Question: Let (E,D) be an AE-secure cipher (remember that AE authenticated encryption). Show that the following derived cipher is not AE-secure: D(k,c, f D(k,c1) D(k,c2) E1(k,m)
Let (E,D) be an AE-secure cipher (remember that AE authenticated encryption). Show that the following derived cipher is not AE-secure: D(k,c, f D(k,c1) D(k,c2) E1(k,m) (E(k,m), E(k,m))- (c1,C2); D2-(k, (c1,C2))- reject otherwise Hints: Remember that AE-security implies chosen-ciphertext security Also, note that the encryption algorithm "E" is probabilistic, and therefore each computation of "E(k,m" (as in the above scheme) results in a different ciphertext (with overwhelming probability), and therefore we have ci C2 with overwhelming probability. Let (E,D) be an AE-secure cipher (remember that AE authenticated encryption). Show that the following derived cipher is not AE-secure: D(k,c, f D(k,c1) D(k,c2) E1(k,m) (E(k,m), E(k,m))- (c1,C2); D2-(k, (c1,C2))- reject otherwise Hints: Remember that AE-security implies chosen-ciphertext security Also, note that the encryption algorithm "E" is probabilistic, and therefore each computation of "E(k,m" (as in the above scheme) results in a different ciphertext (with overwhelming probability), and therefore we have ci C2 with overwhelming probability
Step by Step Solution
There are 3 Steps involved in it
To show that the derived cipher is not AEsecure we need to highlight that it fails under attack mode... View full answer
Get step-by-step solutions from verified subject matter experts
Study Help