Preparation for Exam 1

Which topics and ideas do you think are the most important out of those we have studied?

For this class I think the most important topics are those based in abstract algebra and linear algebra. Most of the mathematics that go into cryptography are derived from these two topics. I think the analysis of cryptosystems is the next important idea we have covered. Our ability to understand how a particular cryptosystem works, and what advantages/disadvantages it has. 

What kinds of questions do you expect to see on the exam?

I imagine there will be questions in which we will use specific cryptosystems either to encrypt or decrypt a message. I also expect a few questions in which we will be asked to find weaknesses in different cryptosystems. Of course there will be some questions to test our understanding of the underlying mathematical principles (mods, linear algebra, fields, etc.) There should also before a few questions to test our knowledge of terminology used in cryptography.  

What do you need to work on understanding better before the exam?

I need to work on my understanding of the modes of encryption, ECB, CFB, OFB, CTR. I feel comfortable with the linear and abstract algebra covered in class, but I need to understand the modes if there are any encryption problems on the test. Right now I can perform all the encryption modes if I reference them from the book, but without looking at the drawings for each one I have a hard time remembering the order of the encryption process. 

Section 5.1 - 5.4 due Sept. 29th

(Interesting) To me the most interesting part of the lecture was the fact that Rijndael was able to use 128, 192, or 256-bit encryption. I had not considered this so far in our study of encryption systems, but versatility is definitely important in today's technology. This versatility would allow for an adjustable balance between speed and security of a cryptosystem. The strongest security system is useless if it takes way too long to encrypt or decrypt a message.

(Difficult)

The key schedule was the toughest part of the lecture to understand. It is hard to try to visualize the computations involved in finding the round keys based on the original key.

Section 4.5 - 4.8 due Sept. 22nd

(Interesting)

 I enjoyed the reading in section 4.8 on password security. I had never considered the fact that passwords would have to be encrypted to remain safe. With a better understanding of computer programming this would probably have seemed obvious, but I had not thought about how a password is stored. Passwords are so common place now on the internet, for email accounts, bank accounts, online purchases, etc. that clearly there is a need to encrypt them as well. One thing I would like to learn more about is how they prevent "Eve" from simply sending the same ciphertext to pretend to use the same password.

(Difficult)

I found the explanation on meet in the middle attacks to be the most difficult section of the reading. I understand that double encryptions with groups will not add an more security, since groups are closed under the operation. However, the meet in the middle attack seems to allow Eve to attack one key at a time, which would then reduce the possible combinations for the second key. However, I still don't see the immediate security weakness here.

Section 4.1, 4.2, and 4.4 due Sept. 20th

(Interesting) I was most interested in section 4.4 when they brought up the topic of whether DES was a group. When we designed our cryptosystem in class I assumed working with groups (such as mods under addition or multiplication) would be the best way to go because they are closed operations. Because they are closed under addition or multiplication, it is easy to assure your outputs will be in the correct range of acceptable values in order to encrypt a message. However, I had not considered the possibility of the security weaknesses of groups. When we constructed our own cryptosystem, I had considered using two keys in order to encrypt our messages. After thinking about group theory, I realized that using two keys would be equivalent to using only one key. This means that rather than adding security, this type of encryption would only be redundant, and waste more time and resources for encryption.

(Difficult) The most difficult part of the reading for me was the function used in DES. Although the flowchart on page 126 was well-organized, I did not completely understand what was going on in the DES function. I understand how the expander function and XORing works, but the S-boxes were where I was lost.

Section 2.9 - 2.11 due Sept. 17th

(Interesting) I found myself thinking specifically about the one time pad after completing the reading tonight. It appears to be a wonderful design in theory, but it seems in reality nearly impossible. However, I think that even in theory it falls short when we consider Kerchoff's principle: The security of the system depends on the key and not the obscurity of the cryptosystem.  The key in a one-time pad is quite impractical, since the key is the same length as any message, and the key can only be used once to ensure security. The key must first be passed over a secured line of communication, or must be encrypted itself, which seems to create some redundancy for a cryptosystem. In a world where the transfer of important information is often time sensitive, the one-time pad has too many shortcomings to be implemented yet.  



(Difficult) I had trouble understanding the Blum-Blum-Shub random bit generator.

Section 3.8 and 2.5-2.8 due Sept. 15

Interesting - In this class I have been most fascinated with the methods of cracking different cipher systems. Up until now most of the cipher systems were relatively easy to crack using frequency analysis or other basic methods. The block cipher seemed to have a very secure method by the description in the book, but I was interested in how easy it was to find the encryption key using a simple plaintext attack. This made me think about the security of real-life cryptosystems, and how not only the key itself, but the machine (or in todays world, the computer program) that generates the encryption must also be protected. I read an article recently about using electrical analysis of encoding "machines" to  determine how the machines work. It occured to me that cryptography has expanded to a plethora of scientific fields. No longer a matter of mere mathematics and logic, cryptography relies on computer science, electrical engineering, statistics, analysis, etc.

Difficult - The most difficult part of the reading for me was understanding the playfair cipher. I understand that it is a form of a block cipher, but using matrices and modular arithmetic seems far easier than memorizing steps to encode characters based off of rows and columns. I tried to encrypt a few characters myself, and found I spent far more time referring back to the instructions then actually encrypting anything. I also do not understand exactly how the decrypting process works.

Section 2.3 due Sept. 13

(Difficult) The first method for finding the key was the most difficult for me to understand. For me personally it was easier to follow the second method because it seemed more concise, put into mathematical terms without too much explanation.


(Interesting) To me the most interesting part of the section was finding the key length. I was intrigued at how lining up the same cipher on two lines and then displacing one of them could reveal the key length. It made me ponder the logic about how this method worked, in looking for coincidences in the two ciphers displaced a few characters from one another. It amazes me how much time and effort goes into creating ciphers, and yet at the same time, how much time goes into cracking them. With such detailed examples of how to solve ciphers it is no wonder that encryption has been an ever changing discipline throughout history. Even today, many methods of encryption become obsolete after years of use and abuse. This is part of the reason why I wanted to learn about cryptography, because it is a career field in which technology changes and the learning process never ends.

3.2 and 3.3, due Sep. 3rd

(Difficult)

      The toughest part of the material in these sections was using the extended euclidean algorithm to find the inverse of a. That is, find s and t such that as + nt = 1. From this our value s is our inverse. Therefore the inverse of a is conrgruent to s (mod n). In previous classes I have seen the euclidean algorithm, but this was my first exposure to the extended euclidean algorithm. In some cases we have been able to use a "guess and check" mehtod of finding s and t for as + nt = 1. The easiest way form me to understand this concept was to see it as the linear combination of a and n to achieve the result 1. However, we can not solve directly for s and t since we have one equation and two unknowns. This is why we need the extended Euclidean algorithm.

(Reflective) 

     In thinking about our encryption project, I was trying to think of a way to encrypt a message using basic math functions. I started by seeing how addition or multiplication would work. This presented a problem since adding or multiplying would produce results outside of the range of numbers established before encrypting the message. This section on congruence made me realize that modular arithmetic is very well suited for encryption. It would allow me to simplify my method of encryption and still keep the numbers within a specified range. This will be extremely useful in cryptography, especially since simplifying the method often means the computer programming associated with the encryption will be easier as well.