1.

1:
- The operation of Schema 1:
+ First, a secret key K is generated and shared between the sender and receiver.
+ The sender computes the hash value of the plaintext message {M} using a hash
function H, i.e., H(M).
+ The sender appends the hash value to the plaintext message to form the
authenticated message, i.e. M || H(M)
+ The sender encrypt message using symmetric secret key, i.e. E (K, [ M || H(M)]) = M
|| H(M)
+ The authenticated message is sent to the receiver.
+ The receiver decrypts the encrypted message using the same symmetric secret key,
i.e., D (K ,E(K, [M || H(M)])) = M || H(M)
+ The receiver computes the hash value of the plaintext message M using the same
hash function H
+ The receiver compares the computed hash value with the decrypted hash value. If
the two values matches, then the message is authenticated; otherwise, it is not.

- The advantages of Schema 1:

+ It provides message authentication
+ It provides message integrity
+ It provides message secrecy
+ It uses a hash function to generate a fixed-size message digest, which makes the
authentication code compact and efficient to compute.
+ It uses a symmetric encryption scheme, which is faster than public-key encryption
schemes and suitable for messages that require fast processing.
- The disadvantages of Schema 1:
+ It relies on a shared secret key between the sender and receiver, which must be
securely distributed.
+ It is vulnerable to key compromise attacks, where an attacker can obtain the secret
key by compromising either the sender or the receiver's system.
+ It does not provide non-repudiation, which means that the sender can deny having
sent the message since the same secret key is used for both encryption and
decryption.
+ it is difficult to manage secret keys when using symmetric encryption.
.

- - The operation of Schema 2:

+ First, a secret key K is generated and shared between the sender and receiver.
+ The sender computes the hash value of the plaintext message {M} using a hash
function H, i.e., H(M).
+ The sender encrypts hash value using secret key K: E (K, H(M)))
+ The sender appends the encrypted hash value to the plaintext message to form the
authenticated message, M || E (K, H(M)))
+ The authenticated message is sent to the receiver.
+ The receiver decrypts the encrypted hash value using the same secret key, i.e., D (K,
E (K, H(M)))= H(M)
+ The receiver computes the hash value of the plaintext message M using the same
hash function H, i.e., H(M).
+ The receiver compares the computed hash value with the decrypted hash value. If
the two values matches, then the message is authenticated; otherwise, it is not.

- The advantages:
+ Provides both integrity and authenticity of the message.
+ The secret key is shared between the sender and receiver, making it more secure
than a hash-only scheme.
+ The use of encryption makes it more difficult for an attacker to manipulate the
message without being detected.

- The disadvantages:
+ The use of encryption adds computational overhead, making it slower than a hash-
only scheme.
 + The key must be securely distributed and managed to prevent an attacker from
compromising the system.
+ it is difficult to manage secret keys when using symmetric encryption.
+ it is lack of confidentiality due to M is not encrypted

- The operation of Schema 3:

+ The plaintext message M append seed value S to create M || S
+ The plaintext message M append seed value S is hashed using a hash function H
to create H(M || S).
+ The plaintext message M append hash value H(M || S) -> M || H(M || S)
+ The authenticated message is sent to the receiver.
+ The receiver take message M append seed value S to create M || S
+ The receiver take M || S that is hashed using same hash function H to create
H(M || S).
+ The receiver compares the hash value with the newly calculated hash value. If
they are the same, the message is authenticated.

- The advantages:
+ Provides message authentication
+ Provides message integrity

- The disadvantages:
+ Requires the use of a symmetric secret key, which must be securely shared between
the sender and receiver.

+ This schema does not provide confidentiality because the plaintext message is
without encryption
+ It does not provide non-repudiation, which means that the sender can deny
having sent the message since the same secret key is used for both encryption
and decryption.
1.2:

- The operation for my schema:

+ Sender encrypts the plaintext message with a symmetric key encryption algorithm
using a shared secret key.
+ Sender computes the HMAC of the encrypted message using a hash function and a
secret key known only to the sender and receiver.
+ Sender sends both the encrypted message and the HMAC to the receiver.
+ Receiver decrypts the encrypted message using the shared secret key.
+ Receiver computes the HMAC of the decrypted message using the same hash
function and secret key as the sender.
+ Receiver compares the computed HMAC with the received HMAC. If they match, the
message is considered authentic and not tampered with.

