Question
Let F be a pseudorandom permutation. Consider the mode of operation in which a uniform value ctr 2 {0,1}n is chosen, and the ith ciphertext
Let F be a pseudorandom permutation. Consider the mode of operation in which a uniform value ctr 2 {0,1}n is chosen, and the ith ciphertext block ci is computed as ci := Fk(ctr + i + mi). Show that this scheme does not have indistinguishable encryptions in the presence of an eavesdropper. (problem 3.27 in the textbook)
Here are few hints:
Essentially F_k (ctr+ i + m) allows an adversary to do some "arithmetic" inside F_k
Can an adversary create a two messages m_0 and m_1 such that both cipher blocks for m_0 are the same and for m_1 are different? This will allow the adversary to win the indistinguishability game. I am assuming m_0 and m_1 have two blocks.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Lnai 12458 Machine Learning And Knowledge Discovery In Databases European Conference Ecml Pkdd 2020 Ghent Belgium September 14 18 2020 Proceedings Part 2 Lnai 12458
Authors: Frank Hutter ,Kristian Kersting ,Jefrey Lijffijt ,Isabel Valera
1st Edition
3030676609, 978-3030676605
