Correct Answer: To secure communication and information
Explanation:
Cryptography is the practice and study of techniques for secure communication in the presence of third parties called adversaries. Its main goal is to protect information.
Incorrect! Try again.
2In cryptography, what is unencrypted, readable data called?
Cryptography
Easy
A.Secret text
B.Ciphertext
C.Scrambled text
D.Plaintext
Correct Answer: Plaintext
Explanation:
Plaintext is the original, unencrypted message or data that is readable by anyone.
Incorrect! Try again.
3The process of converting plaintext into ciphertext is known as:
Cryptography
Easy
A.Encryption
B.Compression
C.Hashing
D.Decryption
Correct Answer: Encryption
Explanation:
Encryption is the process of encoding a message or information in such a way that only authorized parties can access it. It converts plaintext to ciphertext.
Incorrect! Try again.
4What is the name for data that has been encrypted and is unreadable without a key?
Cryptography
Easy
A.Open text
B.Raw text
C.Plaintext
D.Ciphertext
Correct Answer: Ciphertext
Explanation:
Ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. It is unreadable until it has been decrypted.
Incorrect! Try again.
5The process of converting ciphertext back into its original, readable form is called:
Cryptography
Easy
A.Decryption
B.Encryption
C.Encoding
D.Signing
Correct Answer: Decryption
Explanation:
Decryption is the reverse process of encryption. It transforms unreadable ciphertext back into understandable plaintext.
Incorrect! Try again.
6What is the key characteristic of symmetric cryptography?
Symmetric cryptography
Easy
A.It uses a pair of keys (public and private).
B.It does not require any keys.
C.It can only be used to create digital signatures.
D.It uses a single, shared key for both encryption and decryption.
Correct Answer: It uses a single, shared key for both encryption and decryption.
Explanation:
Symmetric cryptography, also known as secret-key cryptography, relies on a single key that both the sender and receiver use to encrypt and decrypt information.
Incorrect! Try again.
7What is a major challenge associated with symmetric cryptography?
Symmetric cryptography
Easy
A.It is not secure enough for modern use
B.Generating the key is difficult
C.The encryption process is too slow
D.Securely distributing the shared key
Correct Answer: Securely distributing the shared key
Explanation:
The main challenge of symmetric encryption is key distribution. Both parties must have the same secret key, and it must be exchanged over a secure channel, which can be difficult to establish.
Incorrect! Try again.
8Which of the following is a well-known example of a symmetric encryption algorithm?
AES is a widely used symmetric encryption algorithm. RSA and ECC are asymmetric algorithms, and SHA-256 is a hash function.
Incorrect! Try again.
9What is a primary advantage of symmetric encryption when compared to asymmetric encryption?
Symmetric cryptography
Easy
A.It does not require a shared secret
B.It is significantly faster
C.It is easier to manage keys
D.It provides non-repudiation
Correct Answer: It is significantly faster
Explanation:
Symmetric encryption algorithms are computationally less intensive and therefore much faster than asymmetric algorithms, making them ideal for encrypting large amounts of data.
Incorrect! Try again.
10How many keys are used for each user in asymmetric cryptography?
Asymmetric cryptography
Easy
A.A single shared key
B.No keys are used
C.A pair of keys: one public and one private
D.Three keys for redundancy
Correct Answer: A pair of keys: one public and one private
Explanation:
Asymmetric cryptography, also known as public-key cryptography, uses a mathematically linked key pair: a public key that can be shared with anyone, and a private key that is kept secret.
Incorrect! Try again.
11In asymmetric cryptography, which key is used to encrypt a message intended for a specific recipient?
Asymmetric cryptography
Easy
A.A shared secret key
B.The recipient's private key
C.The sender's private key
D.The recipient's public key
Correct Answer: The recipient's public key
Explanation:
To send a confidential message, the sender encrypts it using the recipient's public key. Only the recipient, who holds the corresponding private key, can decrypt it.
Incorrect! Try again.
12Which key must be kept completely secret by its owner in public-key cryptography?
Asymmetric cryptography
Easy
A.The public key
B.The shared key
C.The private key
D.The session key
Correct Answer: The private key
Explanation:
The security of asymmetric cryptography relies on the private key remaining secret. The public key is designed to be distributed openly.
Incorrect! Try again.
13What problem does asymmetric cryptography solve that is a major challenge for symmetric cryptography?
Asymmetric cryptography
Easy
A.Key distribution
B.Algorithm complexity
C.Data storage
D.Processing speed
Correct Answer: Key distribution
Explanation:
Asymmetric cryptography elegantly solves the key distribution problem. You can share your public key over an insecure channel without compromising the security of your private key.
Incorrect! Try again.
14Which of the following are considered the basic building blocks of cryptographic systems?
Cryptography primitives
Easy
A.Network firewalls
B.Operating systems
C.Cryptographic primitives
D.Antivirus software
Correct Answer: Cryptographic primitives
Explanation:
Cryptographic primitives are well-established, low-level cryptographic algorithms that are used to build more complex security systems (protocols).
Incorrect! Try again.
15A hash function is a cryptographic primitive that takes an input and produces a:
Cryptography primitives
Easy
A.Reversible, decrypted message
B.Public and private key pair
C.Fixed-size string of bytes (a digest)
D.Larger, encrypted version of the input
Correct Answer: Fixed-size string of bytes (a digest)
Explanation:
A key property of a cryptographic hash function is that it produces a fixed-size output (e.g., 256 bits for SHA-256) regardless of the size of the input data. This output is called a hash or digest.
Incorrect! Try again.
16What is the primary purpose of a digital signature, which is a type of cryptographic primitive?
Cryptography primitives
Easy
A.To make a message travel faster
B.To compress the size of a message
C.To hide the content of a message
D.To verify the authenticity and integrity of a message
Correct Answer: To verify the authenticity and integrity of a message
Explanation:
A digital signature ensures that a message was sent by the claimed sender (authenticity) and has not been altered in transit (integrity).
Incorrect! Try again.
