Suppose Alice and Bob share keys k1 and k2 for an n-bit block cipher Enc. Consider a
Fantastic news! We've Found the answer you've been seeking!
Question:
Suppose Alice and Bob share keys k1 and k2 for an n-bit block cipher Enc. Consider a setting where Alice wants to authenticate an encrypted message to Bob as follows: Alice chooses a random n-bit IV , sets c1 = Enck1 (m ⊕ IV ) and c2 = Enck2 (m ⊕ IV ), and then sends (IV, c1, c2) to Bob. When Bob receives (IV, c1, c2) he computes m = Deck1 (c1)⊕IV and m0 = Deck2 (c2)⊕IV . If m0 6= m then Bob outputs ⊥, else he accepts the message m as an authenticated message from Alice. Does this scheme satisfy the security of an authenticated encryption scheme (namely, existential MAC forgery under a chosen message attack)?
Related Book For
Computer Networking A Top-Down Approach
ISBN: 978-0136079675
5th edition
Authors: James F. Kurose, Keith W. Ross
Posted Date: