod 7)A.4B.-2C.5D.0
b
If x and -x to be congruent (mod N), what do you know about N?A.N must be even.B.x is a multiple of half the modulus.C.N must be odd.D.x must divide N
c
What is sufficient for the multiplicative inverse of x (mod N) to exist?A.x must be prime.B.x must not be 0.C.x must be relatively prime to N.D.N must be prime
d
What is GCD(3,187,869, 2,739,621)?A.983B.929C.1D.2949
a
The number of iterations required by the Euclidean Algorithm isA.O(log(n)) (where n is the smaller number).B.O(n) (where n is the smaller number).C.O(log(n)) (where n is the larger number).
a
Which of the following is NOT a modulus in which 234 is the multiplicative inverse of 657?A.153,739B.47C.153,737D.3271
a
What is the multiplicative inverse of 65,491 (mod 159,437)?A.140,448B.-18,979C.35,899D.65,491
b
Which of the following pairs of numbers are relatively prime?A.796,982B.819,990C.527,612D.91, 343
a
What is GCD(930,992)?a.62b.2c.31d.16
d
Which of the following are congruent (mod 13)?a.21001, 21013b.3, 113c.-4, 4d.-17, 9
d
If x and -x to be congruent (mod N), what do you know about N?a.N must be even.b.N must be odd.c.x must divide Nd.x is a multiple of half the modulus.
b
What is sufficient for the multiplicative inverse of x (mod N) to exist?a.x must not be 0.b.x must be relatively prime to N.c.N must be prime.d.x must be prime
b
The number of iterations required by the Euclidean Algorithm isa.O(n) (where n is the smaller number).b.O(log(n)) (where n is the smaller number).c.O(log(n)) (where n is the larger number).
d
What is the multiplicative inverse of 16 (mod 47)a.5b.16c.-3d.3
a
What is the multiplicative inverse of 219 (mod 220)?a.-1b.221c.0d.It doesn't exist.
d
What are the last two digits of 17^64?a.1b.88c.0d.21
d
Given that totient(527) is 480, what is 526^959 (mod 527)?a.0b.Unknown since the exponent can't be larger than the totient of the modulus.c.1d.526
a
In order for x^(tot(N)) to be congruent to 1 (mod N), what must be true.a.x and N must be relatively prime.b.x and N must share at least one prime factor.c.x must be prime.d.N must be prime.
c
What is totient(21)?a.9b.7c.12d.20
a.
What is the totient of 326,095 (all prime factors are less than 20)?a.203,280b.5,929c.240d.255,360
b
Under what conditions is the log of a number, modulo N, guaranteed to exist?a.If the number is prime.b.If the number is 1 (and the base is nonzero).c.If the base is prime.d.If N is prime
a
What is 47^69 (mod 143)a.125b.47c.142d.17
d
What is 15^15 (mod 14)?a.13b.-1c.14d.15
d
The value of totient(N) is equal toa.The number of prime numbers no larger than N.b.The number of positive integers less than N that share factors with it.c.The number of positive integers less than N that divide it.d.The number of positive integers less than and relatively prime to N.
c
What is the totient(p) if p is prime?a.(p-1)/pb.pc.(p-1)d.p(p-1)/2
b
What is the totient of 2717 (all prime factors are less than 20)?a.2717b.2160c.1267d.40
b
What is the totient of 3^4?a.27b.54c.26d.80
b
Under what conditions is the totient function multiplicative?a.Alwaysb.If the two numbers are relatively prime.c.If the numbers don't have repeated prime factors.d.Never
d
If x > y, what is true regarding log(x) and log(y) (mod N) (if the base is greater than 1)?a.log(x) > log(y) (assuming both exist).b.log(x) < x and log(y) < yc.log(x) exists if log(y) exists.d.Nothing reliable.
c
If log(x) (mod N) exists to a particular base, thena.It exists to any other base that is relatively prime to the first base.b.It is unique.c.It may or may not exist to other bases.d.It is possible that other numbers have the same log (to the same base).