17Which of these is NOT a cryptographic primitive?
Cryptography primitives
Easy
A.A web browser
B.A symmetric encryption algorithm
C.A hash function
D.A digital signature scheme
Correct Answer: A web browser
Explanation:
A web browser is an application that uses cryptographic primitives to secure connections (like HTTPS), but it is not a primitive itself. Encryption algorithms, hash functions, and signature schemes are fundamental building blocks.
Incorrect! Try again.
18Symmetric cryptography is also often referred to as:
Symmetric cryptography
Easy
A.Secret-key cryptography
B.Dual-key cryptography
C.Public-key cryptography
D.Open-key cryptography
Correct Answer: Secret-key cryptography
Explanation:
Because it uses a single key that must be kept secret between the communicating parties, it is commonly called secret-key or private-key cryptography.
Incorrect! Try again.
19Which of these is a popular real-world application of asymmetric cryptography?
Asymmetric cryptography
Easy
A.Streaming video content in real-time
B.Compressing files into a ZIP archive
C.Creating digital signatures for transactions
D.Encrypting the entire hard drive of a computer
Correct Answer: Creating digital signatures for transactions
Explanation:
Digital signatures are created using the sender's private key and verified using their public key. This is a core function of asymmetric cryptography and is fundamental to blockchains like Bitcoin.
Incorrect! Try again.
20The strength of a cryptographic system often depends on the secrecy of the:
Cryptography
Easy
A.Algorithm
B.Plaintext
C.Key
D.Sender's name
Correct Answer: Key
Explanation:
According to Kerckhoffs's Principle, a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Therefore, the security relies on keeping the key(s) secret.
Incorrect! Try again.
21An attacker intercepts a ciphertext block that was encrypted using AES in Cipher Block Chaining (CBC) mode. The attacker flips a single bit in . How will this modification affect the plaintext when the stream of ciphertext blocks is decrypted?
Symmetric cryptography
Medium
A.The entire message from block onwards will be corrupted and undecipherable.
B.The corresponding plaintext block will be completely corrupted, and the corresponding bit in the next plaintext block, , will be flipped.
C.Only the single corresponding bit in plaintext block will be flipped.
D.Only the corresponding plaintext block will be completely corrupted.
Correct Answer: The corresponding plaintext block will be completely corrupted, and the corresponding bit in the next plaintext block, , will be flipped.
Explanation:
In CBC mode, the decryption of a plaintext block is calculated as . A change in will completely garble the output of , thus corrupting all of . For the next block, . Since the original (now modified) is used in this calculation, it will flip the corresponding bit in while the rest of the block decrypts correctly.
Incorrect! Try again.
22A hybrid encryption scheme is often used to send a large, confidential file. This typically involves using both asymmetric and symmetric algorithms. What is the correct procedure for Alice to send such a file to Bob?
Asymmetric cryptography
Medium
A.Alice encrypts the file with Bob's public key directly.
B.Alice encrypts the file with her private key, then encrypts her private key with Bob's public key.
C.Alice generates a random symmetric key, encrypts the file with it, and then encrypts this symmetric key with Bob's public key.
D.Alice generates a random symmetric key, encrypts the file with it, and then encrypts this symmetric key with her own private key.
Correct Answer: Alice generates a random symmetric key, encrypts the file with it, and then encrypts this symmetric key with Bob's public key.
Explanation:
Asymmetric encryption is computationally expensive and not suitable for large files. The standard hybrid approach is to use a fast symmetric cipher (like AES) for the bulk encryption of the file. This requires a session key. To securely transmit this session key to Bob, Alice encrypts it using Bob's public key. Bob can then decrypt the session key with his private key and use it to decrypt the file.
Incorrect! Try again.
23What is the primary functional difference between a Message Authentication Code (MAC) and a digital signature?
Cryptography primitives
Medium
A.A MAC provides confidentiality, while a digital signature provides integrity.
B.A MAC can be verified by anyone, while a digital signature can only be verified by the recipient.
C.A MAC is generated using a shared secret key, while a digital signature is generated using a private key.
D.A MAC is faster to compute but less secure than a digital signature.
Correct Answer: A MAC is generated using a shared secret key, while a digital signature is generated using a private key.
Explanation:
The core difference lies in the key used. A MAC (like HMAC) uses a symmetric, shared secret key for both generation and verification. This means anyone who can verify the MAC can also create it. A digital signature uses an asymmetric key pair; it is created with a private key and verified with the corresponding public key. This provides the property of non-repudiation, as only the holder of the private key could have created the signature.
Incorrect! Try again.
24In a secure communication system, a nonce (number used once) is often included in messages. What is the primary security threat that using a nonce is designed to prevent?
Cryptography
Medium
A.Brute-force attacks on the encryption key.
B.Replay attacks, where an attacker re-sends a valid, previously captured message.
C.Dictionary attacks on user passwords.
D.Man-in-the-middle attacks during key exchange.
Correct Answer: Replay attacks, where an attacker re-sends a valid, previously captured message.
Explanation:
A replay attack involves an adversary intercepting a legitimate, encrypted message and re-transmitting it later to impersonate the original sender or repeat an action (e.g., a financial transaction). By including a unique, single-use nonce in each message, the server can check if it has seen that nonce before. If it has, the message is rejected as a replay, even if it is otherwise validly encrypted.
Incorrect! Try again.
25The security of the Diffie-Hellman key exchange protocol relies on the computational difficulty of which mathematical problem?
Asymmetric cryptography
Medium
A.The Discrete Logarithm Problem.
B.The Integer Factorization Problem.
C.The Traveling Salesman Problem.
D.The Subset Sum Problem.
Correct Answer: The Discrete Logarithm Problem.
Explanation:
In Diffie-Hellman, two parties exchange public values derived from their private keys ( and ). An eavesdropper can see the public values (), but to find the shared secret, they would need to compute the private key ( or ). Finding from requires solving the discrete logarithm problem, which is considered computationally infeasible for large numbers.
