Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Practice Problem 2 Recall the encryption mode CBC$ we studied in class. The scheme uses a random IV and is based on a blockcipher E.

Practice Problem 2

Recall the encryption mode CBC$ we studied in class. The scheme uses a random IV and is based on a blockcipher E. In class we saw that CBC$ is IND-CPA assuming E is a PRF, and it is never IND-CCA. Your colleague suggests the following encryption scheme CBCH in an effort to make it IND-CCA. The only difference is that in place of IV the encryption algorithm uses H(M), where H is a public, keyless hash with n-bit outputs and M is the message to encrypt. The decryption algorithm decrypts M as usual but also checks that the IV is H(M). If not, it rejects and outputs . The colleague claims that CBCH is IND-CCA assuming E is a PRF.

Show that the colleague is wrong and prove that CBCH is not IND-CCA secure.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Algebra And Number Theory An Integrated Approach

Authors: Martyn R Dixon, Leonid A Kurdachenko, Igor Ya Subbotin

1st Edition

0470640537, 9780470640531

More Books

Students also viewed these Mathematics questions

Question

Differentiate the function. r(z) = 2-8 - 21/2 r'(z) =

Answered: 1 week ago