b
A primitive root:a.must be relatively prime to the modulus.b.generates all numbers relatively prime to the modulus.c.only exists if the modulus is prime.d.is any base that is relatively prime to the modulus.
a
A integer has a CRT representation of (0,4,0,3) mod (5,7,8,9). What do we know about this number?a.It is divisible by both 5 and 8, but may be divisible by other prime factors as well.b.It is divisible only by 5 and 8 (and any multiples of either).c.It is divisible by 5 and 8, but not necessarily 40.d.It is divisible on by 40 (or multiples thereof
d
Given a modulus N, to get the most insight into the structure of the integer x, the CRT moduli should bea.consecutive prime numbers starting with 2 until a modulus that is equal to N is reached.b.consecutive prime numbers starting with 2 until a modulus at least as large as N is reached.c.the prime factors of Nd.the prime powers that factor N
a
It is proposed to use CRT moduli of (237803, 240199, 242653, 274327). Are these acceptable?a.No. There are two pair of moduli that are not relatively prime.b.Yes. All of the moduli are pairwise co-prime.c.No. There is one pair of moduli that are not relatively prime.d.No. There are three pair of moduli that are not relatively prime.
d
With CRT moduli of (2,3,5), what is the coefficient of the mod-3 residue when converting back to an integer?a.3b.30c.1d.10
a
Using CRT moduli (7,8,9), what is the multiplicative inverse of 46189?a.(5,5,1)b.The multiplicative inverse does not exist.c.(-3,-5,-1)d.(1,1,1)
c
Using CRT moduli (7,8,9), what is 12345 to the 5th power?a.(4,6,2)b.(6,7,8)c.(2,1,0)d.(0,0,0)
d
If the CRT moduli are (5,7,8,9), what is the overall modulus?a.210b.9c.29d.2,520
a
What is the CRT representation of 12345 mod (5,7,8,9)?a.(0,4,1,6)b.(0,1,4,6)c.(6,1,4,0)d.(6,4,1,0)
c
A integer has a CRT representation of (0,4,0,3) mod (5,7,8,9). What do we know about this number?a.It is divisible on by 40 (or multiples thereof).b.It is divisible only by 5 and 8 (and any multiples of either).c.It is divisible by both 5 and 8, but may be divisible by other prime factors as well.d.It is divisible by 5 and 8, but not necessarily 40.
d
Which of the following are suitable Chinese Remainder Theorem moduli for an overall modulus of 5,040a.(5,7,8,18)b.(2,3,4,5,6,7)c.(2,3,5,7)d.(9,16,35)
b
With CRT moduli of (2,3,5), what is the coefficient of the mod-3 residue when converting back to an integer?a.3b.10c.30d.1
c
What is the least integer residue of the CRT representation is (4,4,4) mod (7,8,9)?a.288b.503c.4d.17
b
Using CRT moduli (7,8,9), what is the sum of 12345 and 82734?a.(4,1,6)b.(5,7,3)c.(6,7,8)d.(1,6,6)
b
Using CRT moduli (7,8,9), what is the product of 12345 and 82734?a.(6,7,8)b.(4,6,0)c.(6,2,8)d.(5,7,3)
d
Using CRT moduli (7,8,9), what is the multiplicative inverse of 46189?1 / 1 pointa.(1,1,1)b.(-3,-5,-1)c.The multiplicative inverse does not exist.d.(5,5,1)
d
Using CRT moduli (7,8,9), what is 12345 to the 5th power?a.(0,0,0)b.(6,7,8)c.(4,6,2)d.(2,1,0)
a
When testing for primality of N using trial division, which describes the smallest set of trial divisors needed?a.All prime numbers that are no greater than the square root of N.b.All integers greater than 1 and no greater than N/2.c.All integers greater than 1 and less than sqrt(N).d.All prime numbers that are less than the square root of N.
