Question: Definition 0.1 (Shared-key encryption) Let M denote a message-space, let K denote a key-space, and let l, k denote plaintext and key sizes respectively. Then,

Definition 0.1 (Shared-key encryption) Let M denote a message-space, let K

Definition 0.1 (Shared-key encryption) Let M denote a message-space, let K denote a key-space, and let l, k denote plaintext and key sizes respectively. Then, a shared-key encryption scheme is defined by the following (a) K KeyGen(K, k): This is a probabilistic algorithrn that takes as input the key space, the key size, and (b) C Encrypt(K, M E M): This is a probabilistic algorithm that takes as input a message M, such that (c) M Decrypt K, C): This is a deterministic algorithm that takes in the key K, ciphertext C, and outputs three algorithms: outputs a key, K such that K {0,1}k, and K E K. M E M and M {0, 1}1, a key K, and outputs a ciphertext C. s.t., C {0, 1}1. the plaintext message M. Using this definition as a reference, provide a formal definition of the Keygen, Encypt, Decrypt algorithms for the Vigenre cipher over the 26-letter English alphabet. Note that you will need to carefully specify how the encryption/decryption functions work - do not define these in generic terms. There could be several plausible choices for KeyGen; choose one and state your assumptions clearly. 2. (20 points) Show that the Cacsar, Vigenre ciphers are easy to break by doing a chosen-plaintext attack. How much plaintext is needed to recover the key for each of the ciphers? You might need to make some assumptions here, make sure to state them clearly. 3. (10 points) What is the effect of a single-bit error in the ciphertext when using the CBC, OFB, and CTR modes of operation? 4. (30 points) In class, we'd seen the stateful variant of CBC mode is IND-CPA insecure. However, the stateful variants of OFB and CTR modes are IND-CPA secure. Write the IND-CPA attack games for the stateful OFB and CTR modes, akin to the one for stateful CBC mode, assuming adversary knows the first IVonce. Briefly point out and explain why the attack games fail. 5. (20 points) Consider a stateful variant of CBC mode, where the sender simply increments the IV by 1 each time a message is encrypted (rather than choosing a random IV every time). In this case, the IVs are distinct, but not random. Write the IND-CPA game, and informally argue why the resulting scheme is IND-CPA insecure. Assume adversary knows first IV

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Describe, in detail, how the heapsort algorithm works. [10 marks] Show that the worst-case cost of heapsort is O(n log n). [6 marks] Would it be possible to implement a variant of heapsort based on a...

Q:

dee complete please help Complexity Theory (a) Defifine the set of Boolean expressions 2CNF and the language 2SAT over them. (b) For a Boolean expression in 2CNF, let G() be the directed graph with...

Q:

This question concerns lexical grammars. (a) Tree Adjoining Grammars contain two types of elementary tree. (i) What are these trees called? [1 mark] (ii) If one were building a grammar for English...

Q:

s1 educated (SSE) student for every three public school educated (PSE) students. Reasoning that students are not very dissimilar from threads, he suggests the following entry and exit routines be...

Q:

Hi again, I was hoping you can help with this investment management assignment. I am attaching the word document. It is 4 problems about asset management. Thank you for your help! Fin 6310 1. Assume...

Q:

(10 points) Consider an encryption scheme defined thus Definition 0.1 Some encryption scheme (a) (PK.SK) KeyGen(1.G): This is a Tardomized algorithm that takes in a security parameter, X, group G,...

Q:

Problem 2 . Committing encryption. A common mistake is to assume that encryption commits the encryptor to the encrypted message. Let ( E , D ) be a cipher defined over ( K , M , C ) . Suppose Alice...

Q:

Slide 6 Direct proof: Construct adversary A as follows: Mo = ( 0 ' , 0 ) and M , = ( 0 ' , 1 ) Challenge ciphertext C = ( G , ) Adversary A: if 4 = C , then b ' = 0 else b ' = 1 If b = 0 then b ' = 0...

Q:

Problem 2 . Committing encryption. A common mistake is to assume that encryption commits the encryptor to the encrypted message. Let ( E , D ) be a cipher defined over ( K , M , C ) . Suppose Alice...

Q:

Problem 2 . Committing encryption. A common mistake is to assume that encryption commits the encryptor to the encrypted message. Let ( E , D ) be a cipher defined over ( K , M , C ) . Suppose Alice...

Q:

Calculate the moment of inertia (units of kgm2) about an axisfor a rotating body with total mass 100 kg, moment of inertia aboutits COG of 2 kgm2 and a COG located 0.1 m away from the axis ofrotation.

Q:

The table below provides the estimated end-of-year net cash flows that would be received from alternative projects Red and Blue for an investment of $200,000. Project Red Project Blue Year 1 $40,000...

Q:

12 Here is a function: y=5n+ 10 It shows the cost, in dollars, of hiring a bike for n days. Show that the cost for 14 days is less than twice the cost for a 7 days. b Zara pays to hire the bike for a...

Q:

The optimisation step which was done to design structure V from structure II is: a. Group shift b. Two options are correct. C. Simplification d. Bioisosteric replacement The optimisation step which...

Q:

What is the basis for Security Concerns in Cloud Computing?

Q:

Should Needs and GAP Analyses be equally applied in terms of effort when off-theshelf System Solutions being acquired versus building a custom system using Vendors or internal Programming Staff?

Q:

Describe the three main Cloud Computing Environments.