- Advantages:
+ The combination of symmetric-key encryption and HMAC provides both
confidentiality and authenticity of the message, ensuring that the message is not only
private but also comes from a trusted sender.
+ HMAC provides message integrity, ensuring that the message has not been
tampered with during transmission.
+ Symmetric-key encryption is faster and more efficient than asymmetric-key
encryption, making it suitable for real-time communication.

- Disadvantages:
+ The shared secret key must be kept secure, which can be a challenge in some
situations.
+ The symmetric key encryption algorithm is vulnerable to attacks such as brute-force
attacks, so the secret key must be strong enough to withstand such attacks.
+ The sender and receiver must agree on the hash function and secret key used for
HMAC.
2.1:
b) PB
- Alice should use Bob's public key to encrypt the message. This is because Bob's
public key is known to everyone and can be used by Alice to encrypt the message in a
way that only Bob, who has the corresponding private key, can decrypt and read the
message. This ensures that the message is kept confidential and secure from any
external entity on the internet. By encrypting the message with PB requires decryption
with SB, which only Bob possesses.
So to find the perfect key for Alice to send an encrypted message to Bob, by
encrypting the data and passing it on to the receiver, the correct answer is public key
of Bob: Alice performs the transfer { m } to Bob by PB -> Bob has SB -> decrypt { m }
succeeds -> only Bob can read what is contained.

- Using Alice's private key to encrypt the message would not be secure, as Alice's
private key is not known to anyone except Alice, and any external entity on the
internet could potentially intercept and decrypt the message if they were able to
obtain Alice's private key.

- Using Bob's private key to encrypt the message would not provide confidentiality, as
Bob's private key is known only to Bob and anyone who has access to it, and the
message could potentially be decrypted by someone other than Bob.
2.2:
Box 1: SA, Box 2: PB
- In the Diffie-Hellman Key Exchange, Alice and Bob agree on a shared secret key that
can be used for encryption and decryption of their messages. In order to achieve
authentication and secrecy, Alice can use a combination of both the public and private
keys.

- Specifically, Alice should use her private key for generating the shared secret key
during the key exchange process with Bob, and then use Bob's public key for
encrypting the message. Bob will then use his private key to decrypt the message, and
can use Alice's public key to verify the authenticity of the message.

- Therefore, Alice would best use her private key for the key exchange, and Bob's
public key for encrypting the message. This approach provides both authentication and
secrecy, as only Bob can decrypt the message with his private key, and he can verify
that the message was indeed sent by Alice using her public key.

- By encrypting the message with SA and then PB, Alice ensures digital signature and
then secrecy. Bob would decrypt with SB and then PA.

Box 1: SA attaches signature -> verify is Alice

Box 2: PB encrypts data -> people who catch data along the way will not be able to
use it
=> Encrypted data that includes authentication and secrecy
- So Alice will choose (SA) in Box 1 and (PB) in Box 2 to be able to establish a shared
secret key with Bob. The result of the Diffie-Hellman key exchange will generate a
secret public key between Alice and Bob to encrypt and decrypt the message.
C) SA
If Alice wants to send a message to Bob with a signature to authenticate her identity,
she will use her private key (SA) to sign the message.
1. **Signing the Message**: Alice wants to send a message to Bob and authenticate
her identity. To do this, she uses her **private key (SA)** to sign the message. The
digital signature is created by applying a cryptographic algorithm to the message and
her private key. This process ensures that the signature is unique to the combination of
the message and Alice's private key.

