CS 442 Final Exam Practice | Answered with complete solutions

CS 442 Final Exam Practice | Answered with complete solutions True or False: The MAC is appended to the message when sent. True True or False: The plaintext of the message serves as its authenticator False What is the principal object of a hash function? A: Data integrity B: Data confidentiality C: Data encryption True or False: Private/secret/ single key cryptography traditionally uses one key True Which of the following is not a misconception about public key encryption? A) It is more secure than symmetric encryption B) It has made symmetric encryption obsolete C) It is the most significant advance in cryptography in 3000 years D) Key distribution is trivial True or False: It is infeasible to determine the private key from the public True What is the purpose of asymmetric keys? A) To store passwords securely B) To perform complementary operations, such as encryption and decryption C) To generate random numbers for cryptographic functions D) To create symmetric encryption algorithms What does a Public Key Certificate represent? A) A key that can encrypt and decrypt data using the same algorithm B) A digital document issued by a Certification Authority that binds a subscriber to a public key C) A method to securely store private keys offline D) A way to generate private keys automatically True or False: The certificate indicates that the subscriber identified in the certificate has sole control and access to the corresponding private key. True Which of the following is true about a Public Key (Asymmetric) Cryptographic Algorithm? A) The public and private keys are identical B) It uses a single key for both encryption and decryption C) Deriving the private key from the public key is computationally infeasible D) It relies on random number generation for security What is a Public Key Infrastructure (PKI)? A) A cryptographic algorithm for encrypting and decrypting data B) A physical structure for securely storing public keys C) A set of policies and processes for administering certificates and public-private key pairs D) A method for generating symmetric keys dynamically What does a Certification Authority (CA) do in the context of a Public Key Certificate? A) It signs the digital document that binds a public key to its owner B) It encrypts the private key with the public key C) It creates asymmetric keys for users automatically D) It stores both public and private keys for subscribers True or False: Public-key encryption is inherently more secure from cryptanalysis than symmetric encryption. False True or False: Public-key encryption has completely replaced symmetric encryption in all use cases. False Which of the following accurately describes a reality of public-key encryption? A) It eliminates all complexities related to key distribution. B) It complements symmetric encryption but does not replace it entirely. C) It is always faster than symmetric encryption for encrypting large data sets. D) It guarantees cryptographic security without further considerations. What is a misconception regarding key distribution in public-key encryption? A) Key distribution is more complex in public-key encryption than symmetric encryption. B) Key distribution in public-key encryption is trivial compared to symmetric encryption. C) Public-key encryption requires no key distribution at all. D) Public-key encryption uses symmetric encryption for key distribution. Which of the following is an application for public-key cryptosystems? A) Encryption/decryption B) Digital signature C) Key exchange D) All of the above True or False: Symmetric encryption remains relevant despite the existence of public-key encryption. True True or False: Public-key cryptography is called asymmetric because the same key is used for encryption and decryption. False What makes it infeasible to determine the private key from the public key in public-key cryptography? A) The keys are stored in secure hardware. B) The keys are generated using random algorithms. C) The mathematical relationship between the keys makes it computationally infeasible. D) Public keys are constantly changing. What can the private key in public-key cryptography be used for? A) Encrypting messages and verifying signatures B) Storing digital certificates C) Both encrypting and decrypting messages D) Decrypting messages and signing signatures True or False: A requirement of public-key cryptosystems is that it is computationally easy for the sender knowing the private key and the message to generate the corresponding ciphertext False True or False: Whitfield Diffie and Martin Hellman received the Turing Award in 2016 for their contributions to public-key cryptography. True True or False: Keys can be applied in any order in public-key cryptosystems. True Which of the following is the readable message or data that serves as input to a public-key encryption algorithm? A) Ciphertext B) Public key C) Plaintext D) Encryption algorithm What is the purpose of the encryption algorithm in a public-key encryption scheme? A) To transform plaintext into ciphertext B) To decrypt messages back into plaintext C) To generate public and private keys D) To securely store the keys What is ciphertext in the