 So, on the website you can find the answers, so you can look and read in detail about the answers. You have to return your exam today though. There are some statistics so you can compare against others. The mean, so the exam is out of 70, so your score is given out of 70. The mean was 26 or about 38%. And I haven't compared against previous years but I think that's a little bit lower than previous years. So it was a little bit disappointing. Standard deviation, maximum, someone got 68, someone got 4 out of 70. And the histogram, unfortunately there's not so many people and this is in the percentage here. Only one person between 90 and 100 and only another 4 above 60%. So this was not as good as I hoped, too many down this end. Regarding a few more statistics then we'll look at some of the questions. Maybe hard to see at the back but just the scores, the average scores for the eight questions in the exam. Question one on RSA, I thought I gave you some hint that you need to remember RSA and we'll look at it but unfortunately most people didn't remember or didn't know how to use it. So we need to recover that 2 out of 13 is almost made me cry when I mark some of people's exams. Question two, let me remember, question two was about a set of different questions, one time pad, vision air and so on, not so bad. Question three was, most people can do play fair, can do rail fence and so on, can do the classical cyphers. Many people have fun on those classical cyphers but you need to be able to do a little bit more than just encrypt with those classical cyphers. So most people were okay with the classical cyphers. In most cases with them I either marked it correct or correct I got four marks or if there's something wrong zero marks with those classical cyphers. Question four, about half marks, that was a double cypher and the meat in the middle attack and again most people got the meat in the middle attack because you remembered from the quizzes and from the practice how to do that but some of the concepts not many people got. Question five, not so good, a fine Caesar cypher, something different, required a little bit of thought and tricked most people I think. Security services, question seven was about again very hard for most people, average of less than one out of seven, about the pseudo random number generator XOR, exclusive OR, so that was a hard one. And question eight was the next exam will be easier, solve the classical cypher. So let's look at just some of the exams, some of the exam questions and their answers, maybe going from the end working backwards or just go scroll through some of the questions and answers and answer any of your questions you may have about the marking for example. Question eight, two steps involve the rose column and a Caesar cypher so you needed to work out that from the Caesar cypher that what the key was based upon that the letter L mapped to the letter E and then once you got that then you need to do the rose column which tried some trial and error and a lot of people worked it out eventually, it need to arrange a few words, arrange four letters into a word. Question seven, not many people got question seven, it was similar to a question from the exam last year so if you understood the exam last year you may have got been able to do this one quite easily. I'll let you have a look at it in your own time, it relies some knowledge of XOR so make sure you're experts in exclusive or because we still continue to use that through other parts of cryptography. Question six, most people did okay, services, you need to know those six services, they're common through all parts of computer and network security so what is confidentiality, well quite simply keeping the message secret, authentication, verifying who you're communicating with, access control, preventing unauthorized access to a resource, integrity, make sure things aren't changed along the way, maintaining the integrity of the data, non-repudiation, making sure someone can't deny something, availability, making sure the system is usable so you should always know about those six services because most of the things we talk about can be classified as one of those six. Have a look at the Affine Caesar cipher, it's an interesting cipher but not many people got it, I will not attempt to go through it today. Most people got the double desk or the double cipher, meeting the middle attack, I want to get through to one that we can go through in a bit more detail, maybe it's just the first question, maybe here, the one time pad is considered to be unconditionally secure, what does this mean, hard to crack is not a good enough answer, what do you mean, you mean it's hard to get a hammer and hit it and make a crack in it, you need to be a bit more precise when you explain what is unconditionally secure, you cannot hack is not a good enough answer, it's important to realise that unconditionally secure means that doesn't matter how much time you have, how many resources you have, you still cannot break the cipher, you still cannot find the correct plaintext given ciphertext, even if you have all the time in the world, an infinite power computer, you cannot find it because if you do a brute force attack, what happens is that you try all possible keys and you get many possible plaintexts, the point is that of those possible plaintexts, many of them make sense, let's say English sentences or phrases, therefore which one is the correct one, you will not be able to tell, so it's not that you don't have enough time to try all keys, it's as if you do try all keys, you still can't determine what was the original plaintext, that's what we mean by unconditionally secure, if you want to, you should understand why that's the case and why it's different from let's say practically secure, that is most ciphers we talk about are practically secure in that in reasonable time we cannot break them, even with brute force, but unconditionally secure means that we can never break it, even if we try brute force, on the course website there's a link to a description that gives an example of why or an example with a simple cipher, why it's unconditionally secure, giving numbers of how long it takes to try all keys and still if you try all keys that you'll still get many possible plaintext