Incorrect! Try again.
26A developer is building a system for storing digital evidence. They need to create a unique fingerprint for each piece of evidence to detect even the slightest modification. Which property of a cryptographic hash function is most crucial for this application?
Cryptography primitives
Medium
A.Second preimage resistance.
B.Preimage resistance.
C.Fixed-size output.
D.Collision resistance.
Correct Answer: Second preimage resistance.
Explanation:
Second preimage resistance means that given an input M1, it is computationally infeasible to find a different input M2 such that hash(M1) = hash(M2). This is crucial for evidence integrity. If an attacker could find a second preimage, they could modify the evidence (M1 to M2) while keeping the hash fingerprint the same, thus bypassing the integrity check. While collision resistance is also important, second preimage resistance is the specific property that prevents modification of a known document.
Incorrect! Try again.
27Two independent software agents need to establish a secure, encrypted channel over an insecure network. They have no pre-shared secrets. What is the fundamental cryptographic problem they must solve before they can use a fast symmetric cipher like AES?
Symmetric cryptography
Medium
A.The Non-Repudiation Problem.
B.The Data Integrity Problem.
C.The Key Distribution Problem.
D.The Byzantine Generals' Problem.
Correct Answer: The Key Distribution Problem.
Explanation:
Symmetric ciphers like AES require both parties to have the same secret key. The challenge of securely establishing this shared key over an insecure channel, where an attacker might be listening, is known as the Key Distribution Problem. This is typically solved using an asymmetric protocol like Diffie-Hellman key exchange before switching to the symmetric cipher for the actual communication.
Incorrect! Try again.
28What is the core idea behind Kerckhoffs's Principle in cryptography?
Cryptography
Medium
A.Asymmetric cryptography is inherently more secure than symmetric cryptography.
B.Longer keys always result in a more secure cryptographic system.
C.The security of a system should rely on the secrecy of its algorithm (security through obscurity).
D.A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
Correct Answer: A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
Explanation:
Kerckhoffs's Principle states that a cryptosystem's security should not depend on the secrecy of its design or algorithm. Instead, it should hinge solely on the secrecy of the key. This allows for public scrutiny, analysis, and standardization of algorithms (like AES and RSA), leading to more robust and trusted systems, as opposed to 'security through obscurity' where the algorithm itself is kept secret.
Incorrect! Try again.
29Compared to RSA with a 2048-bit key, Elliptic Curve Cryptography (ECC) offers a similar level of security with a much smaller key size (e.g., 256 bits). What is the most significant practical advantage of this smaller key size?
Asymmetric cryptography
Medium
A.It allows the public key to be kept secret while the private key is shared.
B.It provides better protection against quantum computing attacks.
C.It makes the encryption algorithm easier for developers to implement from scratch.
D.It reduces the computational overhead, storage, and bandwidth requirements.
Correct Answer: It reduces the computational overhead, storage, and bandwidth requirements.
Explanation:
The primary benefit of ECC's smaller key sizes is efficiency. Generating keys, performing encryption/decryption, and creating digital signatures are all faster with ECC. The smaller keys and signatures also consume less storage space and require less bandwidth to transmit, which is particularly advantageous in resource-constrained environments like mobile devices and IoT.
Incorrect! Try again.
30In the context of creating a digital signature, why is the message typically hashed before being encrypted with the signer's private key?
Cryptography primitives
Medium
A.To create a fixed-size input for the signing algorithm and improve performance.
B.To convert the message into a format that the private key can encrypt.
C.Hashing adds an extra layer of confidentiality to the message.
D.Hashing is not necessary; the entire message is always encrypted.
Correct Answer: To create a fixed-size input for the signing algorithm and improve performance.
Explanation:
There are two main reasons. First, asymmetric signing operations are computationally intensive. Hashing the message first produces a short, fixed-size digest, making the signing process much faster than signing a potentially very large message. Second, signing algorithms are designed to work on fixed-size inputs. The hash function provides this required input format, ensuring the process is both efficient and standardized.
Incorrect! Try again.
31A real-time video streaming service needs to encrypt its content. The connection may be lossy, and an error or dropped packet in the transmission should not corrupt subsequent, unrelated parts of the stream. Which type of symmetric cipher is generally more suitable for this use case?
Symmetric cryptography
Medium
A.A stream cipher or a block cipher in a stream-like mode (e.g., CTR).
B.A one-time pad.
C.A block cipher in CBC (Cipher Block Chaining) mode.
D.A block cipher in ECB (Electronic Codebook) mode.
Correct Answer: A stream cipher or a block cipher in a stream-like mode (e.g., CTR).
Explanation:
Stream ciphers (or block ciphers in a mode like Counter/CTR mode) encrypt data bit-by-bit or byte-by-byte. A key advantage is that there is no error propagation. An error in one part of the ciphertext will only affect the corresponding part of the plaintext. In contrast, modes like CBC have error propagation, where a single bit error in a ciphertext block will corrupt its entire corresponding plaintext block and a part of the next one, making them less ideal for lossy, real-time streams.
Incorrect! Try again.
32You have two distinct messages, M1 and M2. You compute their hashes, H(M1) and H(M2). You then concatenate the messages to form M3 = M1 || M2. What is the expected relationship between H(M3) and the individual hashes H(M1) and H(M2)?
Cryptography primitives
Medium
A.There is no simple mathematical relationship due to the avalanche effect.
B.H(M3) = H(M1) + H(M2)
C.H(M3) can be calculated by hashing the concatenation of H(M1) and H(M2).
D.H(M3) will be twice the length of H(M1).
Correct Answer: There is no simple mathematical relationship due to the avalanche effect.
Explanation:
Cryptographic hash functions exhibit the avalanche effect, which means a tiny change in the input (like appending M2 to M1) results in a drastic and unpredictable change in the output hash. There is no simple way to compute H(M1 || M2) from H(M1) and H(M2). The entire concatenated message M3 must be processed by the hash function to get the final result.
Incorrect! Try again.