2. **Verification by Bob**: When Bob receives the message, he can use Alice's **public
key (PB)** to verify the digital signature. If the verification is successful, it confirms two
important things:
- The message has not been altered since Alice signed it. If the message were
modified in any way, the signature would not match.
- The message indeed originated from someone who possesses the private key
corresponding to the public key used for verification (Alice's private key in this case).

3. **Protection of Private Key**: Alice's private key (SA) is crucial to the security of this
process. It must be kept confidential and not shared with anyone. It's the possession of
this private key that allows Alice to create a unique signature that only she can
generate. If her private key were compromised, an attacker could forge messages and
pretend to be Alice.

By using the private key (SA) to sign the message, Alice ensures the authenticity and
integrity of the message. Bob, by verifying the signature using Alice's public key, can
be confident that the message did indeed come from Alice, provided that her private
key is adequately protected. This process is fundamental in establishing trust and
authenticity in digital communication.

V2 :
Alice wants to send a message to verify her identity. To do this, she needs to use a
digital signature.
Digital Signature: This is a mechanism that ensures the authenticity of a message. It
works by:
 Sender (Alice): Uses her private key (SA) to create a digital signature for the
message. This means only Alice can create this encryption due to only she has
her secret key.
 Receiver (Bob): Uses Alice's public key (PA) to verify the digital signature. If
the signature is valid, Bob knows that the message truly came from Alice and
was not altered during transmission.

a) The public key of Amazon.com

According to the Diffie-Hellman Key Exchange, we can understand the following. When
two parties exchange data, each party generates its own private (The secret key of
Amazon.com & The secret key of CA) and public key (The public key of Amazon.com &
The public key of CA). The private key is kept secret, while the public key is shared with
the other party. Therefore, “The certificate issued by the CA to Amazon.com will be
encrypted with the CA's private key and will include the Amazon.com public key(The
public key of Amazon.com)”.
The certificate will include the public key of Amazon.com so that customers can
request it and decrypt using the CA’s public key to then obtain the Amazon.com public
key which would then be used to encrypt credit card information via the SSL protocol.

Cipher text: MWA-PH: Kv fvb ilsplcl pu yhukvtulzz?

Plaint text: F**-**: ** *** ******* ** **********?
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6

- We have M = 13 and F = 6
- So we can Decryt cipher text with a shift of 7. (13-6)
o M: D(M) = 13-7 Mod 26 = 6 -> F
o W: D(W) = 23-7 Mod 26 = 16 -> P
o A: D(A) = 1-7 Mod 26 = 20 -> T
o P: D(P) = 16-7 Mod 26 = 9 -> I
o H: D(H) = 8-7 Mod 26 = 1 -> A
o K: D(K) = 11-7 Mod 26 = 4 -> D
o v: D(v) = 22-7 Mod 26 = 15 -> o
o f: D(f) = 6-7 Mod 26 = 25 -> y
o v: D(v) = 22-7 Mod 26 = 15 -> o
o b: D(b) = 2-7 Mod 26 = 21 -> u
o i: D(i) = 9-7 Mod 26 = 2 -> b
o l: D(l) = 12-7 Mod 26 = 5 -> e
o s: D(s) = 19-7 Mod 26 = 12 -> l
o p: D(p) = 16-7 Mod 26 = 9 -> i
o l: D(l) = 12-7 Mod 26 = 5 -> e
o c: D(c) = 3-7 Mod 26 = 22 -> v
o l: D(l) = 12-7 Mod 26 = 5 -> e
o p: D(p) = 16-7 Mod 26 = 9 -> i
o u: D(u) = 21-7 Mod 26 = 14 -> n
o y: D(y) = 25-7 Mod 26 = 18 -> r
o h: D(h) = 8-7 Mod 26 = 1 -> a
 o u: D(u) = 21-7 Mod 26 = 14 -> n
o k: D(k) = 11-7 Mod 26 = 4 -> d
o v: D(v) = 22-7 Mod 26 = 15 -> o
o t: D(t) = 20-7 Mod 26 = 13 -> m
o u: D(u) = 21-7 Mod 26 = 14 -> n
o l: D(l) = 12-7 Mod 26 = 5 -> e
o z: D(z) = 26-7 Mod 26 = 19 -> s
o z: D(z) = 26-7 Mod 26 = 19 -> s
 Finally we have:
FPT-IA: Do you believe in randomness?
Sự khác nhau giữa mã hóa đối xứng và mã hóa bất đối xứng
Symmetric encryption and asymmetric encryption are two fundamental techniques
used to secure data and communications. They differ in terms of the way keys are
used, the complexity of operations, and their applications. Let's compare these two
encryption methods:

