Cryp Essay
1833 Words
Mar 7th, 2014
8 Pages
Homework 5
4.2 Consider a "CCAtype" extension of the deﬁnition of secure message authentication codes where the adversary is provided with both a Mac and Vrfy oracle. (a) Provide a formal deﬁnition and explain why such a notion may make sense. (b) Show that when the Mac scheme is deterministic, your deﬁnition is equivalent to Definition 4.2. (c) Show that when the Mac scheme may be probabilistic, the deﬁnitions are not equivalent. (That is, show that there exists a probabilistic scheme that is secure by Deﬁnition 4.2 but not by your deﬁnition.) Consideration The message authentication experiment Macforge, Π(n):
1. A random key k ← {0, 1}n is chosen. 2. The adversary is given oracle access to Mack (·) and Vrfyk (·, ·) and outputs a …show more content…
4.2 Consider a "CCAtype" extension of the deﬁnition of secure message authentication codes where the adversary is provided with both a Mac and Vrfy oracle. (a) Provide a formal deﬁnition and explain why such a notion may make sense. (b) Show that when the Mac scheme is deterministic, your deﬁnition is equivalent to Definition 4.2. (c) Show that when the Mac scheme may be probabilistic, the deﬁnitions are not equivalent. (That is, show that there exists a probabilistic scheme that is secure by Deﬁnition 4.2 but not by your deﬁnition.) Consideration The message authentication experiment Macforge, Π(n):
1. A random key k ← {0, 1}n is chosen. 2. The adversary is given oracle access to Mack (·) and Vrfyk (·, ·) and outputs a …show more content…
Note that in this case the Vrfy oracle behaves exactly the same to the actual Vrfy alogrithm, and the adversary cannot use the Vrfy oracle to increase its probability of success (see comparison below for further clariﬁcation). To rephrase this, an oracle access to Vrfy does not augment the adversary’s power. If the Mac scheme is probabilistic there exist muiltple tags that one message can possibly correspond to. Hence, in sharp contrast to the deterministic case, the adversary cannot be certain of exactly which tag corresponds the message. Now, with an oracle access to Vrfy, the adversary can simply query this oracle to eliminate some of the possible tags, therefore dramatically increase the probability of success (Roughly speaking, multiplied by the number of all possible corresponding tags. But this is limited to polynomial many). That being said, an adversary with oracle access to Vrfy is more powerful than one without such access. (The adversary can still output any message m previously queried to the oracle! The deﬁnition says nothing about this.) Therefore, This deﬁnition differs from Deﬁnition 4.2. 1
4.3 Prove that Construction 4.5 remains secure for each of the following modiﬁcations: (a) Instead of using a pseudorandom function, use any ﬁxedlength MAC with the appropriate parameters. (b) Instead of including d in every block, set t i = Fk (r b i m i ) where b is a single bit such that b = 0 in all blocks but the last one, and b =
4.3 Prove that Construction 4.5 remains secure for each of the following modiﬁcations: (a) Instead of using a pseudorandom function, use any ﬁxedlength MAC with the appropriate parameters. (b) Instead of including d in every block, set t i = Fk (r b i m i ) where b is a single bit such that b = 0 in all blocks but the last one, and b =
Related

biography of Alan Turing Essay
3963 Words  16 PagesBombe(see below) The people at Bletchley also needed to work out the internal wiring of the wheels but this, at least, would be constant once discovered. At some stage the Germans decided that these sterotyped words were to be avoided( had their cryp.. been heard at last. ?) Told to start and end with some un related word like e.g. lawn mower or clothes cupboard. Now mesages were composed by some one of rank; radio operators sending them neede some brain power but the enigmaa operater only had…
More about Cryp Essay

biography of Alan Turing Essay
3963 Words  16 Pages