Question: Let F be a secure blockcipher with block length n . Consider the following message authentication code generation algorithm from F: MAC. On input a

Let F be a secure blockcipher with block length n. Consider the following message authentication code generation
algorithm from F:
MAC. On input a secret key k of F and a message M in {0,1} nl , the algorithm first parses M as l blocks m 1,m 2,...,m l .
Then it computes t i = F k (m i ) for i in [1,l] and outputs the tag T=(t 1,...,t l ).
Please justify why the scheme is not secure. You should give three different types of attacks.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Programming Questions!

Q:

1. Question 1 True or false: CBC-mode encryption with PKCS #5 padding provides message integrity, as long as the receiver makes sure to verify the padding upon decryption. True False Question 2 1...

Q:

Consider the following message authentication code (MAC): The secret key is a uniformly at random chosen bitstring k {0,1}256 for a block cipher that operates on 256-bit blocks. We consider only...

Q:

FIles from tar gz: 1) func_desc.txt: Built in functions information: We will give a brief description of the merely built in functions you are allowed to use. You can find information on most of the...

Q:

Please do not use chatgpt to answer _______________________________________________ 1. Which statements are correct A) A block cipher according to Shannon should comprise two atomic operations, i.e....

Q:

: (i) What data structures are maintained by the page manager. (ii) What happens when a machine performs a read operation to a page. (iii) What happens when a machine performs a write operation to a...

Q:

llustrate different ways of connecting these components together to span a range of performance requirements. [10 marks] For each of the performance categories that you identify state today's typical...

Q:

1. 802.11b security to Secure Access Point (AP) Access includes: a. Service Set Identifier - SSID b. Media Access Control (MAC) Address Filtering c. Wired Equivalent Privacy WEP d. all of the above...

Q:

Describe the purpose of hash functions, message authentication codes and digital signatures, sketching a possible construction for each of them. [12 marks] A funds transfer system authenticates...

Q:

Cryptology Work Urgent! Please highlight correct answers or write answers as example; Q.2. #7 | Q.3 #6 No need of long detailed explanation. 1. Using the ABBA key, decrypt the word PKWDLDTB, if the...

Q:

package stevens.cs396.mac; import java.security.Key; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.spec.SecretKeySpec; // DO NOT MODIFY public abstract class...

Q:

A $25 000, 6% bond with semi-annual coupons redeemable at par in 20 years is purchased to yield 8% compounded semi-annually. Determine the gain or loss if the bond is sold 7 years after the date of...

Q:

Wadding Corporation applies manufacturing overhead to products on the basis of standard machine-hours. For the most recent month, the company based its budget on 3,600 machine-hours. Budgeted and...

Q:

Which of the following would be considered "the nature of a misstatement" that might make it material? Comparing the sum of known and projected misstatements to total current assets Comparing the sum...

Q:

You're designing a toaster, and the last piece it needs is a spring to pop the toast up when it's done. The one requirement from your boss is that the toast never pops out of the toaster, no matter...