Self-Assessment Quiz: Cryptography — From Caesar Cipher to RSA
Twenty questions to check your understanding of classical ciphers, the key-distribution problem, public-key cryptography, and RSA (generation, encryption, decryption, the correctness proof, and security). Answer before opening the key. Aim for 16+.
Question 1
Caesar's cipher is the special case of which more general cipher, with which key?
A) the substitution cipher, with the identity permutation B) the shift cipher, with key $k = 3$ C) RSA, with public exponent $e = 3$ D) a symmetric cipher with a 128-bit key
Question 2
The shift cipher's key space has size 26, while the substitution cipher's has size $26! \approx 4\times10^{26}$. Yet the substitution cipher is still breakable. The reason is that:
A) $26!$ is actually small enough to brute-force on a laptop B) it preserves letter frequencies, so the language's statistical fingerprint survives encryption C) the key is too hard to remember, so people choose weak ones D) modular arithmetic always leaks the key
Question 3
Frequency analysis works less reliably on a very short ciphertext than on a long one because:
A) short texts use a different alphabet B) letter frequencies are statistical averages, and a short sample is noisy C) short texts are always encrypted with the shift cipher D) the key space shrinks for short messages
Question 4
Kerckhoffs's principle states that a cryptosystem should remain secure even if the attacker knows:
A) the plaintext B) the private key C) everything about the system except the key D) nothing at all
Question 5
The key-distribution problem is best described as:
A) symmetric keys are too short to be secure B) symmetric cryptography needs a pre-shared secret, but establishing it over an insecure channel is the very problem you were trying to solve C) public keys are expensive to compute D) there are too few primes to make enough keys
Question 6
A network of $n$ parties wants pairwise-private communication using symmetric keys. The number of keys required is:
A) $n$ B) $n^2$ C) $\binom{n}{2} = \dfrac{n(n-1)}{2}$ D) $2^n$
Question 7
Switching that network from symmetric to public-key cryptography changes the total number of keys to:
A) $n$ key pairs (one per participant) B) still $\binom{n}{2}$ C) $\binom{n}{2}$ public keys plus $\binom{n}{2}$ private keys D) zero
Question 8
In the "open padlock" analogy for public-key cryptography, the padlock you hand out freely corresponds to the _, and the physical key you keep corresponds to the _.
A) private key; public key B) public key; private key C) plaintext; ciphertext D) modulus; exponent
Question 9
A trapdoor function differs from a plain one-way function in that:
A) it is easy to invert for everyone B) it cannot be computed in the forward direction C) it is infeasible to invert except for someone holding a secret, who can invert it easily D) it requires no key at all
Question 10
Why is a plain one-way function (easy forward, hard backward, no trapdoor) useless for encryption?
A) it is too slow B) the legitimate receiver also cannot invert it, so no one can decrypt C) one-way functions do not exist D) it leaks the key
Question 11
In RSA key generation with distinct primes $p, q$ and $n = pq$, the totient is:
A) $\phi(n) = pq$ B) $\phi(n) = p + q$ C) $\phi(n) = (p-1)(q-1)$ D) $\phi(n) = n - 1$
Question 12
The condition $\gcd(e, \phi(n)) = 1$ in RSA key generation is required because:
A) it makes encryption faster B) it is the precondition for the private exponent $d = e^{-1} \bmod \phi(n)$ to exist C) it guarantees $n$ is prime D) it prevents frequency analysis
Question 13
RSA encryption and decryption are, respectively:
A) $c \equiv m + e \pmod n$ and $m \equiv c - e \pmod n$ B) $c \equiv m^{e} \pmod n$ and $m \equiv c^{d} \pmod n$ C) $c \equiv e^{m} \pmod n$ and $m \equiv d^{c} \pmod n$ D) $c \equiv m \cdot e \pmod n$ and $m \equiv c \cdot d \pmod n$
Question 14
In RSA, after computing the private exponent $d$, which quantities must be destroyed or guarded because each one lets an attacker recompute $d$?
A) only $n$ B) the public exponent $e$ C) $p$, $q$, and $\phi(n)$ D) the ciphertext $c$
Question 15 (True/False, justify)
True or false: The congruence $ed \equiv 1 \pmod{\phi(n)}$ means $ed = 1$. Justify in one sentence, and state what it actually means.
