Consider the following variant of the CBC$-$MAC, intended to allow one to MAC messages of arbitrary length. The construction uses a blockcipher E$($K$,),$ assumed to be secure and with a key space $\{0,1\}$k$,$ domain, and range $\{0,1\}$n$.$ The domain for the MAC contain messages of arbitrary length, but multiple of n bits. To MAC M under key K$,$ compute CBCK $($M $\backslash |$M $)$ where $$M $$ is the length of M written as n bits. In other words, append the length of M to M before applying the MAC. The verification algorithm computes the MAC for the message sent and compares with the provided tag. Show that this MAC is not UF$-$CMA secure$.$

Using below template:

$1$ PROOF

Given:

$-$ Write all given points from the question like Encryption Scheme, MsgSp$,$ KeySp, etc

Proof

Attack: Write what your queries are and the algorithm for how your adversary will win. Ex$.$ Consider $...$ adversary who submits the following LR query: $....$ The adversary then applies the following algorithm: $...$

Justification: Explain why the attack works

Advantage: Calculate the advantage and show adversary will win with advantage not close to $0.$

Resources: Show the resources are reasonable; t: time, q: queries, $$: total length of queries $($usually number of bits$).$Consider the following variant of the $CBC-$MAC, intended to allow one to MAC

messages of arbitrary length. The construction uses a blockcipher $E_{K_1*},$

assumed to be secure and with a key space $\{0,1\}k,$ domain, and range $\{0,1\}n.$

The domain for the MAC contain messages of arbitrary length, but multiple of $n$

bits. To MAC M under key $K,$ compute $CBCK(M||($:$M$:$))$ where $($:$M$:$)$ is the length

of $M$ written as $n$ bits. In other words, append the length of $M$ to $M$ before

applying the MAC. The verification algorithm computes the MAC for the

message sent and compares with the provided tag. Show that this MAC is not

UF$-$CMA secure$.$

Using below template:

$1$ PROOF

Given:

Write all given points from the question like Encryption Scheme, $MsgS{p}_S$

KeySp, etc

Proof

Attack: Write what your queries are and the algorithm for how your adversary

will win. Ex$.$ Consider $...$ adversary who submits the following LR query: $....$ The

adversary then applies the following algorithm: $...$

Justification: Explain why the attack works

Advantage: Calculate the advantage and show adversary will win with

advantage not close to $o.$

Resources: Show the resources are reasonable; t: time, q: queries, $$ : total

length of queries $($usually number of bits$).$