Broken MACS, Hashes HW

Show that h is not generically collision resistant

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ion (family) and define the function H (x) = H (H (x)). Show that H is not generically collision-resistant (you may assume that H is known). (b) Suppose we design a hash function (family) HK : {0, 1}∗ → {0, 1} from the block cipher E : {0, 1}k × {0, 1} → {0, 1} by fixing a key K ∈ {0, 1}k and setting H (m) = CBC-MACE (M ), K that is, we divide m into -bit blocks m1 , m2 , . . . , mt , set c0 = 0 , ci = EK (mi ⊕ ci−1 , and let H (m) = ct . Show that this hash function (for known K ) is not collision resistant. 3. MACs and Hashes together. [15 points] (a) [5 points] Let H : {0, 1}∗ → {0, 1} be a collision resistant hash function (family). Let LBt (x) return the last t bits of x. Prove that the hash function (family) H (x) = H (x)||LBt (x) is collision resistant. (b) [10 points] Let H : {0, 1}∗ → {0, 1} be a collision-resistant hash function (family) and MK : {0, 1}n → {0, 1}t be a (EUF-CMA) secure fixed-length MAC. Let FK : {0, 1}∗ → {0, 1} compute a tag FK (m) by dividing m into n-bit blocks m1 , . . . , m...
View Full Document

This document was uploaded on 04/03/2014.

Ask a homework question - tutors are online