**Which of the following is an incorrect statement about cryptographic functions? (Wentz QOTD)**

A. Collision makes a one-way function vulnerable and reversible.

B. The confusion property of a cipher reduces occurrences of key clustering.

C. A key schedule is an algorithm calculating round keys from the key in a product cipher.

D. Manually rotating a key typically occurs when the key is subject to being compromised.

**Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.**

My suggested answer is A. Collision makes a one-way function vulnerable and reversible.

Collision makes a one-way function vulnerable, but a one-way function, e.g., hashing, is always irreversible. We cannot restore the original message from the hash value computed from the hash function.

## Confusion and Key Clustering

“In cryptography, confusion and diffusion are two properties of the operation of a secure cipher identified by Claude Shannon in his 1945 classified report A Mathematical Theory of Cryptography. These properties, when present, work to thwart the application of statistics and other methods of cryptanalysis.” (Wikipedia)

In cryptography, “key clustering” refers to the situation when two different keys generate the same ciphertext from the same plaintext, using the same cipher algorithm. The confusion property of a cipher complicates the relationship between the key and the ciphertext, reducing the occurrence of key clustering.

## Round Keys (Subkeys) and Key Schedule

Modern ciphers, or the so-called product ciphers, complicate ciphertext by confusing its relationship with the encryption key and diffusing the relationship with the plaintext through multiple rounds of processing of substitution and permutation, where each round may use a specific round key. A key schedule is an algorithm that calculates all the round keys from the key.

In cryptography, a product cipher combines two or more transformations in a manner intending that the resulting cipher is more secure than the individual components to make it resistant to cryptanalysis. The product cipher combines a sequence of simple transformations such as substitution (S-box), permutation (P-box), and modular arithmetic. The concept of product ciphers is due to Claude Shannon, who presented the idea in his foundational paper, Communication Theory of Secrecy Systems.

Source: Wikipedia

## Key Rotation

For symmetric encryption, periodically and automatically rotating keys is a recommended security practice. Some industry standards, such as Payment Card Industry Data Security Standard (PCI DSS), require the regular rotation of keys.

Cloud Key Management Service

does notsupport automatic rotation of asymmetric keys. See Considerations for asymmetric keys below.

We recommend that you rotate keys automatically on a regular schedule.A rotation schedule defines the frequency of rotation, and optionally the date and time when the first rotation occurs. The rotation schedule can be based on either the key’s age or the number or volume of messages encrypted with a key version.Some security regulations require periodic, automatic key rotation. Automatic key rotation at a defined period, such as every 90 days, increases security with minimal administrative complexity.

You should also manually rotate a key if you suspect that it has been compromised, or when security guidelines require you to migrate an application to a stronger key algorithm. You can schedule a manual rotation for a date and time in the future. Manually rotating a key does not pause, modify, or otherwise impact an existing automatic rotation schedule for the key.Source: Google

# Reference

- Key rotation
- What’s the purpose of key-rotation?
- Key schedule
- Product cipher
- Symmetric Cryptography and Key Management: Considerations on Key Exhaustion, Rotation and Security Models
- Birthday attack
- Confusion and diffusion
- What is Hashing? Hash Functions Explained Simply

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, *The Effective CISSP: Security and Risk Management*, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

**下列關於密碼學的功能的說法何者不正確？ (Wentz QOTD)**

A. 碰撞(collision)使單向函數易受攻擊且可逆。

B. 密碼的混淆(confusion)特性減少了密鑰叢集(key clustering)的發生。

C. 密鑰週期(key schedule)是一種從乘積密碼(product cipher)中計算輪密鑰(round key)的算法。

D. 手動輪換密鑰(key rotation)通常發生在密鑰可能外洩時。