An early proposal for a digital signature scheme using symmetric encryption is based on the following. To sign an \(n\)-bit message, the sender randomly generates in advance \(2 n\) 56-bit cryptographic keys:

\[k 1, K 1, k 2, K 2, \ldots, k n, K n\]

which are kept private. The sender prepares in advance two sets of corresponding non-secret 64-bit validation parameters, which are made public:

\[u 1, U 1, u 2, U 2, \ldots, u n, U n \text { and } v 1, V 1, v 2, V 2, \ldots, v n, V n\]

where

\[v i=\mathrm{E}(k i, u i), V i=\mathrm{E}(k i, U i)\]

The message \(M\) is signed as follows. For the \(i\) th bit of the message, either \(k i\) or \(K i\) is attached to the message, depending on whether the message bit is 0 or 1 . For example, if the first three bits of the message are 011, then the first three keys of the signature are \(k 1, K 2, K 3\).

a. How does the receiver validate the message?

b. Is the technique secure?

c. How many times can the same set of secret keys be safely used for different messages?

d. What, if any, practical problems does this scheme present?