This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CMPT 404 — Cryptography and Protocols Exercises on Message Authentication Schemes, CCA Security and Number Theory. Due: Thursday, March 15th (at the beginning of the class) 1. Given f : { , 1 } n → { , 1 } n , define f : { , 1 } 2 n → { , 1 } 2 n as follows: for x,r ∈ { , 1 } n define f ( x ◦ r ) = f ( x ) ◦ r . (Where ◦ denotes concatenation.) Prove that if f ( · ) is a oneway permutation then so is f ( · ). 2. Consider the following variant of CMAsecurity for MACs: instead of giving the adversary black boxes for both the signing and verification algorithms, give it only a black box for the signing algorithm. Let’s call this definition CMA’security. That is, A pair of algorithms ( Sign , Ver ) (with Sign : { , 1 } n × { , 1 } m → { , 1 } t , Ver : { , 1 } n ×{ , 1 } m ×{ , 1 } t → { , 1 } ) is a ( T,ε )CMA’secure MAC if for every x,k , Ver k ( x, Sign k ( x )) = 1 and for every Ttime Adv , if we run the following experiment: • Choose k ← { , 1 } n • Give adversary access to black box for Sign k ( · ) • Adversary wins if it comes up with a pair h x ,s i such that (a) x is not one of the messages that the adversary gave to the black box Sign k ( · ) and (b) Ver k ( x ,s ) = 1. Then the probability Adv wins is at most ε ....
View
Full Document
 Spring '12
 AndreiA.Bulatov
 Cryptography, quadratic residue, MAC scheme, unique tags

Click to edit the document details