c
The largest RSA semiprime factored as of 2017 isa.only 256 bits, since this is a number so large that it is a about 0.1% of the number of atoms in the known universe.b.the 512-bit signing key used by the TI-83+ calculator.c.a 768-bit number (RSA-768)d.undefined, since no RSA semiprime has ever been successfully factored.
b
The most common way of generating cryptographically large prime numbers isa.to algorithmically generate a prime number from one of the many sequences of special primes.b.to randomly guess a number and then perform tests to see if the number is likely prime.c.to randomly pick a number from a table of primes.d.to call a function with a random number, k, that returns the kth prime number.
c
If a^(n-1) is congruent to 1 (mod n) and 'n' is composite, then 'a' is referred to asa.a Fermat witness to the compositeness of 'n'.b.a Fermat liar to the compositeness of 'n'.c.a Fermat liar.d.a Fermat witness to the primeness of 'n'.
b
If N is a prime number, then it can be shown thata.x^2 is congruent to 1 if x is the multiplicative inverse of N (mod N).b.that there are exactly two square roots of 1, namely 1 and (N-1), (mod N).c.that x^2 is congruent to 1 for all values of x that are relatively prime to N.d.there are numbers other than 1 and -1 that, when squared, are congruent to 1 (mod N)
d
The number of Miller-Rabin trials that must be performed to achieve a given level of securitya.increases as the size of the prime number sought increases.b.has an effectively random relationship to the size of the prime number sought.c.is independent of the size of the prime number sought.d.decreases as the size of the prime number sought increases.
c
The odds that a randomly picked 300 digit number is prime is closest toa.1 in 1000b.1 in 1 millionc.1 in 700.d.1 in 100
b
When testing for primality of N using trial division, which describes the smallest set of trial divisors needed?a.All integers greater than 1 and no greater than N/2.b.All prime numbers that are no greater than the square root of N.c.All prime numbers that are less than the square root of N.d.All integers greater than 1 and less than sqrt(N).
c
Currently, the fasted algorithm for factoring large arbitrary numbers isa.the multipurpose quadratic sieve.b.square-and-multiply.c.the General Number Field Sieve.d.the Sieve of Eratosthenes.
c
Fermat's Primality Test will always pass, regardless of the chosen base, for some composite numbers known asa.such numbers do not exists. All composite numbers will fail the test for at least one choice of the base.b.unlucky numbers.c.Carmichael numbers.d.Fermat pseudoprimes
c
If a^(n-1) is not congruent to 1 (mod n), then 'a' is referred to asa.a Fermat liar to the primeness of 'n'.b.a Fermat liar to the compositeness of 'n'.c.a Fermat witness to the compositeness of 'n'.d.a Fermat witness to the primeness of 'n'.
d
If a^(n-1) is congruent to 1 (mod n) and 'n' is composite, then 'a' is referred to asa.a Fermat witness to the compositeness of 'n'.b.a Fermat liar to the compositeness of 'n'.c.a Fermat witness to the primeness of 'n'.d.a Fermat liar.
c
If N is a prime number, then it can be shown thata.x^2 is congruent to 1 if x is the multiplicative inverse of N (mod N).b.there are numbers other than 1 and -1 that, when squared, are congruent to 1 (mod N)c.that there are exactly two square roots of 1, namely 1 and (N-1), (mod N).d.that x^2 is congruent to 1 for all values of x that are relatively prime to N.
d
Which of the following values for 'x' are liars for the primality of 221 (using Miller-Rabin)?a.5b.93c.16d.174
d
The number of Miller-Rabin trials that must be performed to achieve a given level of securitya.is independent of the size of the prime number sought.b.increases as the size of the prime number sought increases.c.has an effectively random relationship to the size of the prime number sought.d.decreases as the size of the prime number sought increases.
c
The fraction of bases that are witnesses to the compositeness of N (if it is an odd composite) isa.no more than 3/4.b.is usually about 3/4, but may be more or less.c.at least 3/4.d.is unpredictable and can be zero.
