1. What is cryptography and how does it relate to cryptology?

Cryptography is the science of using mathematics to encrypt and decrypt

data, essentially the art and science of keeping messages secure. It is one of
the two main branches of cryptology, with the other being cryptanalysis,
which focuses on breaking ciphertext and finding weaknesses in
cryptographic systems. Cryptography is concerned with creating secret
writing to hide the meaning of a message, while cryptanalysis aims to reveal
that hidden meaning or find vulnerabilities in the process used to hide it.

2. Can you explain some key terms used in cryptography?

Several terms are fundamental to understanding cryptography. Plaintext is

the original, unencrypted, readable message. Ciphertext is the result of the
encryption process, appearing as random characters and being unreadable
without decryption. A cipher refers to the specific algorithm or mathematical
function used to transform plaintext into ciphertext during encryption.
Encryption is the process of applying this function to make data unreadable
unless a specific key is used, and decryption is the reverse process, using the
key to turn ciphertext back into plaintext. The key is the crucial element that
controls the encryption and decryption processes.

3. What are the primary goals of using a cryptosystem?

A cryptosystem is used to achieve several key goals of information security.

Confidentiality ensures that information is not accessible to unauthorized
parties. Integrity provides assurance that a message has not been altered
during transmission, either accidentally or intentionally. Authentication
validates the source of a message, confirming that the sender is properly
identified. Finally, Non-Repudiation prevents a sender from denying that they
sent a particular message.

4. What are some historical examples of cryptographic techniques?

Cryptography has a long history, dating back thousands of years. The

earliest known technique is the use of hieroglyphs by the Egyptians around
4000 years ago, which served as a secret code known only to scribes. The
Caesar Shift Cipher, used by Julius Caesar, is a classic example of a
substitution cipher where each letter is shifted by a fixed number of places
(often three). The Vigenère Cipher, developed in the 16th century,
introduced the concept of an encryption key, although it could still be
broken. The One Time Pad is a theoretically unbreakable cipher where the
key is random, the same length as the message, and used only once.
Columnar Transposition rearranges plaintext by columns. A more modern
historical example is the German Enigma Machine used in WWII, a complex
device that provided billions of ways to encode messages.

5. What is Kerckhoffs’s Principle and why is it important?

Kerckhoffs’s Principle states that a cryptosystem should remain secure even

if everything about the system, except the key, is publicly known. This
principle is paramount in modern cryptography because history has shown
that relying on the secrecy of the cipher algorithm itself is risky. Secret
ciphers are often broken once they are reverse-engineered. Therefore, the
security of a cryptosystem should depend solely on the secrecy of the key,
not the secrecy of the algorithm.

6. How are attacks on a cryptosystem typically categorized?

Attacks on cryptosystems are generally categorized as either passive or

active. Passive attacks aim to gain unauthorized access to information
without altering it or disrupting the communication channel. Examples
include intercepting and eavesdropping on communications. Active attacks,
on the other hand, involve changing the information or disrupting the
communication channel. This can include modifying data, initiating
unauthorized transmissions, altering authentication data, deleting data, or
denying access to legitimate users (denial of service).

7. What are some other common types of cryptographic attacks?

Beyond passive and active attacks, there are various methods attackers use
to try and break cryptosystems. A Ciphertext-Only Attack occurs when the
attacker only has access to the ciphertext and tries to find the plaintext and
key. A Known Plaintext Attack happens when the attacker has access to pairs
of plaintext and their corresponding ciphertext to deduce the key. A Chosen
Plaintext Attack involves the attacker selecting specific plaintexts and
obtaining their corresponding ciphertexts to find the key. A Dictionary Attack
involves building a list of ciphertexts and their known plaintexts to
potentially match new ciphertexts. A Brute Force Attack attempts every
possible key until the correct one is found. A Man-In-The-Middle (MITM) attack
intercepts communication between two parties. A Side Channel Attack
exploits weaknesses in the physical implementation of a cryptosystem rather
than the algorithm itself.

8. What is the difference between a passive and an active attack?

The fundamental difference between a passive and an active attack lies in

the attacker's interaction with the data and communication channel. A
passive attack is non-intrusive; the attacker's goal is simply to observe and
gather information without modifying it or disrupting the communication. It's
like eavesdropping. An active attack, conversely, involves the attacker
directly interacting with the data or channel by modifying information,
injecting false data, or disrupting the service. Active attacks aim to alter or
hinder the flow of information, while passive attacks are focused solely on
unauthorized access to information.

Note 

Information Assurance & Security - Cryptography Introduction

Study Guide

Quiz

What is the primary difference between cryptography and cryptanalysis?

Define plaintext and ciphertext.

What is the role of a key in cryptography?

List four goals of a cryptosystem.

Briefly describe the Caesar Shift Cipher.

What key concept did the Vigenère Cipher introduce compared to the Caesar
cipher?

What makes the One Time Pad cipher unique and theoretically unbreakable?

Explain the core idea behind Kerckhoffs’s Principle.

What is the main difference between a passive attack and an active attack
on a cryptosystem?

