COMP547A Homework set #4
Due Thursday December 1st, 2022, 23:59
Copyright By PowCoder代写 加微信 powcoder
Exercises (from Katz and Lindell’s book)
HOMEMADE Question: Achieving Rivest’s private-key encryption from a Mac
Provide a security definition of a Mac that makes the (bit-by-bit) private-key
encryption scheme that Rivest described secure in the sense of
indistinguishability in the presence of an eavesdropper.
More on back…
More on back…
Hint: Prove that if “not CPA-secure” then “DDH problem is efficiently solved”.
HOMEMADE Question: Defeating Rivest
Alice and Bob are a bit confused. They are going to use a Digital Signature
scheme as a Mac. Let be a deterministic digital
signature scheme (such as hashed RSA for instance). They run to
obtain but only share and use as the private-key of a Mac.
(A) Let be the Mac resulting from this idea. Used as a
Mac they simply set . However, since they only
use , how will the receiver verify the message-tag pair ? In other
words, what is ? Why did I underlined the word “deterministic”
(B) Show that if is a digital signature scheme existentially unforgeable under
an adaptive chosen-message attack then is a Mac existentially
unforgeable under an adaptive chosen-message attack (whether is made
public or not).
(C) Image that Alice and Bob use as above, and that is disclosed publicly.
Explain how this defeats Rivest’s argument seen in class that private-key
authentication implies private-key encryption.
Π = (Gen, Sign, Vrfy)
(pk, sk) sk
Π′ = (Gen′ , Mac′ , Vrfy′ )
t := Mac′ sk(m) := Signsk(m)
Vrfy′ sk(m, t)
More on back…
COMP547A Homework set #4 Due Thursday December 1st, 2022, 23:59
Exercises (from Katz and Lindell’s book)
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com