p = (c-2x) mod 26p = (c+26-2x) mod 26
For c = (p+2x) mod 26, where c, p, and x are the ciphertext, the plaintext, and the key, respectively, what is the corresponding decryption? Select all that works.
b
Let's use Vigenere Cipher to encrypt English text, ignoring capitalization and other symbols beyond English alphabets. The key is of length 1 and of value "Y" or 24, i.e., the key is "Y". Which of the following statements is false?a.The cipher can be expressed as c = (p-2) mod 26, where c is each ciphertext letter and p is each plaintext letter.b.This cipher transforms a plaintext alphabet to distinct ciphertext alphabets with long enough plaintext inputs.c.The cipher can be expressed as c = (p+24) mod 26, where c is each ciphertext letter and p is each plaintext letter.d.The cipher is equivalent to the Vigenere cipher using a key of length 3 and of value "YYY".e.The cipher is equivalent to a Caesar Cipher.
a,b,e
The same product cipher in the previous question, comprised of Caesar Cipher and Permutation Cipher (with a key of length 5), is used to encrypt a long English book (ignoring capitalization and other symbols beyond English letters). Your friend makes the following claims. Select all those that are correct.a."Letter Z appeared the most in the ciphertext, so it must be mapped from the latter E.b."The ordering between the Caesar and the Permutation does not matter within the product cipher, so we can decrypt it in any order."c."The letter-pair/digram AX appeared the most in the ciphertext, so they must be TH. In other words, A is mapped from the letter T, and X is mapped from H."d."If we another Caesar Cipher encryption in the product cipher (so that there are two Caesar Cipher operations and a Permutation Cipher operation), then it becomes harder to crack by an attacker (who does not know the key).e."If we replace the Caesar Cipher with a Monoalphabetic Cipher, then it becomes harder to crack by an attacker (who does not know the key).
a
The block cipher supports input/output of 64 bits. Which of the following is true about the key storage requirement?a.You need hundred million to one billion 1TB-hard-drives to store the key, where TB stands for Terabytes.b.You need more than one billion 1TB-hard-drives to store the key, where TB stands for Terabytes.c.You need ten to hundred million 1TB-hard-drives to store the key, where TB stands for Terabytes.d.You need less than ten million 1TB-hard-drives to store the key, where TB stands for Terabytes.
False
True or False: DES is an ideal block cipher.
False
True or False: DES displaying Avalanche Effect is a limitation because it describes that an error occurring in one of the rounds propagate through the rest of the rounds.
a,d,e
Which of the followings are true about Feistel Cipher? Select all that applies.a.Feistel Cipher requires smaller key than ideal block cipher.b.The subkeys used in the Feistel Cipher rounds are independent to each other.c.Feistel Cipher competed with DES and got outdated after the wide use of DES.d.Feistel Cipher is a product cipher.e.Feistel Cipher processes the data in halves. .f.Feistel Cipher requires different encryption and decryption implementations in hardware and software.