33A user wants to prove they control a Bitcoin address without revealing their private key. A challenger provides the user with a random message. How can the user generate a proof?
Asymmetric cryptography
Medium
A.By encrypting the random message with their private key, which the challenger decrypts with the public key.
B.By creating a digital signature of the random message using their private key.
C.By hashing their private key and sending the hash to the challenger.
D.By encrypting the random message with the challenger's public key.
Correct Answer: By creating a digital signature of the random message using their private key.
Explanation:
This is a classic 'challenge-response' authentication mechanism that uses digital signatures. The user signs the specific message provided by the challenger with the private key corresponding to their public key (and thus their address). The challenger can then use the user's public key to verify that the signature is valid for that specific message. This proves ownership of the private key without it ever being revealed.
Incorrect! Try again.
34If a government agency wants to be able to access encrypted communications by compelling a third party to hand over decryption keys, what type of system would they be advocating for?
Cryptography
Medium
A.Steganography.
B.Perfect forward secrecy.
C.Key escrow.
D.End-to-end encryption.
Correct Answer: Key escrow.
Explanation:
Key escrow is a system where the keys needed to decrypt encrypted data are held in escrow by a trusted third party. Under certain conditions (like a court order), this third party can release the keys to authorized entities. This is in direct contrast to end-to-end encryption where only the communicating parties have the keys.
Incorrect! Try again.
35Why is the Electronic Codebook (ECB) mode of operation for block ciphers considered insecure for most applications?
Symmetric cryptography
Medium
A.It is highly susceptible to bit-flipping attacks that go undetected.
B.It requires a key that is the same length as the message being encrypted.
C.It is significantly slower than other modes like CBC or CTR.
D.Identical plaintext blocks are encrypted into identical ciphertext blocks, revealing patterns in the data.
Correct Answer: Identical plaintext blocks are encrypted into identical ciphertext blocks, revealing patterns in the data.
Explanation:
In ECB mode, each block of plaintext is encrypted independently with the same key. This means that if two plaintext blocks are identical, their corresponding ciphertext blocks will also be identical. This leaks a significant amount of information about the structure of the original data. A famous example is an image of a penguin encrypted in ECB mode, where the outline of the penguin remains clearly visible in the ciphertext.
Incorrect! Try again.
36What is the primary benefit of implementing Perfect Forward Secrecy (PFS) in a communication protocol like TLS?
Cryptography
Medium
A.If a long-term private key is compromised, past session keys and messages remain secure.
B.It allows the server's private key to be used for both signing and encryption.
C.It ensures that all messages within a session are encrypted with the same key, improving efficiency.
D.It prevents an attacker from brute-forcing the session key.
Correct Answer: If a long-term private key is compromised, past session keys and messages remain secure.
Explanation:
Perfect Forward Secrecy ensures that a unique, ephemeral session key is generated for each communication session without using the server's long-term private key to directly encrypt it. Protocols like Diffie-Hellman Ephemeral (DHE) are used. This means that even if an attacker later steals the server's long-term private key, they cannot use it to go back and decrypt previously recorded sessions, as each session was protected by a temporary key that has been discarded.
Incorrect! Try again.
37In the RSA algorithm, a user has a public key and a private key . What is the fundamental mathematical relationship between the components , , and ?
Asymmetric cryptography
Medium
A. and are prime factors of .
B.
C., where is Euler's totient function.
D.
Correct Answer: , where is Euler's totient function.
Explanation:
The security of RSA relies on the properties of modular arithmetic. The modulus is the product of two large prime numbers, and . Euler's totient function . The public exponent and private exponent are chosen to be modular multiplicative inverses of each other modulo . This relationship ensures that encrypting with and decrypting with (or vice versa) correctly restores the original message.
Incorrect! Try again.
38While both AES and DES are symmetric block ciphers, the primary reason DES is considered insecure for modern applications is its susceptibility to which specific type of attack?
Symmetric cryptography
Medium
A.Man-in-the-middle attack.
B.Brute-force attack.
C.Side-channel attack.
D.Replay attack.
Correct Answer: Brute-force attack.
Explanation:
The main vulnerability of DES is its small key size of 56 bits. This means there are only possible keys. While this was a large number when DES was created, modern computing power makes it feasible to try every possible key in a reasonable amount of time. This is a brute-force attack. AES, with key sizes of 128, 192, or 256 bits, has a key space that is astronomically larger, making brute-force attacks computationally infeasible.
Incorrect! Try again.
39A security protocol requires a unique, single-use session key for every communication instance to ensure forward secrecy. Which cryptographic primitive is essential for generating these keys in a way that is unpredictable to an attacker?
Cryptography primitives
Medium
A.A Cryptographically Secure Pseudorandom Number Generator (CSPRNG).
B.A block cipher in ECB mode.
C.A standard hash function (like SHA-256).
D.A public key certificate.
Correct Answer: A Cryptographically Secure Pseudorandom Number Generator (CSPRNG).
Explanation:
The security of ephemeral session keys depends on their randomness and unpredictability. A CSPRNG is specifically designed for this purpose. It generates sequences of numbers that are not only statistically random but also computationally infeasible to predict, even with knowledge of previous outputs. Standard PRNGs are not suitable as their outputs can often be predicted if the internal state is discovered.
Incorrect! Try again.
40Which of the following scenarios best illustrates a trade-off between security and performance in a cryptographic system?
Cryptography
Medium
A.Implementing a nonce to prevent replay attacks.
B.Choosing between a 2048-bit RSA key and a 4096-bit RSA key for a TLS certificate.
C.Using a public, well-vetted algorithm like AES instead of a secret, proprietary one.
D.Hashing a password before storing it in a database.
Correct Answer: Choosing between a 2048-bit RSA key and a 4096-bit RSA key for a TLS certificate.
Explanation:
This is a classic trade-off. A 4096-bit RSA key provides a significantly higher level of security against brute-force and factorization attacks compared to a 2048-bit key. However, the mathematical operations (key generation, signing, verification) with the larger key are much more computationally expensive, which can lead to increased latency and higher CPU usage on servers. System architects must balance the required security level against the performance impact.