context of public-key encryption? A) The original readable message that is encrypted B) The scrambled message produced as output C) The algorithm used to encrypt and decrypt messages D) The mathematical operation that generates keys True or False: The public key in a public-key encryption scheme is used only for decryption. False Which ingredient of a public-key encryption scheme is responsible for reversing the transformations applied to the plaintext? A) Encryption algorithm B) Ciphertext C) Decryption algorithm D) Private key What were the two key issues that public-key cryptography was developed to address? A) Cryptanalysis and algorithm efficiency B) Key distribution and digital signatures C) Faster encryption and decryption times D) Eliminating the need for cryptographic algorithms Who are credited with the public invention of public-key cryptography in 1976? A) Whitfield Diffie and Martin Hellman B) Alan Turing and John von Neumann C) Rivest, Shamir, and Adleman D) Claude Shannon and Whitfield Diffie True or False: Public-key cryptography uses the same key for encryption and decryption. False Which of the following is a property of the public key in public-key cryptography? A) It must be kept secret. B) It is used to encrypt messages and verify signatures. C) It is used to decrypt messages and sign signatures. D) It can only be generated after the private key. True or False: In conventional encryption, the same algorithm and key are used for both encryption and decryption. True What is a requirement for security in conventional encryption? A) Both keys must be public. B) Encryption and decryption must use different keys. C) The algorithm must be unique to each message. D) The key must be kept secret. True or False: In conventional encryption, knowledge of the algorithm and samples of ciphertext should be sufficient to determine the key. False Which of the following best describes how public-key encryption works? A) It uses a single key shared between the sender and receiver. B) It uses a pair of keys, one for encryption and one for decryption. C) Both the sender and receiver must keep the same key secret. D) The same key is used for encryption and decryption. In public-key encryption, what must be kept secret for security? A) The encryption algorithm B) The public key C) One of the two keys in the key pair D) The ciphertext True or False: In public-key encryption, it should be infeasible to determine the private key from the public key, even with knowledge of the algorithm and samples of ciphertext. True What is a difference between conventional and public-key encryption? A) Conventional encryption uses two keys, while public-key encryption uses one key. B) Public-key encryption requires matched key pairs, while conventional encryption uses the same key for both encryption and decryption. C) Public-key encryption requires the algorithm to be kept secret. D) Conventional encryption requires the use of asymmetric keys. True or False: In public-key encryption, both the sender and receiver must have the same key from the key pair. False What is necessary for both conventional and public-key encryption to ensure security? A) Keeping the encryption algorithm secret B) Ensuring that knowledge of the algorithm and samples of ciphertext are insufficient to break the encryption C) Using the same key for encryption and decryption D) Sharing both keys in public-key encryption What is a condition that public-key encryption algorithms must fulfill? A) It should be computationally easy to derive the private key from the public key. B) It must be computationally easy to generate a ciphertext using the public key. C) It must require both the public and private keys to encrypt a message. D) The public key must always remain secret. True or False: It should be computationally easy for the receiver to decrypt ciphertext using the private key. True Which of the following is computationally infeasible for an adversary in public-key encryption? A) Generating a ciphertext using the public key B) Determining the private key from the public key C) Encrypting a message using the private key D) Verifying a signature using the public key True or False: In public-key cryptography, the two keys can be applied in either order for encryption or decryption. True What is the primary characteristic of a one-way function? A) It is easy to calculate both the function and its inverse. B) It is easy to calculate the function but infeasible to calculate its inverse. C) It maps multiple inputs to the same output. D) It only works with symmetric encryption algorithms. True or False: A one-way function ensures that every function value has a unique inverse. True True or False: A practical public-key encryption scheme depends on the use of a trapdoor one-way function. True Which of the following is a countermeasure for a brute force attack? A) Use larger keys B) Use smaller keys C) Use double encryption D) Use symmetric encryption instead True or False: Public-key encryption is too slow for general-purpose use with currently proposed key sizes. True True or False: Key sizes for public-key encryption must balance security and practical encryption/decryption speeds. True What is a probable-message attack? A) An