1️⃣ What is the origin of the word cryptography? Briefly distinguish between cryptography and cryptanalysis.
✅ Greek: crypto‑secret, graphy‑writing
Cryptography – method to send secret messages using a code.
Cryptanalysis – trying to break the code and read those messages (slide 3).
2️⃣ Name two historical contributions mentioned in the lecture: one from ancient Greeks and one from Arab/Muslim scholars.
✅ scytale (Greeks) / Al‑Kindi's frequency analysis
Ancient Greeks/Spartans: scytale – a transposition cipher using a cylinder (slide 4).
Arabs/Muslims: Al‑Kindi wrote on cryptanalysis and frequency analysis (first descriptions).
3️⃣ List the five goals of cryptography presented in slide 6. Briefly explain each.
✅ confidentiality, integrity, authenticity, non‑repudiation
Confidentiality – data not disclosed to unauthorised parties.
Integrity – data cannot be modified undetected.
Authenticity – data origin / identity can be determined.
Non‑repudiation – entity cannot deny transmission/receipt.
(CIA + two more: authenticity & non‑repudiation).
4️⃣ Define: plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm (slides 7–9).
✅ basic terms
Plaintext – original message input.
Encryption algorithm – substitutions/transformations on plaintext.
Secret key – input to algorithm; determines exact transformations.
Ciphertext – scrambled output; depends on plaintext and key.
Decryption algorithm – encryption run in reverse, restores plaintext.
5️⃣ Differentiate between information‑theoretic (unconditional) security and computational security.
✅ unconditional vs practical
Information‑theoretic – ciphertext provides insufficient info to determine plaintext, even with unlimited power.
Computational – cost of breaking exceeds value of info, or time exceeds useful lifetime (slide 13).
6️⃣ According to slide 14, how do we typically assume a cipher is computationally secure? What is the risk?
✅ cryptanalysis by experts; risk: future breakthroughs
We let many experts try to break it; if they can't, we assume it's secure.
Risk – new algorithms, parallel computing, quantum computing may break it later.
7️⃣ Name and briefly describe the four types of cryptanalysis (threat models) from slides 15–20, from weakest to strongest.
✅ COA, KPA, CPA, CCA
Ciphertext‑only (COA) – attacker only has ciphertext.
Known‑plaintext (KPA) – attacker knows some plaintext/ciphertext pairs.
Chosen‑plaintext (CPA) – attacker can obtain ciphertext for chosen plaintext.
Chosen‑ciphertext (CCA) – attacker can obtain plaintext for chosen ciphertext.
8️⃣ Give a real‑world example of a chosen‑plaintext attack mentioned in the slides.
✅ Padding Oracle Attack
Attacker sends crafted inputs to study encryption responses, e.g., Padding Oracle attack on web services (slide 18).
9️⃣ Bleichenbacher's RSA attack belongs to which threat model? Briefly explain why.
✅ Chosen‑ciphertext attack (CCA)
Attacker chooses ciphertexts, observes error messages or decrypted results to recover the key (slide 19).
🔟 According to the network security model (slides 22–24), what are the four main tasks that must be accomplished?
✅ 1. algorithm design 2. generate secret 3. distribution 4. protocol
1. Design algorithm for security transformation (unbreakable purpose).
2. Generate secret information used with algorithm.
3. Develop methods for distribution/sharing of secret.
4. Specify protocol using algorithm and secret.
1️⃣1️⃣ What are the three broad categories of cryptographic algorithms listed in slide 27?
✅ secret‑key (symmetric), public‑key (asymmetric), hashing
1. Secret Key (symmetric)
2. Public Key (asymmetric)
3. Message Digest (hashing)
1️⃣2️⃣ What are the two main components of encryption techniques? In symmetric cryptography, which one must be kept secret?
✅ algorithm + key; key must be secret
Components: algorithm (what you do) and key (secret for encrypt/decrypt).
Security depends on secrecy of key, not algorithm (Kerckhoffs's principle).
1️⃣3️⃣ Differentiate between stream cipher and block cipher (slide 38). Give one example of a real‑world stream cipher.
✅ stream: bit/byte at a time; block: fixed block
Stream cipher – encrypts bits/bytes one at a time; randomised (e.g., RC4, A5/1).
Block cipher – encrypts fixed‑size blocks (e.g., 64 or 128 bits); deterministic with same key.
1️⃣4️⃣ Using XOR, show why PT ⊕ KEY = CT and CT ⊕ KEY = PT. What property makes this work?
✅ XOR is its own inverse
If CT = PT ⊕ KEY, then CT ⊕ KEY = (PT ⊕ KEY) ⊕ KEY = PT ⊕ (KEY ⊕ KEY) = PT ⊕ 0 = PT.
XOR truth table (slide 43) shows A ⊕ B ⊕ B = A.
1️⃣5️⃣ Given plaintext 0110 and keystream 1100, compute ciphertext using XOR. Then decrypt it back.
✅ ciphertext = 1010
Encrypt: 0110 ⊕ 1100 = 1010.
Decrypt: 1010 ⊕ 1100 = 0110 (original).
1️⃣6️⃣ Explain the key reuse attack on stream ciphers. What information can an attacker derive if the same keystream is used twice?
✅ CT1⊕CT2 = PT1⊕PT2
If same keystream K used: CT1 = PT1⊕K, CT2 = PT2⊕K.
Then CT1⊕CT2 = PT1⊕PT2, which leaks information and may lead to full plaintext recovery (slide 47).
1️⃣7️⃣ How does an Initialization Vector (IV) prevent the key reuse attack? Does the IV need to be secret?
✅ IV makes keystream unique per message
Keystream = F(key, IV). Even with same key, different IV → different keystream.
IV does not need to be secret, but must be unique per encryption with the same key (slide 50).
1️⃣8️⃣ Name two real‑world stream ciphers from the lecture and mention where they were used. Are they still considered secure?
✅ RC4 (WEP, TLS – broken), A5/1 (GSM – broken)
RC4 – used in WEP, TLS (now deprecated).
A5/1 – encrypts GSM phone data (reportedly broken by NSA).
Both are no longer recommended.
🔑 frequently used equations & concepts
XOR properties
A⊕0 = A
A⊕A = 0
(A⊕B)⊕C = A⊕(B⊕C)
stream cipher
CT = PT ⊕ KS
PT = CT ⊕ KS
key reuse leak
C₁⊕C₂ = P₁⊕P₂
IV in stream cipher
KS = F(key, IV)
threat models (weak→strong)
COA → KPA → CPA → CCA
security goals
confidentiality, integrity, authenticity, non‑repudiation
ACADEZI 2026