Introduction-to-Cryptography Questions and Answers

A Caesar cipher is a classic monoalphabetic substitution cipher where each plaintext letter is replaced by a letter a fixed number of positions away in the alphabet. For example, with a shift of 3, A becomes D, B becomes E, and so on, wrapping around at the end (X→A, Y→B, Z→C). This “fixed shift” is the entire key: both sender and receiver must know the shift value to encrypt and decrypt. Decryption simply shifts letters back by the same amount. The Caesar cipher illustrates foundational cryptographic ideas: key-based transformation, reversible mapping, and the importance of key space size. Because the key space is tiny (only 25 meaningful shifts in the Latin alphabet), it is easily broken by brute force. It is also vulnerable to frequency analysis because letter frequency patterns in the ciphertext resemble those of the plaintext, just relabeled. While historically important for introducing substitution concepts, it provides no meaningful security by modern standards. The defining operation is the fixed positional shift, which directly matches option D.

Symmetric cryptography generally provides the fastest encryption and decryption performance among common cryptographic operations. Algorithms like AES and ChaCha20 are designed for high throughput and efficient implementation in software and hardware (e.g., AES-NI acceleration). Symmetric decryption is computationally similar in cost to symmetric encryption, and both are far faster than asymmetric operations for equivalent security levels. Asymmetric cryptography (RSA, ECC) involves expensive mathematical operations (modular exponentiation or elliptic-curve scalar multiplication), making it much slower and unsuitable for bulk data decryption. That is why real-world secure protocols use asymmetric cryptography primarily to authenticate peers and establish keys, then switch to symmetric encryption for the actual data stream. Hashing is not decryption at all; it is one-way, and there is no “decrypt” operation for a hash. Padding is not a decryption mechanism; it is a formatting step used with block ciphers to align plaintext length. Therefore, the correct choice for the operation with the fastest decryption process is symmetric cryptography.

The expression 23 mod 6 asks for the remainder when 23 is divided by 6. Modular arithmetic is foundational in cryptography, especially in public-key systems (RSA, Diffie–Hellman, ECC) where operations occur in finite rings or fields. To compute 23 mod 6, identify the largest multiple of 6 that does not exceed 23. Multiples of 6 are 6, 12, 18, 24. Since 24 is greater than 23, the largest valid multiple is 18. Subtract: 23 − 18 = 5, so the remainder is 5. Therefore, 23 mod 6 = 5, which corresponds to option “05.” Modular reduction keeps numbers within a fixed range (0 to modulus−1), enabling stable arithmetic under wraparound behavior. In cryptographic protocols, this wraparound property is essential for defining groups and ensuring operations remain bounded and consistent.

DER (Distinguished Encoding Rules) is a binary encoding format used to represent ASN.1 structures in a canonical, unambiguous way. X.509 certificates are defined using ASN.1, and DER provides a strict subset of BER (Basic Encoding Rules) that guarantees a single, unique encoding for any given data structure. That “unique encoding” property is important for cryptographic operations such as hashing and digital signatures, because different encodings of the same abstract data could otherwise produce different hashes and break signature verification. In contrast, PEM is not a binary encoding; it is essentially a Base64-encoded text wrapper around DER data, bounded by header/footer lines (e.g., “BEGIN CERTIFICATE”). PKI is an overall framework for certificate issuance, trust, and lifecycle management—not an encoding. RSA is an asymmetric algorithm used for encryption/signing, not a certificate encoding format. Therefore, the binary-based certificate encoding process among the options is DER.

Bitcoin’s supply is controlled by protocol rules enforced by consensus: new bitcoins enter circulation through the block subsidy awarded to miners for producing valid blocks. This subsidy is programmed to halve at fixed intervals (every 210,000 blocks), which steadily reduces the rate of new coin creation over time and asymptotically approaches a capped total supply (commonly cited as 21 million BTC). This mechanism is often called the halving schedule and is the primary way limits are managed. The number of participants is not fixed; anyone can run a node or mine. There is no per-country cap and no per-person maximum enforced by the protocol—addresses and ownership are not limited that way. The supply cap emerges from the decreasing issuance schedule combined with consensus validation rules that reject blocks creating coins beyond what the schedule allows. Therefore, the correct answer is that limits are managed because rewards for mining reduce over time.

In the classical definition, a stream cipher encrypts data in very small units—often described as one bit at a time—by combining plaintext with a keystream (commonly via XOR). While many practical stream ciphers operate on bytes or words for efficiency, the conceptual distinction compared to block ciphers is that stream encryption processes data as a continuous stream rather than fixed-size blocks. This is why the standard teaching answer is “1 bit” per application of the keystream. Block ciphers, by contrast, encrypt blocks like 64 bits (DES/3DES) or 128 bits (AES) in each invocation of the block primitive. Options like 40, 192, and 256 are not typical stream cipher “per-step” processing sizes; 40 and 256 are often associated with key sizes, and 192 could be a key size for AES, not an encryption granularity. The essential security requirement for stream ciphers is that the keystream must be unpredictable and never reused with the same key/nonce combination; otherwise XOR properties allow attackers to recover relationships between plaintexts. Thus, the best answer is 1.

