Computer Science and Engineering, UCSD
Spring 11
CSE 207:
Modern Cryptography
Instructor:
Mihir Bellare
Problem Set 2
April 6, 2010
Problem Set 2
Due:
Wednesday April 13, 2010, in class.
Problem 1. [20 points]
Define the family of functions
F
:
{
0
,
1
}
128
×{
0
,
1
}
128
→{
0
,
1
}
128
by
F
(
K,M
) =
AES
(
M,K
). Assuming
AES
is a secure PRF, is
F
a secure PRF? If so, explain why. If
not, present the best attack (with analysis) that you can.
Problem 2. [60 points]
Let
F
:
{
0
,
1
}
k
×{
0
,
1
}
l
→{
0
,
1
}
L
be a family of functions where
l,L
≥
128. Consider the game G of Fig. 1.
We define
Adv
lr
F
(
B
) = 2
·
Pr
bracketleftBig
G
B
⇒
true
bracketrightBig
-
1
.
Let (
x
1
0
,x
1
1
)
,...,
(
x
q
0
,x
q
1
) be the queries that
B
makes to its oracle. (Each query is a pair of
l
-bit
strings, and there are
q
queries in all.) We say that
B
is
legitimate
if
x
1
0
,...,x
q
0
are all distinct,
and also
x
1
1
,...,x
q
1
are all distinct. We say that
F
is LR-secure if
Adv
lr
F
(
B
) is “small” for every
legitimate
B
of “practical” resources.
This
preview
has intentionally blurred sections.
Sign up to view the full version.

This is the end of the preview.
Sign up
to
access the rest of the document.
- Winter '08
- daniele
- Computer Science, Cryptography, Block cipher, secure PRF, Advlr
-
Click to edit the document details