Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Recall the encryption mode CBC$ we studied in class. The scheme uses a random IV and is based on a blockcipher E. In class
Recall the encryption mode CBC$ we studied in class. The scheme uses a random IV and is based on a blockcipher E. In class we saw that CBC$ is IND-CPA assuming E is a PRF, and it is never IND-CCA. Your colleague suggests the following encryption scheme CBCH in an effort to make it IND-CCA. The only difference is that in place of IV the encryption algorithm uses H(M), where H is a public, keyless hash with n-bit outputs and M is the message to encrypt. The decryption algorithm decrypts M as usual but also checks that the IV is H(M). If not, it rejects and outputs L. The colleague claims that CBCH is IND-CCA assuming E is a PRF. Show that the colleague is wrong and prove that CBCH is not IND-CCA secure.
Step by Step Solution
★★★★★
3.39 Rating (152 Votes )
There are 3 Steps involved in it
Step: 1
ANSWER The colleagues suggestion CBCH is not INDCCA secure because it is vulnerable to a chosen ciphertext attack In this attack the adversary can choose a message M and a corresponding IV HM and then ...Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started