Computer Science and Engineering, UCSD
Spring 11
CSE 207:
Modern Cryptography
Instructor:
Mihir Bellare
Problem Set 2
April 6, 2010
Problem Set 2
Due:
Wednesday April 13, 2010, in class.
Problem 1. [20 points]
Define the family of functions
F
:
{
0
,
1
}
128
×{
0
,
1
}
128
→{
0
,
1
}
128
by
F
(
K,M
) =
AES
(
M,K
). Assuming
AES
is a secure PRF, is
F
a secure PRF? If so, explain why. If
not, present the best attack (with analysis) that you can.
Problem 2. [60 points]
Let
F
:
{
0
,
1
}
k
×{
0
,
1
}
l
→{
0
,
1
}
L
be a family of functions where
l,L
≥
128. Consider the game G of Fig. 1.
We define
Adv
lr
F
(
B
) = 2
·
Pr
bracketleftBig
G
B
⇒
true
bracketrightBig

1
.
Let (
x
1
0
,x
1
1
)
,...,
(
x
q
0
,x
q
1
) be the queries that
B
makes to its oracle. (Each query is a pair of
l
bit
strings, and there are
q
queries in all.) We say that
B
is
legitimate
if
x
1
0
,...,x
q
0
are all distinct,
and also
x
1
1
,...,x
q
1
are all distinct. We say that
F
is LRsecure if
Adv
lr
F
(
B
) is “small” for every
legitimate
B
of “practical” resources.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Winter '08
 daniele
 Computer Science, Cryptography, Block cipher, secure PRF, Advlr

Click to edit the document details