For Bitcoin, transactions are confirmed by inclusion in blocks, and the network targets an average block interval of about 10 minutes. That means transactions are “added” to the Bitcoin blockchain approximately every 10 minutes in the sense that a new block containing a batch of transactions is appended at that cadence. The 10-minute target is achieved by a difficulty adjustment mechanism that recalibrates mining difficulty roughly every 2016 blocks, aiming to keep the average interval stable despite changes in total network hash power. It is important to note that this is an average: blocks can be found faster or slower in the short term due to the probabilistic nature of proof-of-work mining. Other blockchains have different block times (seconds to minutes), but the question’s options and typical curriculum context align with Bitcoin’s 10-minute design. Therefore, the correct choice is approximately every 10 minutes.

OCSP is the primary online alternative to CRLs for checking whether a certificate has been revoked. With a CRL, a relying party periodically downloads a list of revoked certificate serial numbers published by the issuing CA (or CRL distribution point). That approach can be bandwidth-heavy, introduces latency between revocation and client awareness, and can result in clients using stale revocation data if updates are infrequent. OCSP improves this by allowing a client (or a server on the client’s behalf) to query an OCSP responder in near real time about the status of a specific certificate (good, revoked, or unknown). In practice, many TLS deployments use OCSP stapling, where the server periodically fetches a signed OCSP response from the CA’s responder and “staples” it to the TLS handshake, reducing client-side network calls and improving privacy (the CA doesn’t learn which site the client is visiting). Thus, OCSP provides a more timely, certificate-specific revocation status mechanism than CRLs while preserving the CA’s signed assurance.

Cryptography must evolve because threats, computing capabilities, and attack techniques continuously change. Algorithms once considered safe can become vulnerable due to cryptanalysis, implementation attacks, protocol flaws, or sheer increases in available compute power. Examples include the deprecation of SHA-1 for signatures, weakening of RC4, and migration away from older TLS versions and weak cipher suites. Frameworks also need to adapt to new environments—cloud architectures, IoT deployments, mobile devices—and new adversary models, including the long-term risk posed by quantum computing to current public-key systems. Adaptation includes updating standards, increasing key sizes where needed, adopting modern primitives (AEAD modes, stronger KDFs), improving key management practices (rotation, hardware-backed storage), and refining operational guidance (certificate lifetimes, revocation strategies). A rigid structure that never changes would lock organizations into obsolete protections and accumulate risk. Standardizing obsolete techniques or complying with outdated standards is the opposite of sound security engineering. Therefore, cryptography frameworks must adapt over time to respond to emerging threats and vulnerabilities and to maintain effective protection as the landscape evolves.

For protecting credit card data, the primary compliance framework is PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is an industry standard created by major card brands and administered through the PCI Security Standards Council. It sets requirements for organizations that store, process, or transmit cardholder data, including controls around network security, access control, monitoring, and cryptography. PCI DSS explicitly addresses encryption and protection of cardholder data (for example, protecting stored cardholder data and encrypting transmission over open, public networks, and using strong cryptography and secure protocols). CCPA and GDPR are privacy regulations focused on personal data rights and governance, and while they may encourage security measures, they are not specifically the card-industry security standard for payment data. HIPAA applies to protected health information, not payment card data. Therefore, the correct answer is PCI DSS.

A true random number generator (TRNG) produces outputs derived from nondeterministic physical processes (e.g., thermal noise, oscillator jitter, radioactive decay, or other hardware entropy sources). Because the underlying phenomenon is not algorithmically determined by an input seed in the same way as a PRNG, repeated “inputs” (or identical conditions from a software perspective) do not yield the same sequence; the outputs vary unpredictably. By contrast, a pseudorandom number generator (PRNG) is deterministic: given the same seed and internal state, it produces the same output sequence, which is useful for repeatability but means security depends on seed secrecy and proper seeding. “Prime” is not a generator type, and “sequence” is too generic and does not imply nondeterminism. In cryptographic systems, TRNGs (or hardware entropy sources) are often used to seed cryptographically secure PRNGs (CSPRNGs), combining high-quality entropy with efficient generation. Therefore, the generator that can produce different results for the “same input data” is a true random number generator.