Incorrect! Try again.
41A web service uses a MAC to authenticate API requests, constructed as MAC = SHA256(secret_key || message). An attacker intercepts a valid message m = "user=admin&command=view" and its corresponding MAC. The attacker does not know the secret_key. What vulnerability is present in this scheme?
Cryptography primitives
Hard
A.The scheme is vulnerable to a pre-image attack, allowing the attacker to recover the secret_key from the MAC.
B.The scheme is perfectly secure as SHA-256 is a secure hash function and the key is prepended.
C.The scheme is vulnerable to a length extension attack, allowing the attacker to forge a new valid MAC for a message m' that appends data to the original message m.
D.The scheme is vulnerable to a collision attack, allowing the attacker to find a different message m' that produces the same MAC, but m' cannot be controlled.
Correct Answer: The scheme is vulnerable to a length extension attack, allowing the attacker to forge a new valid MAC for a message m' that appends data to the original message m.
Explanation:
This construction is the classic example of a length extension vulnerability. Since SHA-256 (like MD5, SHA-1) processes data in blocks and outputs its internal state, an attacker can use the MAC (the hash of key || m) as the initial state to continue hashing appended data (|| padding || new_data). This allows them to compute a valid MAC for m || padding || new_data without knowing the secret key. The HMAC construction was designed specifically to prevent this.
Incorrect! Try again.
42An attacker modifies a single bit in the 5th ciphertext block () of a message encrypted using AES in Cipher Block Chaining (CBC) mode. Assuming the modification does not affect the padding, how will this error propagate upon decryption?
Symmetric cryptography
Hard
A.The entirety of the 5th plaintext block () will be garbled, and all subsequent plaintext blocks () will also be completely garbled.
B.The entirety of the 5th plaintext block () and the 6th plaintext block () will be completely garbled.
C.Only a single bit in the 5th plaintext block () will be flipped.
D.The entirety of the 5th plaintext block () will be garbled, and a single corresponding bit in the 6th plaintext block () will be flipped.
Correct Answer: The entirety of the 5th plaintext block () will be garbled, and a single corresponding bit in the 6th plaintext block () will be flipped.
Explanation:
In CBC decryption, each plaintext block is calculated as . A change in will make the result of completely random, thus garbling the entire plaintext block . For the next block, . Since the decryption of is correct, the error from the modified will be XORed with it, flipping exactly the bit(s) in that correspond to the flipped bit(s) in . Subsequent blocks are not affected.
Incorrect! Try again.
43A developer needs to design a system for securely transmitting large video files (often > 2GB) between users. Why would a hybrid encryption scheme (e.g., ECIES - Elliptic Curve Integrated Encryption Scheme) be vastly superior to using a pure asymmetric scheme like RSA directly on the data?
Asymmetric cryptography
Hard
A.Asymmetric key sizes (e.g., 2048-bit) are too small to securely encrypt gigabytes of data, requiring a symmetric cipher with a larger effective key space.
B.Asymmetric cryptography does not provide integrity protection, whereas hybrid schemes inherently include it.
C.Asymmetric cryptography is significantly slower and has strict message size limits, making it impractical for large data. Hybrid schemes use it only to encrypt a small symmetric key.
D.Pure asymmetric encryption is vulnerable to man-in-the-middle attacks, while hybrid encryption is not.
Correct Answer: Asymmetric cryptography is significantly slower and has strict message size limits, making it impractical for large data. Hybrid schemes use it only to encrypt a small symmetric key.
Explanation:
Asymmetric algorithms like RSA and ECC are based on complex mathematical problems and are computationally very expensive (slow) compared to symmetric algorithms like AES. Furthermore, 'textbook' RSA can only encrypt data smaller than its modulus size (e.g., < 256 bytes for RSA-2048). A hybrid scheme combines the best of both worlds: it uses the efficiency of a symmetric cipher for the large data and the convenience of public-key crypto to securely exchange the small symmetric key.
Incorrect! Try again.
44A blockchain wallet implementation using ECDSA consistently uses the same random value 'k' (the ephemeral key) when signing two different transactions with the same private key. What is the catastrophic consequence of this implementation flaw?
Cryptography primitives
Hard
A.The second transaction will be rejected by the network as a duplicate signature.
B.It allows an attacker to create a collision, where they can find a third message that results in one of the two signatures.
C.An attacker observing both signatures can compute the user's private key.
D.It slightly weakens the security of the elliptic curve used but does not expose the private key directly.
Correct Answer: An attacker observing both signatures can compute the user's private key.
Explanation:
The ECDSA signature equation for a message hash h is , where . Here, d is the private key and k is the secret nonce. If two signatures and are generated for two message hashes and using the same k (and thus the same r), an attacker can set up two linear equations: and . By manipulating the equations, they can solve for . Once k is known, they can substitute it back into either equation to solve for the private key d. This is a complete security failure.
Incorrect! Try again.
45A high-performance storage system needs to encrypt files on disk, supporting parallel read/write operations and random access to any part of a file without reading the whole file. Which block cipher mode of operation is most suitable for this requirement and why?
Symmetric cryptography
Hard
A.Cipher Block Chaining (CBC) mode, because its chaining mechanism ensures the integrity of the file structure.
B.Cipher Feedback (CFB) mode, because it operates like a stream cipher, which is ideal for file-based data streams.
C.Counter (CTR) mode, because each block can be encrypted or decrypted independently of the others, allowing for parallelization and random access.
D.Electronic Codebook (ECB) mode, because its simplicity leads to the highest performance for bulk encryption.
Correct Answer: Counter (CTR) mode, because each block can be encrypted or decrypted independently of the others, allowing for parallelization and random access.