attack targeting the encryption algorithm itself B) An attack that guesses the private key directly C) An attack that exploits predictable or simple messages D) An attack that requires the use of symmetric encryption keys What is a common countermeasure against probable-message attacks? A) Increase the key size B) Use a different public-key algorithm C) Append random bits to the message D) Use a faster encryption algorithm Who developed the RSA algorithm? A) Diffie and Hellman B) Rivest, Shamir, and Adleman C) Claude Shannon D) Alan Turing In RSA, what must the sender and receiver both know? A) The value of e B) The value of d C) The value of n D) The ciphertext What is the relationship between e and d in the RSA algorithm? A) d is the sum of e and n. B) e and d are multiplicative inverses modulo n. C) e is the encryption key, and d is the decryption key, but they are unrelated mathematically. D) d is always smaller than e. True or False: The security of the RSA algorithm comes from the difficulty of factoring large numbers. True What is the first step in generating a public/private key pair in RSA? A) Computing the decryption key d B) Selecting two large prime numbers p and q at random C) Selecting the encryption key e D) Calculating the modular inverse What is the system modulus n in RSA key generation? A) The sum of p and q B) The product of p and q C) The greatest common divisor of p and q D) The modular exponentiation of p and q How is the encryption key e chosen in RSA? A) It must satisfy 1 e ϕ(n)0 and gcd(e,ϕ(n)) =1 B) It must be equal to ϕ(n) C) It is the product of p and q. D) It must be kept secret. What is the purpose of the Square and Multiply Algorithm in cryptography? A) To simplify key generation B) To perform efficient exponentiation C) To compute modular inverses D) To factorize large numbers True or False: The Square and Multiply Algorithm is based on repeatedly squaring the base and multiplying the required terms. True What is a timing attack? A) An attack that exploits the time a system takes to perform cryptographic operations B) An attack that relies on brute-forcing the private key C) An attack that targets weaknesses in the encryption algorithm D) An attack that requires access to both plaintext and ciphertext True or False: Blinding works by appending random bits to the end of the message False Which of the following is a way to counter a timing attack? A) Blinding B) Constant exponentiation C) Random delay D) All of the above What is a fault-based attack? A) An attack that manipulates encryption algorithms to reveal the private key B) An attack that exploits predictable message patterns C) An attack that induces faults in a processor during RSA signature computation D) An attack that relies on timing the execution of cryptographic operations True or False: Fault-based attacks can recover a private key by analyzing invalid signatures caused by induced faults. True Why are fault-based attacks considered less serious threats to RSA? A) They are easy to detect and prevent. B) They only work on outdated cryptographic systems. C) They require physical access and precise control over the target machine. D) They only reveal partial information about the private key. What is a Chosen Ciphertext Attack (CCA)? A) An attack where the adversary chooses ciphertexts and obtains their corresponding plaintexts decrypted with the private key B) An attack that uses timing information to infer private keys C) An attack where the adversary guesses the private key based on ciphertext D) An attack that manipulates encryption algorithms to produce invalid ciphertext What is the purpose of optimal asymmetric encryption padding (OAEP)? A) To increase the size of the RSA keys B) To modify the plaintext to protect against Chosen Ciphertext Attacks C) To improve the decryption speed of RSA algorithms D) To simplify the encryption process Which of the following best describes the outcome of a successful Diffie-Hellman Key Exchange? A) Both users share a symmetric encryption key securely. B) Both users create new public-private key pairs. C) Both users encrypt messages using the exchanged key directly. D) Both users authenticate their identities with digital signatures. True or False: The Diffie-Hellman Key Exchange is widely used in commercial products. True What determines the security of the Diffie-Hellman key exchange? A: Having two users B: Using symmetric encryption C: The difficulty of computing discrete logarithms D: The difficulty of factoring large numbers What is required for the Diffie-Hellman Key Exchange to function securely? A) A trusted third party to verify the keys B) The difficulty of computing discrete logarithms C) The use of elliptic curve cryptography D) The inclusion of digital signatures True or False: The Diffie-Hellman Key Exchange was secretly proposed by Williamson in 1970 before its public introduction. True What is a common vulnerability of the Diffie-Hellman key exchange protocol when used without additional safeguards? A) Brute-force attacks B) Factoring large integers C) Meet-in-the-Middle attacks D) Timing attacks True or False: Diffie-Hellman private/public keys can be generated randomly for each communication session. True How can