{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Broken MACS, Hashes HW

# Show that h is not generically collision resistant

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ion (family) and deﬁne the function H (x) = H (H (x)). Show that H is not generically collision-resistant (you may assume that H is known). (b) Suppose we design a hash function (family) HK : {0, 1}∗ → {0, 1} from the block cipher E : {0, 1}k × {0, 1} → {0, 1} by ﬁxing a key K ∈ {0, 1}k and setting H (m) = CBC-MACE (M ), K that is, we divide m into -bit blocks m1 , m2 , . . . , mt , set c0 = 0 , ci = EK (mi ⊕ ci−1 , and let H (m) = ct . Show that this hash function (for known K ) is not collision resistant. 3. MACs and Hashes together. [15 points] (a) [5 points] Let H : {0, 1}∗ → {0, 1} be a collision resistant hash function (family). Let LBt (x) return the last t bits of x. Prove that the hash function (family) H (x) = H (x)||LBt (x) is collision resistant. (b) [10 points] Let H : {0, 1}∗ → {0, 1} be a collision-resistant hash function (family) and MK : {0, 1}n → {0, 1}t be a (EUF-CMA) secure ﬁxed-length MAC. Let FK : {0, 1}∗ → {0, 1} compute a tag FK (m) by dividing m into n-bit blocks m1 , . . . , m...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online