Explanation:
CTR mode turns a block cipher into a stream cipher. It encrypts a nonce and a counter value, then XORs the result with the plaintext. The encryption of counter block i depends only on the key, the nonce, and i, not on any other plaintext or ciphertext block. This decoupling means that any block can be encrypted or decrypted on its own, making it perfectly suited for parallel processing and random access. CBC, CFB, and OFB all have sequential dependencies that prevent this.
Incorrect! Try again.
46Alice and Bob perform a classic Diffie-Hellman key exchange over an insecure channel to establish a shared secret. An attacker, Eve, is positioned as a Man-in-the-Middle (MitM). Which statement accurately describes the flaw in the basic DH protocol that Eve can exploit?
Asymmetric cryptography
Hard
A.The computational difficulty of the Discrete Logarithm Problem is not high enough to prevent Eve from calculating the private keys from the public values.
B.The protocol does not guarantee a unique shared secret, allowing Eve to force Alice and Bob to compute a key that she already knows.
C.The protocol is vulnerable to replay attacks, allowing Eve to reuse an old session key.
D.The protocol provides no authentication of the parties. Eve can perform separate DH exchanges with Alice and Bob, making them believe they are talking to each other.
Correct Answer: The protocol provides no authentication of the parties. Eve can perform separate DH exchanges with Alice and Bob, making them believe they are talking to each other.
Explanation:
The fundamental weakness of the raw Diffie-Hellman protocol is that it is unauthenticated. When Alice receives a public value, she has no way of knowing it actually came from Bob; it could have come from Eve. Eve can intercept Alice's public value, send her own to Bob, intercept Bob's, and send her own to Alice. This results in Eve establishing a shared secret with Alice, and a different shared secret with Bob, while relaying their messages. To fix this, the public values must be authenticated, typically by signing them.
Incorrect! Try again.
47A web server decrypts a cookie encrypted with AES in CBC mode. When it receives a manipulated cookie, it sometimes returns a "500 Internal Server Error" if the PKCS#7 padding is invalid, and a "401 Unauthorized" if the padding is valid but the decrypted content is meaningless. What type of vulnerability does this behavior create?
Symmetric cryptography
Hard
A.A timing attack, where the attacker measures the time difference between the two error messages to infer the key.
B.A chosen-plaintext attack, where the attacker can encrypt arbitrary data to find weaknesses in the AES algorithm itself.
C.A length extension attack, which allows the attacker to append malicious data to the existing cookie.
D.A padding oracle attack, which allows an attacker to decrypt the cookie's contents byte-by-byte without knowing the key.
Correct Answer: A padding oracle attack, which allows an attacker to decrypt the cookie's contents byte-by-byte without knowing the key.
Explanation:
This is a classic padding oracle. The server's differential response to padding validity acts as an 'oracle' that tells the attacker whether their guess for the last byte of a plaintext block was correct. By systematically manipulating the last byte of the preceding ciphertext block () and observing the server's response, an attacker can iteratively guess the value of the last byte of the intermediate state (). Once that is known, they can work backwards byte-by-byte to decrypt the entire ciphertext block, all without ever learning the encryption key.
Incorrect! Try again.
48In a system where a message's author (Alice) must be provably linked to a message sent to a recipient (Bob), such that Bob can later prove to a third party (a judge) that Alice sent the message, which cryptographic primitive is required and why?
Cryptography primitives
Hard
A.A simple cryptographic hash of the message, as it creates a unique fingerprint that can be attributed to Alice.
B.A keyed hash function (like HMAC), because it proves the message originated from a keyholder and has not been tampered with.
C.A Message Authentication Code (MAC), because it uses a shared secret between Alice and Bob, ensuring only they could have created it.
D.A digital signature, because it is publicly verifiable using Alice's public key, providing non-repudiation.
Correct Answer: A digital signature, because it is publicly verifiable using Alice's public key, providing non-repudiation.
Explanation:
The key requirement is proving the message's origin to a third party. A MAC cannot achieve this. Since a MAC is generated with a key shared between Alice and Bob, Bob could have also generated the MAC himself. Therefore, he cannot prove to a judge that Alice was the unique source. This property is called repudiation. A digital signature, however, is created with Alice's private key, which only she knows. Anyone, including a judge, can use her publicly available public key to verify the signature, proving that it could have only been created by the holder of the corresponding private key. This provides non-repudiation.
Incorrect! Try again.
49An engineer implements RSA encryption without using a proper padding scheme like OAEP (i.e., 'textbook RSA' where ). What is a significant security flaw of this implementation?
Asymmetric cryptography
Hard
A.It is impossible to encrypt messages that are numerically larger than the exponent e.
B.It is deterministic, meaning the same message M always produces the same ciphertext C, which leaks information and makes it vulnerable to chosen-plaintext attacks.
C.The encryption process becomes significantly slower than with padding, making it impractical.
D.It prevents the use of the Chinese Remainder Theorem for faster decryption.
Correct Answer: It is deterministic, meaning the same message M always produces the same ciphertext C, which leaks information and makes it vulnerable to chosen-plaintext attacks.
Explanation:
Textbook RSA is deterministic. If an attacker suspects a message is one of a few possibilities (e.g., 'YES' or 'NO'), they can simply encrypt each possibility with the public key and see if it matches the intercepted ciphertext. This is a serious information leak. Furthermore, textbook RSA is malleable. Padding schemes like OAEP introduce randomness, making the encryption probabilistic and preventing these and other attacks.
Incorrect! Try again.
50An attacker compromises the long-term private key of a TLS web server. They have also been recording all encrypted traffic to this server for the past year. Which property, if implemented in the server's TLS configuration, would prevent the attacker from decrypting the previously recorded traffic?
Asymmetric cryptography
Hard
A.Using a stronger cipher suite like AES-256-GCM instead of an older one.
B.Perfect Forward Secrecy (PFS), achieved by using an ephemeral Diffie-Hellman key exchange (DHE/ECDHE) for each session.
C.Non-repudiation, provided by the server's RSA signature on the certificate.
D.Certificate Pinning, which prevents the use of fraudulent certificates for Man-in-the-Middle attacks.
