Question 1: Reasons Where Message Authentication is Required Without Confidentiality

  1. Integrity Verification: When it's important to ensure that the message has not been altered during transmission, message authentication can be used to verify the integrity of the message without encrypting its content.
  2. Non-repudiation: Message authentication is often used to ensure that the sender cannot deny sending the message, especially in legal or financial transactions, without necessarily requiring confidentiality.

Question 2: What is 3DES?

  1. Triple DES (3DES): 3DES is an encryption algorithm that applies the DES (Data Encryption Standard) cipher three times to each data block to increase security. It uses three 56-bit keys, making it more secure than standard DES.
  2. Backward Compatibility: 3DES was designed to provide stronger encryption while maintaining compatibility with hardware and software that was originally designed for DES, as DES had become insecure due to its small key size.

Question 3: Two Main Drawbacks of DES

  1. Small Key Size: DES uses a 56-bit key, which is vulnerable to brute-force attacks as computing power increases, making it easy for attackers to crack the key.
  2. Outdated Security: DES has been superseded by more secure algorithms like AES because its encryption strength no longer meets modern security standards.

Question 4: While using encryption during message transmission, message authentication mechanism is also used at the same time. Do you agree? if yes, then illustrate the reason.

Yes, I agree. When encryption is used during message transmission, message authentication is also required to ensure that the message is not only protected from unauthorized reading (confidentiality) but also has not been tampered with during transmission. Encryption alone does not guarantee integrity, so a separate message authentication code (MAC) or digital signature is often used alongside encryption to verify the sender's identity and the integrity of the message.

Question 5: The sender only has to send the messages encrypted using its private key, which will then be decrypted by interested receivers using the sender's public key. In order to execute it properly, does the sender also needs to maintain a database of public keys of all receivers as well? Do you agree? If yes. then illustrate the reason.

No, the sender does not need to maintain a database of public keys for all receivers in this scenario. The scenario describes encryption using the sender's private key for authenticity, which can be verified by receivers using the sender's public key. Public key cryptography allows any interested receiver to use the publicly available key to decrypt the message and confirm its authenticity. Therefore, the sender does not need to store the receivers' public keys for this purpose, but the receiver would need access to the sender's public key.