Lightweight cryptography is important because many modern systems operate in constrained environments—IoT sensors, embedded controllers, wearables, and mobile devices—where CPU, memory, storage, bandwidth, and battery power are limited. Traditional “heavy” cryptographic suites may be too slow, too energy-intensive, or too large in code footprint for these platforms, leading to insecure workarounds or disabling security entirely. Lightweight cryptographic primitives and profiles are designed to deliver strong security properties (confidentiality and integrity, often via AEAD) while fitting within tight resource budgets and real-time constraints. This is essential as IoT and mobile ecosystems expand, increasing the attack surface and the consequences of compromised devices (botnets, surveillance, physical safety risks). Lightweight cryptography is not meant to “limit encryption tools” or complicate protection; it enables practical, deployable security where otherwise implementations might be weak or absent. High-speed network communication can benefit from efficient crypto too, but the defining modern driver is constrained-device security. Therefore, the correct reason is addressing the security needs of IoT devices and mobile applications.

Bit-flipping exploits target encryption modes or protocols that do not provide strong integrity, allowing attackers to modify ciphertext so that predictable changes occur in plaintext after decryption. To defend against this, protocols add an integrity mechanism that detects tampering. In WPA (including enterprise deployments), TKIP introduced a Message Integrity Check (MIC) called “Michael.” The MIC is computed over the frame contents (with additional fields) and verified by the receiver; if an attacker flips bits in transit, the MIC verification fails, and the frame is rejected. While AES (used by WPA2’s CCMP) also provides integrity via authenticated encryption, the option presented that directly names the tamper-detection mechanism associated with guarding against bit-flipping is MIC. A pre-shared key is an authentication/keying method (and not enterprise-mode anyway), and a “global encryption key” would be the opposite of what you want—global/static keys worsen security. Therefore, the intended mechanism that mitigates bit-flipping by detecting unauthorized modifications is the Message Integrity Check.

Lightweight cryptography refers to cryptographic primitives and profiles engineered for environments where computational resources are constrained—limited CPU, memory, power, bandwidth, and code size—while still requiring robust security. Typical targets include IoT sensors, embedded controllers, smart cards, RFID, wearables, and many mobile or edge deployments. The design goals emphasize efficiency (low energy consumption, small silicon area for hardware, small firmware footprint) and practical performance under constraints, often while providing modern security properties like authenticated encryption (confidentiality + integrity) and secure hashing. Lightweight cryptography is not simply “stronger encryption”; it balances security with implementability in constrained systems. It is also not restricted to military settings and is not inherently outdated—many lightweight designs are modern and motivated by the rapid growth of IoT and pervasive computing. Because constrained devices are common entry points for attackers, having secure primitives that fit those devices is a critical part of contemporary security architecture. Therefore, the best description is cryptographic algorithms designed for resource-constrained environments.

When software is digitally signed, the organization computes a cryptographic hash (digest) of the software (or its manifest) and then signs that digest using the organization’s private key. Verification works in the opposite direction: the customer (verifier) uses the organization’s public key to validate the signature and recover/confirm the signed digest, then independently hashes the received software and compares the result. If the digests match and the signature validates under the public key, the customer has strong assurance that the software has not been altered since it was signed and that it was signed by the holder of the corresponding private key. The customer never needs the organization’s private key—sharing it would destroy security and enable forgery. Likewise, the customer’s own keys are irrelevant to verifying the publisher’s signature. The organization’s public key is typically delivered inside a certificate chain (code signing certificate) so the verifier can also validate publisher identity and trust. Therefore, the customer uses the organization’s public key for signature verification (often described as “decrypting” the signed digest).

Breaches tied to poor cryptographic practices often stem from preventable issues: outdated algorithms, weak key management, misconfigured TLS, missing integrity checks, hard-coded secrets, unrotated keys, or improper certificate validation. A key lesson is that organizations must proactively identify and prioritize these risks—exactly what comprehensive risk assessments are designed to do. Effective risk assessment inventories cryptographic assets (keys, certificates, protocols), maps them to business processes, evaluates threats (e.g., MITM, data exfiltration, supply-chain tampering), and finds gaps between current controls and best practices. It also helps ensure crypto decisions align with real-world risk, compliance requirements, and operational constraints. The other options are explicitly wrong: training is relevant because many crypto failures are implementation/configuration errors; audits and updates are essential because cryptographic guidance evolves; and security cannot be “secondary” without increasing breach likelihood and impact. Therefore, the most defensible lesson is that comprehensive risk assessments are vital for identifying vulnerabilities before attackers exploit them.

ECB (Electronic Codebook) mode encrypts each block independently with the same key, which makes it naturally amenable to parallel processing: multiple blocks can be encrypted or decrypted simultaneously because there is no chaining dependency between blocks. This is in contrast to CBC encryption, where each plaintext block is XORed with the previous ciphertext block, creating a dependency that prevents straightforward parallelization of encryption (though CBC decryption can be parallelized because ciphertext blocks are already known). Feedback modes like CFB and OFB generate keystream material sequentially, where each step depends on the previous state, limiting parallelism. While ECB’s parallelism is an implementation advantage, it is widely discouraged for most real data because it leaks patterns—identical plaintext blocks produce identical ciphertext blocks. Modern systems prefer parallel-friendly and secure modes such as CTR or GCM, but among the listed options, the mode most known for parallel processing is ECB due to block independence. Therefore, the correct answer is Electronic Codebook (ECB).

