Question: Consider the following message authentication code (MAC): The secret key is a uniformly at random chosen bitstring k {0,1}256 for a block cipher that operates

Consider the following message authentication code (MAC): The secret key is a uniformly at random chosen bitstring k {0,1}256 for a block cipher that operates on 256-bit blocks. We consider only messages m whose length is an integer multiple of 256. Let m=m1||||mr with mi{0,1}256. To generate an authentication tag, we proceed as follows, where Enck stands for encrypting with the block cipher and is the XOR-operation:

1. compute x1= Enck (m1)

2. compute x2 = Enck (m2 x1)

3. compute x3 = Enck (m3 x2)

r. compute xr = Enck (mr xr1)

r+1. output xr.

To verify a tag, the recipient reproduces the tag and checks for equality. Show that this MAC is insecure: It is possible to derive a valid authentication tag for a new message m from given (message,tag)-pairs?

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Problem 4 (10 pts) Message Authentication Code (MAC) a (3 pts) When we say that an MAC needs to resist Existential Forgery under Chosen Plaintext At- tack, what do we mean? State the precise...

: (i) What data structures are maintained by the page manager. (ii) What happens when a machine performs a read operation to a page. (iii) What happens when a machine performs a write operation to a...

llustrate different ways of connecting these components together to span a range of performance requirements. [10 marks] For each of the performance categories that you identify state today's typical...

can someone solve this Modern workstations typically have memory systems that incorporate two or three levels of caching. Explain why they are designed like this. [4 marks] In order to investigate...

s1 educated (SSE) student for every three public school educated (PSE) students. Reasoning that students are not very dissimilar from threads, he suggests the following entry and exit routines be...

Please do not use chatgpt to answer _______________________________________________ 1. Which statements are correct A) A block cipher according to Shannon should comprise two atomic operations, i.e....

) Consider integer division of one two's-complement binary number by another. Programming languages may vary in the result when one argument is negative. What differing conventions might they be...

This question involves the use of AGGREGATE linear PYTHOIN regression on the Auto data set. (a) Perform a simple linear regression with mpg as the response and horsepower as the predictor. Describe...

Suppose you have a secret file on your computer. To ensure confidentiality, you want to store this file encrypted on your computer's hard-disk. You are keen to use block ciphers with encryption modes...

Consider a toy block cipher with a block size of 1 6 bits. The cipher is being used in Cipher Block Chaining Message Authentication Code ( CBC - MAC ) mode to provide integrity of the message. Alice...

Identify the characteristics that determine the appropriateness of evidence. For each characteristic, provide one example of a type of evidence that is likely to be appropriate.

An auditor's purpose for performing tests of controls is to provide reasonable assurance that: Multiple Choice Controls are operating effectively. The risk that the auditor may unknowingly fail to...

A fixedended girder spans 10 m long Neglecting selfweight the beam carries concentrated dead and live loads at midspan Properties of the Girder Area A 19226 mm2 Depth d 540 mm Flange Width bf 312 mm...

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

How do modern Dashboards differ from earlier implementations?

Provide an example of a descending Hierarchy of Data Validation/Lookup Tables.

In a HCM Database, how does applying Relational Design and Third Normal Form rules avoid duplication of Job Title storage in each employee base record?