• Aucun résultat trouvé

Security Models

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Security Models"

Copied!
1
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Security Models

2020/2021 P. Lafourcade and L.Robert

Session 2

Exercise 1 (Block Cipher Mode of Operation)

1. Recall the CFB mode and prove that is not IND-CCA2 secure.

2. Recall the CTR mode and prove that is not IND-CCA2 secure.

3. Recall the OFB mode and prove that is not IND-CCA2 secure.

Exercise 2 (Zheng & Seberry cryptosystem)

Zheng & Seberry in 1993 proposed the following encryption scheme:

f(r)||(G(r)⊕(x||H(x))),

where x is the plain text, f is a one way trap-door function (like RSA), G and H are two public hash functions,||denotes the concatenation of bitstrings and⊕is the exclusive-or operator.

• Give the associated decryption algorithm.

• Give an IND-CCA2 attack against this scheme.

Hint: you cannot ask the cipher of mb to the decryption oracle, but a cipher of mb is not forbidden...

Exercise 3 (Symmetric Encryptions Schemes)

Assume thatE1 andE2 are two symmetric encryption schemes on strings of arbitrary length.

Show that the encryption scheme defined byE0((k1, k2), m) =E2(k2, E1(k1, m)) (for randomly sampled keysk1 and k2) is IND-CPA secure if either E1 orE2 is IND-CPA secure.

Exercise 4 (Paillier Cryptosystem)

Letnbe the product of two odd prime numbers p and q. We assume that gcd(ϕ(n), n) = 1.

The public key is pk= n and the secret key is sk = ϕ(n). Paillier’s encryption is following application:

E:Zn×Zn→(Z2n)

(m, r)→(1 +n)m·rn Show that Paillier’s encryption is not IND-CCA2.

Exercise 5 (ElGamal Cryptosystem)

Prove that the ElGamal encryption scheme is IND-CPA under the DDH assumption.

1

Références

Télécharger maintenant ( PDF - 1 Page - 130.48 KB )

Documents relatifs

Impact of Uric Acid on Hypertension Occurrence and Target Organ Damage: Insights From the STANISLAS Cohort With a 20-Year Follow-up

Furthermore, testing the hypothesis that increased SUA still carried increased risk for development of HTN and TOD in “metabolically healthy” subjects, defined in the absence

Nitrate or not nitrate. That is the question

[1] addresses two main issues: the links between belowground and aboveground plant traits and the links between plant strategies (as defined by these traits) and the

All that glitters is not gold.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des

Why the tumor cell metabolism is not that abnormal

Figure 5: Evolution of the main metabolic molecules and uptake rates of glucose and oxygen as a function of the cell energetic demand from low to high. Oxygen

How to prove that a number is irrational?

It is expected that the result is not true with = 0 as soon as the degree of α is ≥ 3, which means that it is expected no real algebraic number of degree at least 3 is

Why minimax is not that pessimistic

In this paper we study performances in terms of generic approximation of two classical estimation procedures in the white noise model in Besov spaces.. With these two techniques,

Why minimax is not that pessimistic

In those Besov spaces we study performances in terms of generic approx- imation of two classical estimation procedures in both white noise model and density estimation problem..

Using interval arithmetic to prove that a set is path-connected

The proposed approach uses interval arithmetic to build a graph which has exactly the same number of connected components than S.. Examples illustrate the principle of