This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CMPT 404 — Cryptography and Protocols Exercises on Message Authentication Schemes, CCA Security and Number Theory. Due: Thursday, March 15th (at the beginning of the class) 1. Given f : { , 1 } n → { , 1 } n , define f : { , 1 } 2 n → { , 1 } 2 n as follows: for x,r ∈ { , 1 } n define f ( x ◦ r ) = f ( x ) ◦ r . (Where ◦ denotes concatenation.) Prove that if f ( · ) is a oneway permutation then so is f ( · ). 2. Consider the following variant of CMAsecurity for MACs: instead of giving the adversary black boxes for both the signing and verification algorithms, give it only a black box for the signing algorithm. Let’s call this definition CMA’security. That is, A pair of algorithms ( Sign , Ver ) (with Sign : { , 1 } n × { , 1 } m → { , 1 } t , Ver : { , 1 } n ×{ , 1 } m ×{ , 1 } t → { , 1 } ) is a ( T,ε )CMA’secure MAC if for every x,k , Ver k ( x, Sign k ( x )) = 1 and for every Ttime Adv , if we run the following experiment: • Choose k ← { , 1 } n • Give adversary access to black box for Sign k ( · ) • Adversary wins if it comes up with a pair h x ,s i such that (a) x is not one of the messages that the adversary gave to the black box Sign k ( · ) and (b) Ver k ( x ,s ) = 1. Then the probability Adv wins is at most ε ....
View
Full
Document
This note was uploaded on 03/05/2012 for the course CMPT 404 taught by Professor Andreia.bulatov during the Spring '12 term at Simon Fraser.
 Spring '12
 AndreiA.Bulatov

Click to edit the document details