HIPAA is a U.S. regulation focused on protecting the privacy and security of protected health information (PHI). In relation to encryption, HIPAA’s Security Rule requires covered entities and business associates to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI. Encryption is widely recognized as a key technical safeguard for confidentiality—protecting PHI in transit (e.g., over networks) and at rest (e.g., on storage devices) by making data unreadable without the proper keys. HIPAA does not standardize encryption across all industries, nor does it prohibit electronic health records; it regulates how they must be protected. While HIPAA often uses the term “addressable” for encryption controls (meaning organizations must implement it if reasonable and appropriate, or document an equivalent alternative), the overarching purpose remains protection of patient information through secure measures, with encryption as a central mechanism. Therefore, the best answer is ensuring confidentiality of patient information through secure measures like encryption.

TLS is the modern successor to SSL. SSL (notably SSL 2.0 and SSL 3.0) was an early protocol family for securing network communications, providing encryption, integrity, and endpoint authentication for applications like HTTPS. Over time, weaknesses were discovered in SSL’s design and in the cryptographic mechanisms commonly used with it. TLS was introduced as an improved, standardized evolution (starting with TLS 1.0, based on SSL 3.0 but with important fixes), and later versions (TLS 1.2 and TLS 1.3) significantly strengthened security by removing weak ciphers, improving key exchange, and tightening handshake and record protections. In practice, when people say “SSL” today, they often mean “TLS,” but true SSL is deprecated and should not be used. SSL is not a replacement of TLS, and the two are not identical in security—TLS versions incorporate substantial improvements and modern cryptographic best practices. SSL is also not limited to email; it was widely used for web traffic and other protocols. Therefore, the correct relationship is that TLS replaced SSL to provide improved security.

A birthday attack targets hash functions by exploiting the birthday paradox: collisions (two different inputs producing the same hash output) can be found much faster than brute-forcing a specific preimage. For an n-bit hash, the expected work t o find any collision is on the order of 2^(n/2), not 2^n. The attack is relevant because many security constructions rely on collision resistance—digital signatures, certificate fingerprints, integrity checks, and some commitment schemes. If an attacker ca n generate two different documents with the same hash, they may trick a signer into signing one version while later presenting the other as “signed,” depending on the protocol. Linear cryptanalysis and differential cryptanalysis are primarily techniques ag ainst block ciphers, analyzing relationships between plaintext/ciphertext differences or linear approximations across rounds. Algebraic attacks treat the cipher as a system of equations. The description “looking for different inputs that generate the same hash” is the hallmark of collision-finding, and the classic framing for that is the birthday attack.

Large prime numbers are crucial because they enable cryptosystems where certain operations are easy to perform, but reversing them is computationally hard without secret information. In RSA, security is based on the difficulty of factoring a large composite number that is the product of two large primes; multiplying primes is easy, but factoring the product is believed to be hard at sufficient sizes. In Diffie–Hellman and related systems, primes define finite groups (often modulo a large prime) where exponentiation is efficient but the discrete logarithm problem is hard. Primes also help ensure desirable group properties—such as having a large cyclic subgroup—reducing vulnerabilities from small subgroups or weak structure. The value of “large” is that it makes brute-force and known algorithmic attacks infeasible with current computing resources. Large primes do not primarily make encryption faster, nor do they make decryption easier; they are chosen to maximize security margins. While primes can be involved in encoding steps, their importance is security: they form the mathematical foundation for hardness assumptions used by major public-key algorithms. Therefore, the best answer is that they provide security in encryption algorithms.

A cryptography framework provides a consistent, repeatable way to select, deploy, and manage cryptographic controls across an organization. Its key benefit is structure: it defines approved algorithms and key sizes, acceptable modes of operation, key management rules (generation, storage, rotation, revocation, backup), certificate handling, and secure protocol configurations (e.g., TLS settings). This reduces ad hoc implementations that often lead to vulnerabilities such as weak ciphers, key reuse, improper randomness, or missing integrity protections. A framework also clarifies roles and processes—who can access keys, how secrets are audited, and how exceptions are handled—improving governance and operational reliability. Importantly, it does not guarantee perfect security; no framework can eliminate all risk, and secure outcomes still depend on correct implementation, monitoring, and maintenance. It also does not eliminate the need for training; human error is a major source of crypto misconfiguration. While frameworks help with compliance, they are not solely about regulation; they are about sound security engineering and lifecycle management. Therefore, the primary benefit is providing a structured approach to implementing encryption practices.