Diffie-Hellman keys be distributed to users in a way that avoids per-session key generation? A) By using symmetric encryption B) By publishing the keys in a public directory C) By pre-sharing private keys D) By embedding the keys into messages What is required to counter vulnerabilities such as the meet-in-the-middle attack in Diffie-Hellman? A) Authentication of the keys B) Using elliptic curve cryptography C) Increasing the key size D) Encrypting the keys with RSA What is the primary objective of a Man-in-the-Middle (MITM) attack? A) To directly brute-force the private keys of both parties B) To intercept and manipulate communications between two parties without their knowledge C) To encrypt messages with the attacker’s private key D) To prevent any communication from taking place In the MITM attack scenario, what allows Darth to successfully intercept communications? A) Using a brute-force method to crack encryption B) Publishing his private keys in a public directory C) Manipulating the encryption algorithm used by Alice and Bob D) Transmitting his public keys to both Alterm-74ice and Bob to calculate shared keys Which key's security determines if a Man-in-the-Middle attack could happen? A: private B: public True or False: ElGamal Cryptography is closely related to the Diffie-Hellman technique. True Who announced ElGamal Cryptography and in what year? A) Whitfield Diffie in 1984 B) Taher Elgamal in 1984 C) Rivest, Shamir, and Adleman in 1977 D) Paul Kocher in 1995 How are Diffie-Hellman and El Gamal different? A: They both use a secret key B: They both are asymmetric C: They both depend on the difficulty of calculating discrete logarithms D: None of the above In which standards is ElGamal Cryptography used? A) Digital Signature Standard (DSS) and S/MIME email standard B) SSL/TLS C) Public Key Infrastructure (PKI) D) Blockchain protocols Why has the key length for secure RSA use increased over recent years? A) To simplify cryptographic operations B) To replace RSA with newer cryptographic standards C) To reduce the processing load on applications D) To address vulnerabilities in older key lengths What is the principal attraction of Elliptic Curve Cryptography (ECC)? A) It uses symmetric key encryption. B) It provides equal security with smaller key sizes compared to RSA. C) It is faster than RSA for decryption only. D) It eliminates the need for public keys. True or False: Most products and standards using public-key cryptography still rely on RSA for encryption and digital signatures. True What standard includes Elliptic Curve Cryptography (ECC)? A) SSL/TLS B) Digital Signature Standard (DSS) C) IEEE P1363 Standard for Public-Key Cryptography D) S/MIME email standard How does ECC compare to RSA in terms of processing load? A) ECC requires fewer computational resources than RSA. B) ECC has a heavier processing load than RSA. C) ECC and RSA have similar processing loads for the same key length. D) ECC processing load depends on the hardware implementation. True or False: ECC can provide the same level of security as RSA with shorter keys. True Why is the use of ECC becoming more common in cryptographic applications? A) It eliminates the need for private keys. B) It offers higher security with less computational overhead. C) It replaces public-key cryptography entirely. D) It simplifies the encryption process for large datasets. What is the general form of a cubic elliptic curve? A) y^2 = x^3 + ax^2 + b B) y^2 = x^2 + ax + b C) y^2 = x^3 + ax + b D) y^2 = ax^3 + b What is the zero point 0 on an elliptic curve? A) The point where x = 0 and y = 0 B) The identity element for the addition operation on the curve C) The point at which the curve intersects the x-axis D) The reflection point for all points on the curve True or False: The equation for an elliptic curve relates two variables, x, and y, with specific coefficients. True True or False: On an elliptic curve, the geometrically sum of P + Q is the intersection point R. True What makes the elliptic curve logarithm problem “hard”? A) Computing Q given k and P is infeasible. B) Calculating P given k and Q is impossible C) Finding k given Q and P is computationally infeasible. D) Multiplying two points on an elliptic curve is undefined. What determines the security of ECC? A: It can use smaller key sizes than RSA B: The elliptic curve logarithm problem C: It can use any size key What type of variables and coefficients are used in elliptic curve cryptography? A) Real numbers B) Prime numbers only C) Complex numbers D) Variables and coefficients in finite fields True or False: Prime curves Ep(a,b) are defined over Zp, using integers modulo a prime number. True What type of elliptic curve is best suited for software applications? A) Prime curves Ep(a,b) B) Binary curves E2^m(a,b) C) Continuous curves defined over real numbers D) Modular polynomial curves over GF(3) True or False: binary curves for an elliptic curve defined over GF(2^n) are best used in software. False True or False: Binary curves E2m(a,b) use polynomials with binary coefficients and are defined over GF(2^n). True What is the addition operation in ECC equivalent to in RSA? A) Modular division B) Modular multiplication C) Modular exponentiation D) Modular subtraction