Cryptography

An encryption device C has a master key Kc stored in it$.$ Kc is not accessible from outside.

Since C must encrypt with other keys $($besides Kc$)$ and it not possible to store all keys inside

C$,$ the additional keys are encrypted with Kc and stored outside C$.$ Each key K is associated with a bit vector P indicating how K can be used $($e$.$g$.$ for encryption, for authentication, $...$ or a combination thereof$).$

C must use the key K according to the allowed usage encoded in the corresponding bit vector Pa$.$ Thus, when K and Pk are exported and stored outside C it is not enough to store the pair $(\{$K$\}$Ko$,$ Pk$),$ as otherwise an attacker could modify the values of Pk$.$ A possible solution is to use Pk in the encryption and decryption process in such a way that if Pk is modified, the recovery of K by C must generate an unusable result.

For each of the following procedures indicate whether the procedure is adequate to the pur$-$pose. Please justify your answer.

In what follows, $$ denotes the bit$-$wise exclusive or $($XOR$)$ and we assume that K$.,$ K$,$ P have all the same length.