1. In GCM, we define S as S = GHASH(A||0^v||C||0^u||[len(A)]||[len(C)]). What is v defined as?
a) 64 ceil[len (A)/128] – len (A)
b) 64 ceil[len (C)/128] – len (C)
c) 128 ceil[len (A)/128] – len (A)
d) 128 ceil[len (C)/128] – len (C)
Answer
Answer: c [Reason:] v = 128 ceil[len (A)/128] – len (A).
2. When the length of the IV is not 96, then
a) we append the rest of the bits with 1*0 to make it 128 bits
b) we append the rest of the bits with 0*1 to make it 128 bits
c) we append the rest of the bits with 1*0 to make it 256 bits
d) we append the rest of the bits with 0s to make it 128 bits
Answer
Answer: d [Reason:] If the length of the IV is not 96 then we append the rest of the bits with 0s to make it 128 bits. This is the first step followed by appending 64 bits furthermore and then performing the GHASH function.
3. Which is not true for Key-Wrapping?
a) Used for small Plain Texts
b) It has a relatively higher throughput than other modes
c) It has block size of 64 bits
d) It has n+1 cipher blocks, for n plaintext block
Answer
Answer: b [Reason:] Key-Wrapping has a lower throughput than other modes.
4. What is the value of A (0)?
a) F9*
b) A9*
c) A6*
d) F6*
Answer
Answer: c [Reason:] The size of A(0) is 64 bits and it has A6* as the basic hex value.
5. The cipher block is one block longer than the plaintext to accommodate the IV.
a) True
b) False
Answer
Answer: a [Reason:] The cipher blocks has n+1 cipher blocks, for n plaintext blocks.
6. The key Wrapping Algorithm provides confidentiality and data integrity.
a) True
b) False
Answer
Answer: a [Reason:] The statement is true.
7. Which of the following is a valid disadvantage of the PRNG based on MAC function?
a) It has a high throughput
b) It takes twice the execution time
c) It is hardware intensive and can only work on high end processors
d) none of the mentioned
Answer
Answer: [Reason:] It takes twice the execution time, because HMAC involves two executions of the underlying hash function for each output block.
8.
i)
m = [ n/outlen]
w_o = V
W = the null string
For i = 1 to m
w_i = MAC(K,w_i-1)
W = W || wi
Return leftmost n bits of W
ii)
m = [n/outlen]
W = the null string
For i = 1 to m
w_i = MAC(K,V || i)
W = W || w_i
Return leftmost n bits of W
iii)
m = [n/outlen]
A(0) = V
W = the null string
For I = 1 to m
A(i) = MAC (K,A(i-1))
w_i = MAC (K, a(I) || v)
W = W || w_i
Return leftmost n bits of W
Specify in the correct order (from top to bottom), which Pseudo Random Number Generation schemes are represented here?
a) NIST SP 800-90 ; TLS/WTLS ; IEEE 802.11
b) TLS/WTLS ; NIST SP 800-90 ; IEEE 802.11
c) IEEE 802.11 ; NIST SP 800-90 ; TLS/WTLS
d) NIST SP 800-90 ; IEEE 802.11 ; TLS/WTLS
Answer
Answer: d [Reason:] The correct order is NIST SP 800-90 ; IEEE 802.11 ; TLS/WTLS.
