When we combine different cryptographic primitives $($e$.$g$.,$ combining a CPA$-$

secure encryption scheme with a MAC to obtain a CCA$-$secure scheme$)$ we

generally require the different primitives to use separate, independent keys.

What happens if the keys are the same? Specifically, consider an Encrypt

and Authenticate scheme, c $$ EnckE

$($m$)$ and t $$ MACkM $($m$).$ Let the

Enc to be the CBC mode of operation and MAC be CBC$-$MAC. If we let

kM $=$ kE$,$ can you describe a message integrity attack that will not be detected

by the MAC scheme.

proof mathematically