Crypto Foundations Checkpoint

Threat models, security goals, randomness, and the birthday bound.

1. Which pairing correctly maps a security goal to a failure?

Confidentiality -> message leaks to an eavesdropper Integrity -> attacker can read metadata Availability -> attacker can forge a signature Authenticity -> network is slow

2. A chosen-ciphertext attacker can:

Ask for decryptions of ciphertexts of their choice (except the target) Only observe ciphertexts passively Only choose plaintexts but never see decryptions Only see hashes of plaintexts

3. Computational security means:

Breaking the scheme is possible in theory but infeasible in practice Breaking the scheme is mathematically impossible The scheme uses a computer Security depends only on secret algorithms

4. If a hash has b-bit output, generic collision search costs about:

2^(b/2) 2^b b b^2

5. Why is modulo bias a problem when mapping random 64-bit values to [0,n)?

Some outcomes occur more often unless 2^64 is divisible by n Modulo requires too much CPU Modulo is not deterministic Modulo makes results negative

6. Which statement is true about PRNGs used for cryptography?

A PRNG must be unpredictable to an attacker who sees outputs Any fast PRNG is fine if it passes statistical tests XorShift is cryptographically secure Determinism implies security

7. The main difference between integrity and authenticity is:

Authenticity binds data to an identity, integrity only detects tampering Integrity is stronger than authenticity Authenticity only matters for storage They are identical terms

8. An information-theoretically secure scheme requires:

Key entropy at least as large as the message and used only once A 2048-bit RSA key A fast hash function A short password

9. True/False: If you reuse a one-time pad key, knowing one plaintext lets you recover the other.

10. Which is the best high-level rule for threat modeling?

Define what the attacker can do before choosing the defense Pick algorithms first and adjust the threat model later Assume attackers only read data Assume no insiders

11. Which property is NOT provided by encryption alone?

Integrity Confidentiality Secrecy of plaintext against passive observers Hiding message contents from eavesdroppers

Auto-advance on pass