Question: Let (E,D) be an AE-secure cipher (remember that AE-authenticated encryption) Show that the following derived cipher is not AE-secure: D(k,c), f D(k,c) D(k,c2) reject otherwise
Let (E,D) be an AE-secure cipher (remember that AE-authenticated encryption) Show that the following derived cipher is not AE-secure: D(k,c), f D(k,c) D(k,c2) reject otherwise Hints: Remember that AE-security implies chosen-ciphertext security. Also, note that the encryption algorithm "E" is probabilistic, and therefore each computation of "E(k,m)" (as in the above scheme) results in a different ciphertext (with overwhelming probability), and therefore we have c C2 with overwhelming probability. Let (E,D) be an AE-secure cipher (remember that AE-authenticated encryption) Show that the following derived cipher is not AE-secure: D(k,c), f D(k,c) D(k,c2) reject otherwise Hints: Remember that AE-security implies chosen-ciphertext security. Also, note that the encryption algorithm "E" is probabilistic, and therefore each computation of "E(k,m)" (as in the above scheme) results in a different ciphertext (with overwhelming probability), and therefore we have c C2 with overwhelming probability
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help