a,d,f
Which of the following key lengths does AES support? Select all that applies.a.128 bitsb.64 bitsc.228 bitsd.192 bitse.56 bitsf.256 bits
c
Which of the followings correspond to transposition only (no substitution)?a.MixColumnsb.AddRoundKeyc.ShiftRowsd.SubBytes
a
Which of the followings use the key?a.AddRoundKeyb.ShiftRowsc.SubBytesd.MixColumns
b,d
Which of the followings are true about AES? Select all that applies.a.AES is based on Feistel Cipher.b.AES involves both substitution and transposition.c.The same algorithms for encryption (SubBytes, MixColumns) are also used for decryption.d.The number of rounds depends on the key length.e.AES algorithm is only known to NIST, which standardized AES
b
Which of the following describes the 2nd block encryption output of CBC mode (C2). The followings are given: E (an encryption cipher function), K (the key). C1 (the cipher output from the 1st block encryption), P2 (the plaintext for the 2nd block), and XOR (and exclusive-or function). For example, XOR(x,y) indicate the bit-by-bit XOR between the two bit vectors x and y, and E(K,P2) is the encryption output when using the key K and the plaintext P2.a.C2 = E(K,XOR(C1,P1))b.C2 = E(K,XOR(C1,P2))c.C2 = XOR(P1,E(K,XOR(C1,P1)))d.C2 = XOR(P2,E(K,XOR(C1,P1)))e.C2 = XOR(P2,E(K,XOR(C1,P2)))f.C2 = XOR(E(C1),K)
a,c,d
Which of the following operation modes do not require padding (if the data does not fill the block)? Check all that applies.a.CTRb.ECBc.OFBd.CFBe.CBC
f
Which of the followings describe the 2nd block encryption output (C2) of OFB mode? The followings are given: E (an encryption cipher function), K (the key). C1 (the cipher output from the 1st block encryption), P2 (the plaintext for the 2nd block), P1 (the plaintext for the 1st block), and XOR (and exclusive-or function). For example, XOR(x,y) indicate the bit-by-bit XOR between the two bit vectors x and y, and E(K,P1) is the encryption output when using the key K and the plaintext P1.a.C2 = XOR(P2,E(K,XOR(C1,P2)))b.C2 = XOR(E(C1),K)c.C2 = E(K,XOR(C1,P2))d.C2 = XOR(P1,E(K,XOR(C1,P1)))e.C2 = E(K,XOR(C1,P1))f.C2 = XOR(P2,E(K,XOR(C1,P1)))
b,d
Suppose a small, low-power device experiences that a real-time computation of the encryption/decryption function is burdensome (e.g., serving as the bottleneck of the performance) and wants to compute the encryption/decryption functions offline (e.g., computed before the plaintext/ciphertext). Which of the following block cipher operation modes support such feature? Check all that applies.a.CFBb.OFBc.CBCd.CTR
a
Alice and Bob is not synchronized in time, and their clock frequency is different. Which of the block cipher operation modes would be affected by such lack of synchronization? Check all that applies.a.CTRb.OFBc.CBCd.CFBe.ECB
c,f
Suppose Pi indicates the plaintext input for the block cipher i from the sender's perspective, e.g., P2 is the plaintext input for the 2nd block cipher, and Ci is the ciphertext input for the block cipher i from the receiver's perspective. (If there were no errors, Ci is also the ciphertext output of the block cipher i from the sender.) Which of the following scenarios causing errors affect C3 (and cause error in C3)? Select all that applies.a.Error occurs on C2 for CFB Mode.b.Error occurs on C2 for ECB Mode. c.Error occurs on P1 for CBC Mode.d.Error occurs on C1 for CBC Mode.e.Error occurs on C2 for OFB Mode.f.Error occurs on P2 for CFB Mode.g.Error occurs on C2 for CTR Mode.
b,d
Given any plaintext p, a cipher supporting asymmetric cryptography with an encryption function (Enc) and the corresponding decryption function (Dec), and the public-private key pair (Ki,ki) for any user i, which of the followings are true for a cipher that can be used for both message confidentiality and source integrity/signature, e.g., RSA cipher? Select all that applies.a.Dec(K1,Enc(k2,p))=pb.Dec(K2,Enc(k2,p))=pc.Dec(k1,Enc(k1,p))=pd.Dec(k1,Enc(K1,p))=p
b
Which of the followings are true about asymmetric cryptography? Check all that applies.a.Asymmetric cryptography is also called private-key cryptography.b.Key distribution and management should be addressed when using asymmetric cryptography.c.Asymmetric cryptography supersedes and generalizes symmetric cryptography.d.Given the same key length, asymmetric cryptographic scheme is more secure than symmetric cryptographic scheme.