that may make sense. The other parts here were just short questions, chosen ciphertext with short answers required, there was a mix of success on those different questions. Here, what mode of operation was used? CFB, you don't have to give the full name, CFB or cipher feedback mode, but saying AES-128-CFB I would not give the correct answer. The mode of operation is CFB, it's not AES, that's the block cipher being used. CFB is how AES is used. Okay, RSA, two parts to this question, not two parts, but two things to understand to be able to be successful, at least in part A, okay? You need to remember the equation and I advise you again, even though this exam's over, we'll continue to use RSA and public key cryptography, you need to remember this equation. And it's not so hard to remember, it's just an exponential mod n. You just need to know, once you remember this equation, you just need to know, well, where does e and n and m come from? Well, c is a ciphertext, m is the message or plain text, we sometimes use p, then you need to know, well, what is e and n? And just to remind you, what's the decryption? To decrypt, so encrypt c equals m to the power of e mod n and decrypt, to get the original message back, c to the power of d mod n. So there's not much to remember, it's the same equation, but just different variables. It's just one number raised to the power mod n. You must remember it. But once you remember it, then you need to know how to use the keys. And let's remind you, with public key cryptography, there are two keys. Each user has a key pair, a public and a private key. Okay, so imagine all of you have your own key pair. I'll show you how to create it soon. Everyone has a key pair. So we have one person wants to communicate and send a message confidentially to another person. Confidentially, I mean that they want to send a message such that no one else can read it. What do you do? Which key do you use? You have a key pair and the key pair consists of the public and a private key. You have your own. The recipient, every other user has a key pair. You want to send a message to someone else. You encrypt using the RSA equation and which key? Which key do you encrypt with? That's the key, the important thing to remember. Do you know? You want to send a message to someone else? You use her key, good start, and which one? You use the destinations key, but which one? Remember, every user has a pair of keys, public and private. Which one are you going to use? Think carefully. You're correct and you say you use the destinations key and either their public key or their private key. Which one do you think? You're going to use her private key. Think about what you're saying. You're going to encrypt using someone else's private key. What does private mean? It's secret. So you shouldn't know someone else's private key. So that gives you the hint. Which key do you think you're going to use to encrypt a send someone else? Not the private key, the public key. Because that other persons, the only key of their pair which is available to you is their public key. So you need to remember, when you want to send confidentially to someone else, you encrypt using their public key. You use the destinations public key. And the other thing with public key crypto is that if you encrypt with one key in a key pair, you can only successfully decrypt with the other key in that same key pair. If you encrypt with someone else's public key, the only way to decrypt that cipher text is using the corresponding private key from that key pair. That is the other person's private key. So you get your message, you encrypt with the destinations public key, you send the cipher text, you receive the cipher text and how do you decrypt it? Using which key? Your key, which one? There's a public and a private key. He has created a message. He's encrypted using your public key. He sends you the cipher text and you decrypt it using your private key. Always the opposite key in the key pair. If I encrypt with your public key, you will decrypt using your private key. If you try some other key, it won't decrypt successfully. You'll get random looking output or produce an error usually. So you need to remember which keys to use. So in this question, if you could remember the equation and if you could remember the key to use, because the question is, you have a key pair, PU and PR, we'll come back to the numbers in a moment, but you have a public and a private key. So does everyone else. So does Steve and Tanneruck. But you only know Steve and Tanneruck's public keys, of course. You don't know their private keys, otherwise we couldn't call them private. So you know Steve's public key and Tanneruck's public key. You have a message to send confidentially to Steve. Therefore, you need to use which key to encrypt Steve's public key. The destinations public key, which is this value, is used to encrypt. So we have the encryption algorithm. We know which key to use. The last step in this question is, well, what do these numbers mean? And you had to know that we have two numbers, in fact, in each key. We usually write the first one as E or D if it's the private key, E for the public key, D for the private key, and the second one, which is the same in both public and private key, is N, the modulus. If you knew that, then what you do is that you know M is 10, you're going to encrypt with Steve's public key, which is 3, 319. That is E equals 3, N equals 319. You plug them into the equation and you get the ciphertext. You didn't really need a calculator for that one because you plug in M is 10, E is 3, mod 319, and in 1,000 mod 319, you can do that on paper quite quickly and you get 43 is the remainder. So the ciphertext is 43. Any questions on that? When we have the next quiz and we give you another RSA question, everyone will remember. Remember the equation. Remember how the ordering of the keys, how to use the keys, because we're going to continue to use RSA as an example of public key crypto in the next topic. Any questions? Everything 100% clear on this first question, the one that made me cry because I thought it was so easy, but maybe five out of 40 people got it. The other parts, they're a bit more involved or you had to think a little bit more. Note that you and Tanarak have the same