INFO2222 · Computing 2 Usability and Security
Cryptography Basics and Symmetric Crypto
Week 6 opens the security half with cryptographic foundations: Kerckhoff's principle, hashing and its properties, and symmetric encryption with its block/stream ciphers, modes, MACs and authenticated encryption. Small XOR and hash-reasoning items are prime 2-mark and 4-mark exam material, and the definitions (one-wayness, collision resistance, ECB weakness) are recall staples.
What this chapter covers
- 01Security as science not art: state the exact strength, system model and threat model; the wooden-barrel weakest-link principle
- 02Kerckhoff's principle vs security through obscurity — secrecy belongs in the key, not the algorithm
- 03Randomness and entropy: keys need uniform, high-entropy, cryptographically secure randomness (CSPRNG, not Math.random)
- 04Hash functions and their properties: deterministic, avalanche effect, one-wayness (pre-image), second-pre-image and collision resistance
- 05Hash applications: password storage with salt, message integrity, proof-of-work; MD5/SHA-1 broken for collision resistance
- 06Symmetric encryption syntax: K-Gen, C = Enc(K, M), M = Dec(K, C); block ciphers (AES) vs stream ciphers (ChaCha20)
- 07Perfect vs semantic security; the One-Time Pad (C = M ⊕ K), Shannon's result and why key reuse is fatal
- 08Short-key crypto: PRG (stream ciphers), PRF; modes of operation — ECB weakness vs CTR; MAC and authenticated encryption (AE)
One-Time Pad XOR and why key reuse leaks
- +1(a) XOR bit by bit (0⊕0=0, 1⊕1=0, 0⊕1=1). M = 10110010, K = 01101001 → C = 11011011.
- +1(b) Decrypt with the same key: C ⊕ K = 11011011 ⊕ 01101001 = 10110010 = M. XOR is its own inverse, so applying K twice cancels it — this is why Dec(K, Enc(K, M)) = M.
- +1(c) Encrypt the reused-key second message: C2 = M2 ⊕ K = 00111000 ⊕ 01101001 = 01010001. Now XOR the two ciphertexts: C ⊕ C2 = (M ⊕ K) ⊕ (M2 ⊕ K) = M ⊕ M2, because the two copies of K cancel. Numerically 11011011 ⊕ 01010001 = 10001010, which equals M ⊕ M2 (check: 10110010 ⊕ 00111000 = 10001010).
- +1Lesson: reusing a One-Time Pad key removes the key entirely from C ⊕ C2, leaking M ⊕ M2 — and if the attacker guesses or knows M, they recover M2 = (M ⊕ M2) ⊕ M. Perfect secrecy requires a uniformly random key at least as long as the message and used only once.
Key terms
- Kerckhoff's principle
- The security of a system should depend only on the secrecy of its key, not on the algorithm staying hidden. Algorithms should be public and openly reviewed; the key is the short secret. The opposite is 'security through obscurity', which relies on ignorance rather than strength.
- Hash function properties
- A hash maps input to a fixed-size digest and behaves like a random function. Key properties: deterministic; avalanche effect (a tiny input change greatly changes the digest); pre-image resistance (one-wayness); second-pre-image resistance; and collision resistance. MD5 and SHA-1 are broken for collision resistance.
- Salt
- A unique random value added per user before hashing a password (digest = hash(pwd ‖ salt), storing salt and digest). It makes identical passwords hash differently and defeats precomputed (rainbow-table) attacks.
- Symmetric encryption
- Encryption using the same secret key K to encrypt and decrypt: C = Enc(K, M), M = Dec(K, C), with correctness Dec(K, Enc(K, M)) = M. Its goal is confidentiality. Block ciphers (AES) encrypt fixed-size blocks; stream ciphers (ChaCha20) encrypt bit/byte-by-byte.
- One-Time Pad (OTP)
- Encrypting with C = M ⊕ K using a truly random key as long as the message, used once. Shannon proved it gives perfect secrecy, but the key must never be reused (C1 ⊕ C2 = M1 ⊕ M2 leaks) and must be shared securely — so it is rarely practical.
- ECB vs CTR mode
- Modes for using a block cipher on long messages. ECB encrypts each block independently, so identical plaintext blocks give identical ciphertext blocks and leak structure — insecure. CTR (counter mode) encrypts a per-block counter/nonce via a PRF and XORs it in, so every block's keystream differs.
Cryptography Basics and Symmetric Crypto FAQ
Why must encryption keys be uniformly random and high-entropy?
Because an attacker's job is to guess the key, and any bias or pattern shrinks the search. Uniform means no outcome is more likely than another; high-entropy means many possibilities (128 bits gives 2^128 options, whereas a 6-digit PIN is only about 20 bits and brute-forceable). The randomness must also be cryptographically secure — from a CSPRNG such as crypto.randomBytes() or /dev/urandom, never Math.random() or a timestamp, which are predictable given the seed.
What is the difference between the three hash resistance properties?
Pre-image resistance (one-wayness): given a digest h(x), it is hard to find x. Second-pre-image resistance: given a specific x, it is hard to find a different x' with the same digest. Collision resistance: it is hard to find any two inputs at all that share a digest. Collisions must exist mathematically (inputs outnumber digests) but must be infeasible to find — MD5 and SHA-1 fail this and should be avoided.
Why is ECB mode insecure?
Because it encrypts each block independently with the same key, so two identical plaintext blocks always produce identical ciphertext blocks. That leaks structure — an attacker can see repetition and patterns even without decrypting. CTR mode fixes this by combining each block with a distinct keystream from a PRF over a counter or nonce, so identical plaintext blocks encrypt differently.
Can AI help me with cryptography basics in INFO2222?
Yes, as a study aid. Sia can check an XOR encryption bit by bit, explain why key reuse breaks a One-Time Pad, drill the hash resistance definitions, and contrast ECB with CTR. Use it to rehearse the small crypto calculations and definitions for the security quizzes and the exam; it does not do graded assessment for you, and the University of Sydney academic-integrity policy applies.
Exam move
Week 6 rewards two kinds of practice. First, small bit-level drills: XOR-encrypt and decrypt 8-bit messages until XOR-is-self-inverse is automatic, and rehearse the two-time-pad result (C1 ⊕ C2 = M1 ⊕ M2) that explains why key reuse is fatal — and always reject AND/OR distractors. Second, crisp definitions: be able to state Kerckhoff's principle, the three hash resistance properties, the symmetric-encryption syntax, and the ECB weakness in one line each, because these are 2-mark recall items. Learn the block-vs-stream and PRG-vs-PRF distinctions and remember that MD5/SHA-1 are broken for collision resistance. Tie every mechanism back to its threat model — always re-ask 'what is the system model, what is the threat model'. Confirm the security scope in the Week 12 revision on Canvas.
Working through Cryptography Basics and Symmetric Crypto in INFO2222? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Cryptography Basics and Symmetric Crypto question and get a clear, step-by-step explanation grounded in how INFO2222 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.