c,f
Which of the followings are false for asymmetric cipher requirements? Select all that applies.a.It is computationally easy for any user to generate his/her own public-private key pair.b.The encryption and the decryption computations are easy only with the key that is being used.c.Both the public key and the private key should remain secret against an attacker.d.It is computationally infeasible for an attacker to derive the private key from a public key.e.It is computationally infeasible from an attacker to derive the plaintext from the public key and the ciphertext.f.Both the sender and the receiver can use the same private key for encryption and decryption.
a,b
Suppose f is a trapdoor one-way function designed to be used with the key, k. Which of the followings are computationally easy?a.Solving f(x) if the input and k are knownb.Solving the inverse of f if the input to the f-inverse and k are knownc.Solving the inverse of f if the input to the f-inverse is knownd.Finding k if the input and the corresponding output of f are known
d
Which of the followings does the RSA algorithm support? Select all that apply.a.Digital signatureb.Encryption/decryptionc.Key exchanged.All of the above
a
Which of the followings does Diffie-Hellman Key Exchange support: encryption/decryption, digital sig- natures, key exchange? Select all that apply.a.Key exchangeb.Encryption/decryptionc.Digital signature
a,f,g,h
Using the same notations as in the lecture, p and q are the two prime factors of n, and e and d are the public key and the private key, respectively. Which of the followings are to be secret against the attacker, assuming that the Prime Factorization problem remains difficult to solve?a.db.nc.ed.The Euler totient function of e, phi(e)e.The Euler totient function of p, phi(p)f.pg.The Euler totient function of n, phi(n)h.q
c,d,e
Using the same notations as in the lecture, p and q are the two prime factors of n, and e and d are the public key and the private key, respectively.Which of the following statements about the RSA cipher are true? Select all that applies.a.e and d are independent from p and q.b.RSA encryption and decryption computations (from plaintext to ciphertext and from ciphertext to plaintext) use all of p, q, e, and d.c.After choosing e, the Extended Euclidean algorithm can be used to derive d.d.After choosing d, the Extended Euclidean algorithm can be used to derive e.e.For the public-private keys of RSA, e and d, given any plaintext m, m raised to the power of e.d (m^{e.d}) is equal to m.
a,c,e
Using the same notations as in the lecture, e.g., p and q are the two primes and e and d are the public key and the private key, respectively, p=5, q=11. Alice chooses a private key d and derives the public key e. Which of the followings can work for the values of d?a.21d.8c.9d.2e.17f.5g.4.
a
Using the same notations as in the lecture, e.g., p and q are the two primes and e and d are the public key and the private key, respectively, p=3, q=11, and e=7.The attacker performs a chosen-ciphertext attack (CCA). It has a known ciphertext 14 and wants to retrieve the corresponding plaintext. It computes c' = c r^e mod n and chooses the ciphertext 14 2187 mod 33 = 27 and retrieves the corresponding plaintext, 15. What is the plaintext corresponding to the ciphertext 14?a.5b.12c.37d.23e.3
a,c
Which of the following statements are true?a.Given a large modulus n, the discrete logarithm problem is computationally difficult.b.The discrete logarithm mod p always exist and is unique if p is a prime number.c.Using the primitive roots of a prime modulus p yields the maximum p-1 possible outcome values for the discrete logarithm, which is desired for cryptography.d.Given a large modulus n, the exponential operation mod n is computationally difficult.
