The first step was to load all the words from the word list into a tree, where each depth of the tree corresponds with an $i$th letter of the word. The branches that come off each node correspond to the next letter of the word.i.e.
Since the words were encrypted with the same key, that means if we were to generate a possible key, that key would need to decrypt both ciphertexts such that when the tree is navigated we navigate to nodes that exist. If the key results in a path in the tree that does not exist, then we can disregard that answer as a possible key and continue with the possible next key.
Once you find a key that is the same length as the cipher text, we know that we found the right key.
To change the given cipher text we need to first find the block we want to change and go to the previous block, this only works for blocks after the first one, after that we need to find the value that comes out of the Encryption function and we can do that if we follow this formula:
$$\text{After Encrytion}\oplus\text{Previous Block Original Ciphertext}=\text{PlainText}\iff\text{After Encryption}=\text{Previous Block Original Ciphertext}\oplus\text{PlainText}$$
After we calculate the value that comes out of the encryption function and before we xor with the previous block we can now calculate the value that we need to change the previous block in the cipher text to:
The change is similiar to the one described in 2.1 but with the iv value instead of the previous block
$$\text{After Encrytion}\oplus\text{Original IV value}=\text{PlainText}\iff\text{After Encryption}=\text{Original IV value}\oplus\text{PlainText}$$
After we calculate the value that comes out of the encryption function and before we xor with IV value we can now calculate the value that we need to change the IV value to:
$$\text{After Encrytion}\oplus\text{New IV value}=\text{Altered PlainText}\iff\text{New IV value}=\text{After Encrytion}\oplus\text{Altered PlainText}$$
\subsection*{2.4}
You can not change the location word "station'', because the word is spread between 2 blocks which means that to change the second part of the word "ion'', you need to change the previos block but by changing the previous block the rest of the word "stat'' would have become garbled.
I used the openssl crypto libaray with the $p,q,d,m,e$ to decrypt the cipher text
\subsection*{3.4}
While factorizing the numbers takes more time, then a dictionary attack, it allows me to decrypting any message that was encrypted with this public key. It also allows me to decrypt messages that have diferent padding including padding methods that use random values.
therefore the hash function is not collision resistant.
Since this can be expanded with more than 2 blocks the hash functions is not collision resistant for any message bigger than 1 block.
\subsection*{5.2}
When the message has the size of a block, the authenticated encryption system scheme has both data confidentiality and integrity because the hash function is only collision resistant with messages of block size 1, because of that is impossible to change the ciphertext in away that when the mac is generated on the receiver side, the mac will be the same and since the mac key is not public the attacker cannot generate the new mac.
When the message has a bigger size than one block, the scheme still has data confidentiality because the message can still not be decrypted without knowing the key, but it has no longer data integrity because the attacker can change the message in such a way that it would generate a hash collision; therefore the sender could not prove that the information that was received was not sent that way by the server.
To sign a contract $C$ Alice first chooses 2 random values $r$ and $c_2$ then $z$ is callulated $z=g^r\times y_b^{c_2}$. After we have $z$ we can calculate the intermidary value $c$, $c = H(y_a, y_b, C, z)$. After having $c$ we calculate $c_1$, $c_1= c - c_2$. $c_1$ is then used to callulate $s = r - c1\times a mod q$. The signature is $(c_1, c_2, s)$
No because the signature is generated from multiple public keys and Alice's private key therefore chris will not be able to tell who signed the contract
\subsection*{6.3}
\subsubsection*{6.3.1}
The encryption works because the numbers that were chosen by Alice and Bo b make this equation work
If r is not changed then we could submit to the oracle (1,0) and (2,0) and if the oracle gives us 2 cipher texts that are the same then we know that b = 1 and if they are different then we know its b=0 therefore not changing the r is not secure.