Correct Answer: Perfect Forward Secrecy (PFS), achieved by using an ephemeral Diffie-Hellman key exchange (DHE/ECDHE) for each session.
Explanation:
Perfect Forward Secrecy ensures that the compromise of a long-term key does not compromise past session keys. This is achieved by generating a new, temporary (ephemeral) key pair for each session via a key exchange protocol like Diffie-Hellman (DHE or ECDHE). The long-term private key is only used to sign the parameters of this ephemeral key exchange to authenticate the server. Since the ephemeral keys are discarded after the session, an attacker who later steals the long-term key has no way to derive the old session keys and cannot decrypt the recorded traffic.
Incorrect! Try again.
51A software vendor uses SHA-256 hashes of its software executables for integrity checks. An attacker's goal is to replace the legitimate software X with a malicious version Y without the user noticing. The attacker manages to create a malicious Y such that hash(X) = hash(Y). Which property of the hash function has the attacker broken?
Cryptography primitives
Hard
A.Pre-image resistance (or one-wayness).
B.The avalanche effect.
C.Collision resistance.
D.Second pre-image resistance.
Correct Answer: Second pre-image resistance.
Explanation:
This scenario is the definition of breaking second pre-image resistance. Given a specific input X, the goal is to find a different input Y that produces the same hash. Collision resistance is the ability to find any two different inputs M1, M2 that hash to the same value, but M1 and M2 can be chosen by the attacker. Breaking second pre-image resistance is harder because one of the inputs (X) is fixed. Pre-image resistance is finding an input for a given hash output.
Incorrect! Try again.
52A startup designs a new blockchain and claims it has 'unbreakable security' because they developed a novel, proprietary encryption algorithm whose workings are kept a trade secret. A cryptographer criticizes this approach, citing a long-standing principle in cryptography. What principle is being violated?
Cryptography
Hard
A.The principle of forward secrecy, which protects past sessions against future compromises of secret keys.
B.Shannon's principle of confusion and diffusion, which relates to the properties of the cipher's internal operations.
C.Kerckhoffs's Principle, which states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
D.The principle of computational security, which states that security should rely on computationally hard problems.
Correct Answer: Kerckhoffs's Principle, which states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Explanation:
Kerckhoffs's Principle is a fundamental tenet of modern cryptography. It posits that the security of a system should depend solely on the secrecy of the key, not the secrecy of the algorithm itself. Relying on a secret algorithm is 'security through obscurity,' which is widely discredited. Public algorithms like AES and SHA-3 have been subjected to years of intense public scrutiny by experts, giving us confidence in their security. A proprietary algorithm has not undergone this vetting and is likely to contain flaws.
Incorrect! Try again.
53In a secure network protocol, a packet consists of an unencrypted header and an encrypted payload. The header contains routing information that must be readable by intermediaries, but its integrity must be protected to prevent tampering. The payload requires both confidentiality and integrity. Which cryptographic construction is specifically designed for this scenario?
Symmetric cryptography
Hard
A.CBC mode encryption for the payload, with a separate HMAC for the header.
B.A digital signature applied to the entire packet (header and payload).
C.Encrypt-then-MAC, where the payload is encrypted and then a MAC is computed over the header and the ciphertext.
D.An Authenticated Encryption with Associated Data (AEAD) scheme like AES-GCM.
Correct Answer: An Authenticated Encryption with Associated Data (AEAD) scheme like AES-GCM.
Explanation:
AEAD schemes are designed for exactly this purpose. They take a key, a nonce, plaintext, and 'associated data' (AD) as input. The plaintext is encrypted to provide confidentiality. Both the resulting ciphertext and the associated data are authenticated to provide integrity. In this case, the packet header would be the associated data—it is not encrypted but is included in the authentication tag calculation. This ensures that if an attacker modifies the header, the tag verification will fail upon receipt.
Incorrect! Try again.
54Consider two encryption schemes: Scheme A is AES-256, and Scheme B is a correctly implemented one-time pad (OTP). An adversary has access to unlimited computational power. What is the security status of these two schemes against this adversary?
Cryptography
Hard
A.Both schemes would remain secure, as their security is purely mathematical.
B.Scheme B would be broken, but Scheme A would remain secure.
C.Scheme A would be broken, but Scheme B would remain secure.
D.Both Scheme A and Scheme B would be broken.
Correct Answer: Scheme A would be broken, but Scheme B would remain secure.
Explanation:
Scheme A (AES) offers computational security. Its security relies on the assumption that certain mathematical problems are too hard to solve in a reasonable amount of time. An adversary with infinite computational power could simply brute-force the 256-bit key. Scheme B (OTP), however, offers unconditional or perfect security. The ciphertext produced by an OTP leaks zero information about the plaintext. Even with infinite computing power, every possible plaintext of the same length is equally likely, so the adversary can never be certain which one is correct.
Incorrect! Try again.
55In a Bitcoin-like system, a block's transactions are organized in a Merkle tree. An attacker finds a practical way to break the second pre-image resistance of the hash function used (e.g., SHA-256). What new malicious capability does this give the attacker regarding a specific, existing transaction TX_A in the tree?
Cryptography primitives
Hard
A.The attacker can find two new transactions, TX_C and TX_D, that have the same hash, allowing them to bloat the blockchain.
B.The attacker can create a new, malicious transaction TX_B that produces the same hash as TX_A, and substitute it into the block without invalidating the Merkle root.
C.The attacker can reverse the hash of TX_A to find its original content, breaking transaction privacy.
D.The attacker can modify TX_A slightly (e.g., change the recipient) in a way that preserves its original hash value.
Correct Answer: The attacker can create a new, malicious transaction TX_B that produces the same hash as TX_A, and substitute it into the block without invalidating the Merkle root.