b,c,d,e
Alice and Bob exchanges a key using Diffie-Hellman Key Exchange protocol. Which of the followings do Alice know by the end of the protocol? Select all that applies.a.Bob's private key (X_B)b.Bob's public key (Y_B)c.The prime modulus (p)d.The shared key by the protocol (K)e.The primitive root of the prime modulus (a)
b,c,d
Alice and Bob exchanges a key using Diffie-Hellman Key Exchange protocol. Which of the followings are to be secret against a passive attacker (who wishes to learn the shared key)? Select all that applies.a.The primitive root of the prime modulus (a)b.The shared key by the protocol (K)c.The prime modulus (p)d.Bob's private key (Y_B)
d
Which of the followings are true for Diffie-Hellman Key Exchange and Man-in-the-middle (MITM) attack? Select all that applies.a.Diffie-Hellman Key Exchange protocol is widely used for digital signature.b.MITM attack is a passive attack.c.Diffie-Hellman Key Exchange protocol establishes a shared secret key between the two parties involved in the protocol and therefore is considered symmetric cryptography.d.Diffie-Hellman Key Exchange protocol is vulnerable to MITM attack because of the lack of authentication.
b,c
Which of the followings are true about El Gamal Encryption?a.El Gamal Encryption is used for key exchange between the participating parties.b.El Gamal Encryption includes the message and the key that is used to protect the message, and the key itself is protected against eavesdropping.c.El Gamal Encryption uses a prime modulus and a primitive root of the modulus.d.El Gamal Encryption relies on prime factorization problem.
c,d
Alice and Bob wants to communicate with each other. They first use Diffie-Hellman Key Exchange protocol to establish a session key and then use the session key to encrypt the messages from Alice to Bob. An attacker eavesdrops on the resulting ciphertext and conducts a brute-force attack on the encryption. Suppose the attacker succeeds in her brute-force search. Which of the followings remain secure (secret against the attacker)? Select all that applies.a.Bob's public keyb.The session keyc.Alice's private keyd.Bob's private keye.The message from Alice to Bob
e
Which of the followings is the most temporary by design?a.Master keyb.Session keyc.Public-key certificated.A user's public-private key paire.None of the above
d
What are the purposes of a nonce in key distribution? Select all that applies.a.It is used by convention and has no practical useb.To use it for encryption so that the ciphertext does not make sense to the attackerc.For padding the packetd.To connect the response to the corresponding communicatione.To use it as a replacement key in case of compromise
a,e
Which of the followings are needed for a CA to generate a digital certificate?a.The request for the user's certificateb.The public key of CAc.The private key of the user (the certificate subject)d.The nonce used by the user in the last communicatione.The public key of the user (the certificate subject)f.The private key of CA
b,c
Which of the followings are required to verify the signature of the digital certificate signed by a CA?a.The private key of CAb.The certificate itselfc.The public key of CAd.The user's request for the digital certificatee.The nonce involved in the user-CA communication
b,c
Which of the following statements are true? Select all that applies.a.Any user has the authority to revoke a certificate.b.Digital certificates can be requested before using it to share the public key.c.Once receiving the digital certificates signed by a Certificate Authority (CA), a user can share it with anybody whom it wants to communicate.d.Digital certificates need to be accessible only the user that requested for it.e.Digital certificates remain valid until it explicitly gets revoked.f.The communication between the Public-Key Authority and the requesting user needs to be secure, so that a third party cannot decrypt and learn the content of the communication
f
Which of the followings are the PKI's responsibilities? Select all that applies.a.Revoke certificatesb.Manage certificatesc.Distribute certificatesd.Create certificatese.Store certificatesf.All of the above
B
Question 1Which of the following statements are false for hash functions?A. Across varying inputs, the output of the hash function needs to be uniformly distributed.B. Given an input, a hash function can produce multiple outputsC. The input size can vary.D. The output size is fixed.
BCD
Which of the following terms are used to describe the output of the hash function?A. MessageB. DigestC. Hash valueD. FingerprintE. Cache
A
Which of the followings states that for any given input, it is computationally infeasible to find another input that produces the same hash as the given input.A. Weak collision resistanceB. One-way propertyC. Pre-image resistanceD. Strong collision resistance
BD
Which of the following statements are true for cryptographic hash function requirements?A. All practical hash functions need to fulfill the same set of requirements.B. Avalanche effect is desirable property of hash function because it prevents attacks that compare the outputs to infer the relations between the corresponding inputs.C. Any hash function that is strong collision resistant is also pre-image resistant.D. Any hash function that is strong collision resistant is also weak collision resistant.E. Any hash function that is pre-image resistant is also weak collision resistant.
