The scheme will reject invalid ciphertexts $($those not generated by Enc$$

$($k$1,$ k$2,))$ during decryption.

$($a$)(5$ pt$.)$ Recall that CCA security implies CPA security. Justify why our new cipher is

still CPA secure when the adversary knows k$1$ but does not know k$2$

$2$

$($b$)(5$ pt$.$ bonus$)$ Suppose the adversary knows k$2$ but doesn$$t know k$1.$ How can a CCA

adversary use k$2$ to learn the encrypted message mb in a CCA experiment?

Hint: It is enough to understand i$)$ the requirements of a CPA secure encryption for part $($a$),$ and ii$)$ the CCA

experiment for part $($b$).$