Explanation:
Second pre-image resistance means that for a given input m1, it is infeasible to find a different input m2 such that hash(m1) = hash(m2). If an attacker can break this for a transaction TX_A, they can craft a malicious transaction TX_B where hash(TX_A) = hash(TX_B). Since the Merkle tree is built upon these hashes, the attacker could present TX_B to a light client along with the original Merkle proof for TX_A. The proof would still validate against the block's Merkle root, effectively tricking the client into accepting the malicious transaction.
Incorrect! Try again.
56A developer uses AES in CTR mode to encrypt two different plaintexts, and , but mistakenly reuses the same key and Initialization Vector (IV). An attacker intercepts the two resulting ciphertexts, and . What information can the attacker derive?
Symmetric cryptography
Hard
A.The original encryption key, by performing differential analysis on and .
B.The XOR sum of the two plaintexts (), by computing .
C.Only the length of the plaintexts, but nothing about their content.
D.The complete plaintext of , but not .
Correct Answer: The XOR sum of the two plaintexts (), by computing .
Explanation:
In CTR mode, encryption is performed by generating a keystream and XORing it with the plaintext: . If the same key and IV are used for two plaintexts and , they will be XORed with the exact same keystream. The attacker gets and . If the attacker XORs the two ciphertexts together, the keystream cancels out: . This is the classic 'two-time pad' vulnerability and is a catastrophic failure of confidentiality.
Incorrect! Try again.
57When designing a system for resource-constrained IoT devices, a choice must be made between 2048-bit RSA and 256-bit ECC for digital signatures. Which statement provides the most accurate and detailed performance trade-off?
Asymmetric cryptography
Hard
A.Both have comparable performance, but ECC is chosen for its smaller key and signature sizes, which save bandwidth and storage.
B.ECC signature generation is significantly faster than RSA's, but RSA signature verification is significantly faster than ECC's, presenting a trade-off depending on the device's primary role.
C.RSA is faster for both signature generation and verification, but its keys are too large for IoT devices.
D.ECC is significantly faster for both signature generation and verification, making it the clear choice.
Correct Answer: ECC signature generation is significantly faster than RSA's, but RSA signature verification is significantly faster than ECC's, presenting a trade-off depending on the device's primary role.
Explanation:
For keys of comparable security strength (ECC-256 vs RSA-2048), ECC signature generation is relatively fast. RSA signature generation (which involves the large private exponent) is slow. Conversely, RSA signature verification is extremely fast because it uses the small public exponent (e.g., 65537). ECC signature verification is slower than RSA's as it requires two point multiplications. Therefore, an IoT device that mostly signs data would benefit greatly from ECC's fast generation, while a system that mostly verifies signatures might find RSA's fast verification advantageous.
Incorrect! Try again.
58An attacker is attempting to extract the AES private key from a smart card. They do not attack the algorithm mathematically. Instead, they use a high-precision oscilloscope to measure the minuscule variations in the smart card's power consumption during the execution of the SubBytes step for different inputs. By analyzing the statistical correlation between the power traces and the data being processed, they can infer parts of the key. What is this type of attack called?
Cryptography
Hard
A.A fault injection attack.
B.Differential Power Analysis (DPA).
C.A timing attack.
D.A chosen-ciphertext attack.
Correct Answer: Differential Power Analysis (DPA).
Explanation:
This is a textbook description of Differential Power Analysis (DPA), a powerful form of side-channel attack. It works by collecting many power consumption traces while the device encrypts different plaintexts and then using statistical methods to test hypotheses about bits of the secret key. If a key bit hypothesis is correct, it will correlate with a predictable pattern in power consumption across the many traces. A timing attack measures execution time, a fault injection attack induces errors, and a chosen-ciphertext attack is a purely mathematical attack.
Incorrect! Try again.
59Public-key cryptography is fundamentally enabled by the existence of a specific class of mathematical functions. Which of the following best describes the essential properties of this class of functions, known as 'trapdoor one-way functions'?
Cryptography
Hard
A.They are functions where the output is always smaller than the input, providing data compression.
B.They are functions that are bijective (one-to-one) and whose inverse is as easy to compute as the forward direction.
C.They are functions that are computationally infeasible to compute in either direction without a secret key.
D.They are easy to compute in one direction, but computationally infeasible to invert (compute the inverse), unless a secret piece of information (the 'trapdoor') is known.
Correct Answer: They are easy to compute in one direction, but computationally infeasible to invert (compute the inverse), unless a secret piece of information (the 'trapdoor') is known.
Explanation:
This is the definition of a trapdoor one-way function. 'One-way' means it's easy to compute but hard to find given . The 'trapdoor' is the secret information (e.g., the private key) that makes the hard inverse computation easy. For RSA, the function is modular exponentiation (). Inverting it is equivalent to factoring N, which is hard. The trapdoor is the factorization of N, which allows for easy inversion. This property is the bedrock of all public-key cryptosystems.
Incorrect! Try again.
60The HMAC (Hash-based Message Authentication Code) construction is defined as , where ipad and opad are constant padding strings. How does this double-hash, padded construction specifically defeat the length extension attacks that plague a naive construction?
Cryptography primitives
Hard
A.The outer hash function uses a different algorithm from the inner hash function, breaking the continuity required for the attack.
B.The use of two different padding constants (ipad and opad) ensures that the final hash output is always a fixed length, preventing any extension.
C.The key K is XORed with padding, which effectively doubles the key length and makes brute-force attacks infeasible.
D.The outer hash is applied to the output of the inner hash. An attacker cannot extend the message because they do not know the result of the inner hash's input, which is prepended by the secret key ().
Correct Answer: The outer hash is applied to the output of the inner hash. An attacker cannot extend the message because they do not know the result of the inner hash's input, which is prepended by the secret key ().
Explanation:
The security of HMAC against length extension attacks comes from the outer hash. In a simple attack, the attacker uses the MAC output, which is the internal state of the hash function, to continue hashing new data. In HMAC, the output of the inner hash is not revealed. It is then prepended with another secret value () and hashed again. Because the attacker does not know this intermediate hash result to use as a starting state, the attack is foiled. The secret key is involved at both the beginning and the end of the process, effectively 'sealing' the hash.