Assignment #1: Solutions - Stanford Crypto Group

ePAPER READ

DOWNLOAD ePAPER

crypto.stanford.edu

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

To analyze the advantage of A, in Exp0, if the IV chosen matches IV ∗ (which happens with probability

1

2n ), then A output 0. In all other cases, it outputs 1. Thus Pr[A(Exp0) = 1] = 1 − 1

2n . In Exp1, A never

outputs 0, thus Pr[A(Exp1) = 1] = 1. The advantage is: |Pr[A(Exp0) = 1] − Pr[A(Exp1) = 1]| = 1

2n as

required.

Answer 6. (a) In CBC mode, decryption is as follows:

Pi = DK(Ci) ⊕Ci−1, C0 = IV.

Blocks ℓ/2 and ℓ/2+1 will be affected by a corrupted aiphertext C ℓ/2. Therefore, 2 blocks will be decrypted

incorrectly.

(b) In randomized counter mode decryption, we regenerate the keystream using the randomized counter

and incrementing it for every subsequent block. Therefore, only block ℓ/2 will be decrypted incorrectly.

Proposal Protocol for DME and Airplane Communication

Auditing SQL Queries - Stanford Crypto Group - Stanford University

Computing Arbitrary Functions of Encrypted Data - Stanford Crypto ...

slides - Applied Crypto Group at Stanford University

Programming Project #2 - Applied Crypto Group at Stanford University

Assignment #3 - Applied Crypto Group at Stanford University

Encryption Schemes from Bilinear Maps - Eu-Jin Goh

Assignment #2 - Applied Crypto Group at Stanford University

Basic web security model - Stanford Crypto Group

CS 161: Design and Analysis of Algorithms - Stanford Crypto Group

To analyze the advantage of A, in Exp0, if the IV chosen matches IV ∗ (which happens with probability 1 2n ), then A output 0. In all other cases, it outputs 1. Thus Pr[A(Exp0) = 1] = 1 − 1 2n . In Exp1, A never outputs 0, thus Pr[A(Exp1) = 1] = 1. The advantage is: |Pr[A(Exp0) = 1] − Pr[A(Exp1) = 1]| = 1 2n as required. Answer 6. (a) In CBC mode, decryption is as follows: Pi = DK(Ci) ⊕Ci−1, C0 = IV. Blocks ℓ/2 and ℓ/2+1 will be affected by a corrupted aiphertext C ℓ/2. Therefore, 2 blocks will be decrypted incorrectly. (b) In randomized counter mode decryption, we regenerate the keystream using the randomized counter and incrementing it for every subsequent block. Therefore, only block ℓ/2 will be decrypted incorrectly. 4

Page 1 and 2: CS255: Introduction to Cryptography
Page 3: Answer 4. (a) For every i ∈ {1,..

Assignment #1: Solutions - Stanford Crypto Group

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?