16
When the hash function uses a 1-Byte long key, how many computations would it require an attacker to break strong collision resistance?
128
When the hash function uses a 1-Byte long key, how many computations would it require an attacker to break weak collision resistance?
128
When the hash function uses a 1-Byte long key, how many computations would it require an attacker to break preimage resistance?
ABE
In hash chain, H^n indicates the output of the n-th hash. Suppose H^3 has an error and its value changed. Which of the values would get affected and change?A. H^4B. H^3C. H^2D. The input for the entire hash chainE. H^5
D
The server, acting as the verifier, has the value H^n stored for the verification. What is the one-time password that will be used by the user?A. x (which is the original input of the hash chain)B. H^nC. HD. H^{n-1}E. H^2F. H^{n+1}
1
For a hash tree that covers 32 data blocks, how many hash checks do you need to perform to detect the error? Assume that error occurred on only one block.
1
For a hash tree that covers 32 data blocks, how many hash checks do you need to perform to detect the error? Assume that error occurred on two distinct blocks.
9
For a hash tree that covers 16 data blocks, how many hash checks do you need to perform to localize the error? Assume that error occurred on only one block.
15
For a hash tree that covers 128 data blocks, how many hash checks do you need to perform to localize the error? Assume that error occurred on only one block.
15
Now the error occurred on two distinct blocks. For a hash tree that covers 16 data blocks, how many hash checks do you need to perform to localize the error?
AC
Which of the followings are true for hash tree (Merkle tree)? The tree is binary where there are two child nodes for each parent node.A. The computational complexity grows linearly as the number of data blocks increases exponentially.B. Hash tree requires fixed number of data blocks (which are the inputs of the lowest-level hash functions).C. To construct the hash tree, the hash inputs are twice as long as the hash outputs.D. Merkle root changes only if the majority of the data blocks change.
A
Cryptocurrency, e.g., bitcoin, uses Merkle tree for efficient verification. Which of the following best describes the data (the input to the hash at the lowest-level of the tree hierarchy) in cryptocurrency?A. Cryptocurrency transactionB. Central bank's signatureC. Transmission originated from a bitcoin minerD. The arbiter information
AC
Which of the following does the TESLA broadcasting authentication scheme use? Select all that applies.A. Cryptographic hash functionB. Merkle treeC. Hash chain
AC
Which of the followings are true about message authentication?A. Symmetric encryption/decryption can provide message authentication.B. Message authentication holds the user accountable of its messages, e.g., the transmitter cannot deny sending the message after it has done so.C. Message authentication code (MAC) is based on symmetric keys.D. Message authentication code (MAC) is based on asymmetric keys.E. Message authentication code (MAC) needs to be reversible.
A
A MAC, such as that based on DAA/DES, uses a 56-bit key and a 64-bit MAC code/tag. How many computations would it require for an attacker to brute-force the MAC on average?A. 2^55B. 2^28C. 2^56D. 2^64E. 2^32F. 2^63
D
A MAC, such as that based on DAA/DES, uses a 56-bit key and a 64-bit MAC code/tag. However, now, the key gets updated very frequently; every MAC code that gets produced uses a different key. How many computations would it require for an attacker to brute-force the MAC on average?A. 2^55B. 2^28C. 2^56D. 2^64E. 2^32F. 2^63
B
Which of the followings is not a security requirement for MAC?A. Large key sizeB. Independence across bitsC. Avalanche effectD. Collision resistanceE. MAC code is uniformly distributed
ACD
How is CMAC different from DAA algorithm? Select all that applies.A. CMAC provides longer MAC code.B. CMAC supports public-key cryptography.C. CMAC have options for the block ciphers.D. CMAC additionally uses a derived key (derived from the original key) when generating the MAC code.