Question 16
The main-case RSA correctness proof (for $\gcd(m, n) = 1$) collapses the factor $\big(m^{\phi(n)}\big)^k$ to 1 by invoking:
A) Fermat's little theorem B) Euler's theorem, which requires $\gcd(m, n) = 1$ C) the Chinese Remainder Theorem D) Bézout's identity
Question 17
The general-case RSA proof (any $0 \le m < n$) works modulo each prime separately and then glues the results with:
A) Euler's theorem B) the Chinese Remainder Theorem C) brute force D) the extended Euclidean algorithm
Question 18 (True/False, justify)
True or false: "Breaking RSA is exactly as hard as factoring $n$" is a fully proven theorem in both directions. Justify by saying which direction is a theorem and which is an assumption.
Question 19
Textbook RSA ($c = m^e \bmod n$, no padding) is insecure even if factoring is hard primarily because it is:
A) too slow for real use B) deterministic — identical plaintexts always produce identical ciphertexts, so guessed messages can be confirmed by re-encrypting C) based on the wrong totient formula D) limited to messages shorter than 26 letters
Question 20 (Short answer)
In one sentence, describe how a digital signature reuses the same RSA arithmetic for the opposite purpose of encryption (say which exponent signs and which verifies).
Answer Key
| Q | Ans | Note |
|---|---|---|
| 1 | B | Caesar = shift cipher with $k = 3$ (§25.1). |
| 2 | B | Substitution preserves letter frequencies; structure leaks despite the huge key space. |
| 3 | B | Frequencies are large-sample averages; short text is a noisy sample (in the chapter, V→S, not E). |
| 4 | C | Kerckhoffs: secure even if the enemy knows everything but the key. |
| 5 | B | You need a shared secret first, but agreeing on it over an open channel is the original problem. |
| 6 | C | Every pair needs a key: $\binom{n}{2} = n(n-1)/2$. |
| 7 | A | Public-key needs only $n$ key pairs — the combinatorial explosion collapses. |
| 8 | B | Padlock = public key (locks only); physical key = private key (unlocks). |
| 9 | C | The trapdoor lets the secret-holder, and only them, invert easily. |
| 10 | B | The legitimate receiver must be able to decrypt; no trapdoor means no one can. |
| 11 | C | $\phi(pq) = (p-1)(q-1)$ for distinct primes (Chapter 23 totient formula). |
| 12 | B | $d = e^{-1} \bmod \phi(n)$ exists iff $\gcd(e, \phi(n)) = 1$ (Chapter 23). |
| 13 | B | Encrypt $m^e$, decrypt $c^d$, both mod $n$. |
| 14 | C | $p, q, \phi(n)$ each reveal $d$; guard or destroy them. |
| 15 | False | A congruence is not an equality; it means $ed = 1 + k\phi(n)$ for some integer $k$ (and in fact $ed > 1$). |
| 16 | B | Euler's theorem, hypothesis $\gcd(m,n)=1$, gives $m^{\phi(n)} \equiv 1$. |
| 17 | B | CRT promotes the two prime-wise congruences to one mod $n = pq$. |
| 18 | False | Theorem: factor $n$ ⇒ recover $d$. Assumption: there is no feasible break without factoring. |
| 19 | B | Determinism lets an attacker encrypt candidate plaintexts and compare — no factoring needed. |
| 20 | — | Sign by raising the message to the private exponent $d$; verify by raising the signature to the public exponent $e$. |
Topics to review by question
| Questions | Topic |
|---|---|
| 1–3 | Classical ciphers and frequency analysis (§25.1) |
| 4 | Kerckhoffs's principle / security through obscurity (§25.1) |
| 5–7 | The key-distribution problem and its combinatorics (§25.2) |
| 8–10 | The public-key idea: padlock analogy and trapdoor functions (§25.3) |
| 11–14 | RSA key generation, encryption, decryption (§25.4) |
| 15–17 | The correctness proof: Euler, Fermat, and CRT (§25.5) |
| 18–19 | RSA security as a hardness assumption; textbook-RSA pitfalls (§25.6) |
| 20 | Digital signatures — RSA run backwards (§25.6) |