Knowledge Points of ITIS 6200/8200 Spring Semester of 2011

Chapter 1: 1. The asi!s of modern !r"pto s"stems. 2. #h" in the modern !r"pto s"stems we want to ma$e the en!r"ption/de!r"ption algorithms p% li!& '. (ame at least two ad)antages and two disad)antages of s"mmetri! en!r"ption algorithms* and pro)ide e+amples to e+plain them. ,. (ame at least two ad)antages and two disad)antages of as"mmetri! en!r"ption algorithms* and pro)ide e+amples to e+plain them. -. #h" do we sa" a p% li!/pri)ate $e" en!r"ption algorithm sho%ld e ro %st against !hosen plainte+t atta!$s& 6. #hat is a one.time pad& #h" is it safe e)en %nder r%te.for!e atta!$s& /. #hat is a transposition !ipher& #hat is a s% stit%tion !ipher& 0o% sho%ld e a le to pro)ide an e+ample of ea!h $ind of !iphers.

Chapter 2: 1. #hat are the e+pe!ted properties of a good hash f%n!tion& 2. #h" do we !all an as"mmetri! en!r"ption algorithm a trap.door one.wa" f%n!tion& '. 1e)isit page 1/ of the slides* and lin$ the f%n!tionalities of the hash f%n!tions to the proto!ols 2s%!h as it !ommitment* fair !oin flip* et!3 that we introd%!e later. ,. 4ow to %se the hash )al%es of the files to )erif" the integrit" of the file s"stem& #h" do we need a $e"ed hash f%n!tion to sol)e this pro lem& -. 5nderstand the forward sear!h atta!$. If we des!ri e a s!enario* "o% sho%ld e a le to fig%re o%t whether or not it is )%lnera le to forward sear!h atta!$* and how the atta!$ is !ond%!ted. 6. #h" is it )er" diffi!%lt for an ea)esdropper to fig%re o%t the sele!ted en!r"ption in the 6er$le7s p%88le proto!ol&

/. 5nderstand the repla" atta!$. If we des!ri e a s!enario* "o% sho%ld e a le to fig%re o%t the repla" atta!$. (ote that some similar atta!$ happens when we introd%!e the a%thenti!ation/$e" management proto!ols in Chapter '. 8. #hen we are doing d%al as"mmetri! en!r"ption* wh" sho%ld we alwa"s sign with o%r pri)ate $e" first* then en!r"pt with the other part"7s p% li! $e"&

Chapter ': 1. #h" sho%ld we disting%ish the %sage of short term $e"s 2session $e"s3 and long term $e"s 2inter!hange $e"s3& 2. 5nderstand man.in.the.middle atta!$. If we des!ri e a s!enario* "o% sho%ld e a le to fig%re o%t how the man.in.the.middle atta!$ will e !ond%!ted. '. #h" !an an interlo!$ proto!ol defend against man.in.the.middle atta!$& #hat is a good interlo!$ proto!ol and what is a ad interlo!$ proto!ol& ,. 4ow sho%ld a s"stem store the %ser names and !orresponding passwords& #h" is it not safe eno%gh to store the hash res%lts of the passwords& #hat is a slat& The differen!e etween a p% li! salt and a pri)ate salt. #h" !an a salt ma$e the di!tionar" atta!$ impra!ti!al& #h" do we sa" that the salt impro)e the safet" of the o)erall s"stem %t not for a spe!ifi! %ser& -. 5nderstand the one.$e" per time login thro%gh a hash !hain. 6. 5nderstand the fi)e a%thenti!ation and $e" e+!hange proto!ols that we introd%!e in the !lass. 5nderstand their )%lnera ilities and the potential atta!$s. 0o% do not need to remem er the proto!ols. #e ma" des!ri e some proto!ols similar to these proto!ols and )%lnera le to similar atta!$s and "o% sho%ld e a le to fig%re the atta!$s o%t. /. 5nderstand the !on!ept of se!ret splitting and se!ret sharing.