Briefly describe a Brute Force Attack.

Quiz Answer Key

Cryptography is the science of secret writing focused on hiding message

meaning, while cryptanalysis is the art and science of breaking ciphertext
and studying systems for weaknesses.

Plaintext is the original, unencrypted, readable message. Ciphertext is the

result of the encryption process, appearing as random characters.

A key acts like a lock and key for the encryption and decryption algorithms,
allowing them to function and transform data.

Four goals of a cryptosystem are Confidentiality, Integrity, Authentication,

and Non-Repudiation.

The Caesar Shift Cipher is a substitution cipher where each character of the
plaintext is shifted by a fixed number of positions (commonly three) to form
the ciphertext.

The Vigenère Cipher introduced the idea of using an encryption key, making
the secrecy of the message dependent on the key rather than the system
itself.

The One Time Pad is unbreakable because the key is the same length as the
message, made of random symbols, and is used only once.

Kerckhoffs’s Principle states that a cryptosystem should remain secure even

if everything about it except the key is publicly known.

A passive attack aims to obtain information without altering it or disrupting

communication (e.g., eavesdropping), while an active attack involves
modifying or disrupting information or communication (e.g., unauthorized
modification).
A Brute Force Attack attempts to find the decryption key by trying every
possible key combination until the correct one is found.

Essay Questions

Discuss the evolution of cryptography from ancient techniques like

hieroglyphs and the Caesar cipher to more complex historical methods such
as the Vigenère cipher and the One Time Pad. Highlight the key
advancements and their significance.

Explain the importance of the four goals of a cryptosystem (Confidentiality,

Integrity, Authentication, and Non-Repudiation) in ensuring information
security. Provide examples of how a successful cryptosystem achieves each
goal.

Compare and contrast the different types of attacks on a cryptosystem

discussed in the source material (e.g., Passive vs. Active, Known Plaintext vs.
Ciphertext Only). Analyze the methodologies and relative difficulty of each
attack type.

Explain Kerckhoffs’s Principle and its relevance in the context of modern

cryptography. Discuss why keeping cipher details secret is generally not
considered a reliable security measure compared to key secrecy.

Describe the German Enigma Machine and its historical significance during
WWII. Explain why it was initially considered unbreakable and how its
weaknesses were eventually exploited.

Glossary of Key Terms

Cryptography: The science of using mathematics to encrypt and decrypt

data; the art and science of keeping messages secure.

Cryptology: The study of codes, encompassing both cryptography and

cryptanalysis.

Cryptanalysis: The art and science of breaking ciphertext and studying

cryptographic systems to look for weaknesses.

Plaintext: An unencrypted, readable, plain message.

Ciphertext: The result of the encryption process; encrypted plaintext that

appears as random characters.
Cipher: The encryption algorithm that transforms plaintext into ciphertext.

Encryption: The process of applying a mathematical function to a file to

make its contents unreadable without the correct key.

Decryption: The reverse process of turning ciphertext back into plaintext.

Key: A secret piece of information used to lock and unlock an algorithm,

enabling the encryption or decryption process.

Confidentiality: The goal of ensuring that unauthorized parties cannot access

information.

Integrity: The assurance that a message has not been modified during
transmission.

Authentication: The process of validating the source of a message to ensure

the sender is properly identified.

Non-Repudiation: The ability to prevent a sender from denying that they sent
a message.

Hieroglyph: An ancient form of writing, used here as an example of an early

cryptographic technique.

Substitution Cipher: A cipher where each character of the plaintext is

substituted by another character to form the ciphertext.

Caesar Shift Cipher: A substitution cipher where letters are shifted a fixed
number of places down the alphabet.

Vigenère Cipher: A polyalphabetic substitution cipher that uses an encryption

key.

One Time Pad: An unbreakable cipher where the key is random, the same
length as the message, and used only once.

Columnar Transposition: A method that rearranges plaintext by columns or

rows.

Enigma Machine: A famous encryption machine used by the Germans during

WWII.

Kerckhoffs’s Principle: The principle that a cryptosystem should be secure

even if everything about the system except the key is public knowledge.

Passive Attack: An attack that obtains unauthorized access to information

without altering it or disrupting the communication channel.
Active Attack: An attack that involves changing information or disrupting the
communication channel in some way.

Ciphertext Only Attack: An attack where the attacker only knows the
ciphertext and tries to find the key and plaintext.

Known Plaintext Attack: An attack where the attacker is aware of pairs of

plaintext and their corresponding ciphertext.

Chosen-Plaintext Analysis: An attack conducted by choosing random

plaintexts and obtaining their corresponding ciphertexts.

Dictionary Attack: An attack that involves compiling a list of known plaintext-

ciphertext pairs (a "dictionary") to find corresponding plaintext for new
ciphertext.

Man-In-The-Middle (MITM) Attack: An attack that intercepts messages

between two communicating parties.

Brute Force Attack (BFA): An attack that tries every possible key to decrypt
ciphertext.

Side Channel Attack (SCA): An attack that exploits weaknesses in the

physical implementation of a cryptosystem rather than the algorithm itself.