Let ? = (Gen, Enc, Dec) be an encryption scheme constructed as follows:

Gen(1n) outputs k ?R {0, 1} n (i.e., chosen uniformly at random)

Enc : Given a message m ? {0, 1} 2n,

1. The algorithm splits the message into two blocks ?1 and ?2 such that |?1| = |?2| = n and m = ?1k?2 (Here, k is a concatenation operator).

2. The algorithm computes wi := Fk(?i), for each i ? {1, 2}, where, Fk : {0, 1} n 7? {0, 1} n is a pseudorandom permutation.

3. Finally, the algorithm constructs and outputs the ciphertext as follows: c := w1kw2

Dec: Given a ciphertext c ? {0, 1} 2n,

1. The algorithm splits c into two blocks w1 and w2 such that |w1| = |w2| = n and c = w1kw2 (Here, k is a concatenation operator).

2. The algorithm computes ?i := F ?1 k (wi), for each i ? {1, 2}.

3. Finally, the algorithm constructs and outputs the message as follows: m := ?1k?2

Show that ? is not IND-secure against a ciphertext-only attack. (NOTE: Here, IND-secure is the short form of indistinguishable encryptions in the presence of an eavesdropper)