E value. Your public key is E equals 7, N equals 527, and the private key is D equals 3, 4, 3, N, the same N is 5, 2, 7. And note that Tanarak has a public key. You only know his public key. You can't know his private key. Where E also equals 7. Is that a problem, the second part? No, it's not a problem. Remember E is public. A, you can know other people's public value. That's not a problem. Is it a problem being the same? Again, no. As long as usually N, as long as N is not the same, then we're safe. That is, even if N was the same, it's possible to have other private values. But having that same E value is not a problem. It's not less secure. In fact, in most practical uses of RSA, everyone uses the same E value. I'll show you the software that does it. We can specify which E value, but by default, everyone uses the same value. It helps with the performance. So the E value, not so important for security perspective. The D value, of course, needs to be kept private. Part C was a little bit harder. Actually, a few more people seem to make attempts at this than part A. This requires the knowledge of the key generation algorithm. How do we choose the keys? So I will not go through this one in detail. But this was breaking RSA. It turns out when you use small numbers like in this example, it's quite easy to break. That is, Steve sends Tanaraka confidential message. We don't know what it is. This M. You intercept the ciphertext C. So you need to find M. So you need to think from the attacker's point of view, what do you know? You know C is 71. You know Steve's key or Steve's public key. And you know Tanaraka's public key. So then you need to work out which one was used to encrypt and then need to try and work out their private key. So perform an attack on RSA. I'll answer questions about your exam later. But have a look. So this one's a bit more involved. So harder than part A. But I think you should try and remember those steps for generating the key and therefore how to attack. Actually, my description in the answer here is it's quite long. It turns out the main point of the attack comes to the idea is to guess or to work out the private key of the user to find the value of D. And it's given N, find the totion of N by breaking it into its prime factors. And several people found the answer. Several, two or three, I think, found the answer of D and then eventually found that the message could be calculated. So you must be able to do part A. If you can't do part A, then consider withdrawing. Because that's a key part. The mathematics is easy. The concepts you need to remember a little bit. But the ordering of the keys and how you use them is very important. Part C was a little bit harder. You should try and understand how that works. Part D was simply the general approaches. And again, you should know these that there are some problems, some mathematical problems, which when we use very large numbers, hundreds of bits long, even hundreds of decimal digits, very large numbers, that those problems of calculating the answer take so long to solve that we call them impossible to solve in any reasonable time. And that's where public keys, ciphers, have their security. And that to break the ciphers, you need to solve these problems. And with RSA, you either need to factor a large number into its primes, P and Q, taking some large number, which was obtained by multiplying two primes together. Someone took P and Q, multiplied together to get N. Now they give you N, you need to go back and find P and Q. That's the challenge there. If the numbers are large enough, you won't be able to do it. The other part is that find the totient of the value. Again, if N is large enough, calculating the totient will take too long, unless you know P and Q. But you don't know P and Q because you can't factor N into its primes. And the other part, and again we'll see it in another algorithm later, discrete logarithm. Remember, we use exponentiation, M to the power of E, C to the power of D. The inverse operation is a logarithm. In modular arithmetic, it's called the discrete logarithm. The mod, we call it the discrete logarithm, not a normal logarithm. Solving a discrete logarithm with large enough numbers, again, is considered impossible. And those are three problems that make RSA secure, and also other algorithms for public key crypto. So I wanted to say a bit about that because you need that in the subsequent topics. The others you still need, but I think you can look in your own time. Any questions on the exam? Question? Maybe I'll look at that one later. Let me look at it later. Okay. Remembering the formula is sometimes not so useful if you can't use it. Let me have a look at it again later. Not sure. I'll look at it. No questions. Everyone's happy with their exam score. What did you get? Above 50 percent? Above 35? 17 out of 70. Okay. Something like less than 20 out of 70, then you need to work on improving, especially for your final exam. Otherwise, you're looking at one of those lower grades. F, D, D plus. No one wants them. Everything okay? Any questions? Is that yours? Good. Any questions? How are you going to improve? How are you going to get a better score in your final? Why did you not do the old exams? Did you do the old exams in this one? Just last year. Okay. All the old exams are available on the website. So yes, use them and don't look at the answers first. It won't help. So download and even print out the past year's exam and try and actually do it. That's the best way to study. Now, some questions may not be relevant across the different years, but that's a starting point to study. Don't print out the questions and then print out the answers and just look at them. You will not learn much that way. A little bit, maybe, but the best way is to try, check your own answers or get your friend to check your answers and then try again, maybe with the year before. If you can do that, you'll see a lot of the questions are similar to the last two or three years. I think out of the eight questions, probably six are almost copy and pasted from the last three years, but you need to practice. You can't just turn up in most cases. Any other questions about the exam? Before we close that. Today, I'm just going to give a demo and we will not start a new topic.