Chapter ,: 1. 4ow to %se a hash f%n!tion to timestamp a file& 2. #h" !an the lin$ing proto!ol defend against the !oll%sion atta!$ etween the signer and the end %sers& #hat is a good !haining me!hanism&

'. 4ow !an we !onstr%!t a hash tree so that we need to p% lish onl" one res%lt and we !an timestamp a large n%m er of files& 4ow !an we determine the !orresponding )al%es in the hash tree that sho%ld e pro)ided to ea!h %ser& ,. 5nderstand the it !ommitment proto!ols. #h" are some !ommitment proto!ols )%lnera le to forward sear!h atta!$s& -. 4ow to %se a it !ommitment proto!ol to a!hie)e fair !oin flip& 6. The %sage of !omm%tati)e en!r"ption f%n!tion. /. 4ow !an m%ltiple parties generate an en!r"ption $e" 9ointl" so that the final res%lt is o%t of the !ontrol of an" !oll%si)e gro%ps as long as there is one honest part"& #hen we generali8e this approa!h* how !an m%ltiple parties 9ointl" do 000& 8. 4ow !an m%ltiple parties sh%ffle a de!$ of !ards 9ointl" so that no parties !an !oll%de to !ontrol the !ard dealing pro!ed%re& :. The %sage of !omm%tati)e en!r"ption algorithms.

Chapter -: 1. #hat is a general pro!ed%re of ;ero $nowledge proof& #h" sho%ld we ma$e s%re that the sol%tion to the new pro lem !annot e easil" mapped a!$ to the sol%tion of the original pro lem& #hat are the <%estions that the )erifier !an !hallenge the proofer& #h" for ea!h ro%nd the proofer will answer onl" one of the <%estions& 2. 5nderstand the two 8ero $nowledge proof pro lems that we introd%!e in the !lass. '. #h" for the non.intera!ti)e 8ero $nowledge proof pro lem* we need man" more ro%nds& ,. #hat are the two lind signat%re algorithms that we introd%!e& 5nder what s!enarios does ea!h of the algorithms wor$& -. =or the se!ond t"pe of lind signat%re* wh" is it a etter approa!h to lea)e a s% set of messages %n!hallenged& 6. The !on!ept of o li)io%s transfer. #hat are the two approa!hes that we design to a!hie)e o li)io%s transfer& #h" do we alwa"s need the )erifi!ation at the )er" end of the o li)io%s transfer&

>?S and 1S@ 1. In >?S* whi!h !omponent !ontri %tes the most to the safet"& 4ow large is the lo!$ si8e& 4ow long is the $e"& 2. #hat is the !omplementation propert" of >?S& @nd wh" does this propert" effe!ti)el" impa!t the safet" of the algorithm& '. #h" !annot do% le >?S ma$e the effe!ti)e $e" length to e 112 its& #hat is the meet in the middle atta!$& #h" !an triple >?S ma$e the effe!ti)e $e" length 112 its& ,. >ifferent modes of >?S. Spe!ifi!all"* "o% sho%ld %nderstand the str%!t%re of ?CA mode and CAC mode. #hat se!%rit" pro lems ma" e !a%sed " the ?CA mode& In the CAC mode* if we pro)ide one of the en!r"ption/de!r"ption !hain str%!t%res* "o% sho%ld e a le to draw the other one. -. #hat are the ad)antages of an initial )e!tor& #h" !an we transmit the IB in plainte+t& 6. 0o% sho%ld e a le to identif" how the errors in transmission will impa!t the de!r"ption res%lts. The self.healing propert" of >?S. /. 0o% sho%ld e a le to !ond%!t mod%lar !al!%lation %sing the e<%ations 2a C 3 mod p D 22a mod p3 C 2 mod p33 mod p and 2a E 3 mod p D 22a mod p3 E 2 mod p33 mod p 8. 0o% sho%ld e a le to !al!%late the Totient f%n!tion 2n3 of a n%m er. #h" for the prod%!t of two different prime n%m ers p and <* its Totient )al%e is 2p.13C2<.13& :. 0o% sho%ld %nderstand the en!r"ption/de!r"ption pro!ed%res of 1S@. 5nderstand wh" for some spe!ial n%m ers 2s%!h as 0 or 13* the !ipher te+t will e the same as plainte+t. 5nderstand wh" in pra!ti!e* we sho%ld %se a )er" long lo!$ instead of a single.!hara!ter lo!$ in 1S@. 10. #hen 1S@ is adopted* wh" sho%ld we alwa"s sign first* then en!r"pt with the other part"7s p% li! $e"&