**1. Key Usage:**

- **Symmetric Encryption:**
- Uses a single secret key for both encryption and decryption.
- Both parties involved in communication must have access to the same key.
- Key distribution and management can be challenging, especially in large networks.

- **Asymmetric Encryption:**
- Uses a pair of keys: a public key for encryption and a private key for decryption.
- The public key can be openly shared, while the private key must be kept secret.
- Eliminates the need for secure key distribution, making it suitable for various
scenarios.

**2. Security:**

- **Symmetric Encryption:**
- Faster and more efficient than asymmetric encryption for data encryption and
decryption.
- Vulnerable to key distribution issues, as securely sharing the key can be difficult.
- If the key is compromised, all data encrypted with that key is at risk.

- **Asymmetric Encryption:**
- More secure for key distribution as the private key never leaves the owner's
possession.
- Slower and computationally more intensive than symmetric encryption.
- Offers a higher level of security, especially for secure data exchange and
authentication.

**3. Use Cases:**

- **Symmetric Encryption:**
- Typically used for encrypting large volumes of data due to its speed.
- Suitable for scenarios where key distribution is managed securely, such as within a
closed network.
- **Asymmetric Encryption:**
- Primarily used for secure communication, data exchange, and authentication.
- Enables secure establishment of shared secret keys between parties who have
never communicated before.

**4. Performance:**

- **Symmetric Encryption:**
- Faster and requires less computational resources, making it ideal for bulk data
encryption.

- **Asymmetric Encryption:**
- Slower due to the complexity of mathematical operations involved.
- Used mainly for exchanging session keys or securing critical communications.

**5. Key Management:**

- **Symmetric Encryption:**
- Requires careful management of shared keys to ensure security.
- Changing keys regularly is important to maintain security.

- **Asymmetric Encryption:**
- Easier key management since private keys are never shared.
- Keys don't need to be changed as frequently.

**6. Hybrid Approaches:**

- In many real-world scenarios, hybrid encryption is used, combining the strengths of

both symmetric and asymmetric encryption. For example, asymmetric encryption is
used for secure key exchange, and then a symmetric key is used for the actual data
encryption to achieve better performance.

In summary, symmetric encryption is faster and more efficient but requires secure key
distribution, while asymmetric encryption offers better security and eliminates key
distribution issues but is computationally more demanding. The choice between these
methods depends on the specific security requirements and use cases of the
application.

From a service perspective, an important difference between a symmetric-key system

and a public-key system is the way key management is handled:

In a **symmetric-key system**:
- Both parties communicating need to share the same secret key.
- The challenge lies in securely distributing and managing the secret key between the
communicating parties.
- If the secret key is compromised, all encrypted data is vulnerable.
- Changing the secret key frequently is essential to maintain security.
- Key management becomes more complex as the number of parties involved
increases.

In a **public-key system**:
- Each user has a pair of keys: a public key and a private key.
- The public key is openly available and can be shared with anyone.
- The private key is kept secret and never shared.
- Key distribution is simplified, as parties can freely share their public keys.
- Users can encrypt data using the recipient's public key, and only the recipient with
the corresponding private key can decrypt it.
- Public-key systems are more suitable for scenarios involving secure communication
and digital signatures.

In summary, the key management process is a significant service-related difference

between symmetric-key and public-key systems. Public-key systems offer a more
convenient way to share encryption capabilities without the need to share the private
key, while symmetric-key systems require secure key distribution and management to
maintain security.