This commit is contained in:
parent
988a290b8d
commit
0f6bea0a04
31
cw/cw.tex
31
cw/cw.tex
@ -48,6 +48,26 @@
|
|||||||
|
|
||||||
%%% Begin document
|
%%% Begin document
|
||||||
\begin{document}
|
\begin{document}
|
||||||
|
\section*{1}
|
||||||
|
\subsection*{1.1}
|
||||||
|
key: JDQLWBSNZM
|
||||||
|
w1: MONISTICAL
|
||||||
|
w2: APHRODITES
|
||||||
|
\subsection*{1.2}
|
||||||
|
The first step was to load all the words from the word list into a tree, where each depth of the tree corresponds with an $i$th letter of the word. The branches that come off each node correspond to the next letter of the word.i.e.
|
||||||
|
\begin{itemize}
|
||||||
|
\item aa…
|
||||||
|
\item ab…
|
||||||
|
\item ba…
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
Would generate a tree that looks like:
|
||||||
|
|
||||||
|
() ->{a->{a, b}, b->{a}}
|
||||||
|
|
||||||
|
Since the words were encrypted with the same key, that means if we were to generate a possible key, that key would need to decrypt both ciphertexts such that when the tree is navigated we navigate to nodes that exist. If the key results in a path in the tree that does not exist, then we can disregard that answer as a possible key and continue with the possible next key.
|
||||||
|
Once you find a key that is the same length as the cipher text, we know that we found the right key.
|
||||||
|
|
||||||
\section*{5}
|
\section*{5}
|
||||||
\subsection*{5.1}
|
\subsection*{5.1}
|
||||||
The hash function is collision resistante for $n=1$, since if the block size is one the hash function is the encryption. Therefore:
|
The hash function is collision resistante for $n=1$, since if the block size is one the hash function is the encryption. Therefore:
|
||||||
@ -68,11 +88,18 @@
|
|||||||
$$H(m)=E(b \oplus E(a \oplus IV)) = C_1$$
|
$$H(m)=E(b \oplus E(a \oplus IV)) = C_1$$
|
||||||
$$H(m')=E(d \oplus E(c \oplus IV)) = C_2$$
|
$$H(m')=E(d \oplus E(c \oplus IV)) = C_2$$
|
||||||
since it's possible to have:
|
since it's possible to have:
|
||||||
$$b \oplus E(a \oplus IV) = d \oplus E(c \oplus IV)$$
|
$$b \oplus E(a \oplus IV) = d \oplus E(c \oplus IV) \implies$$
|
||||||
|
$$\implies C_1=C_2$$
|
||||||
with:
|
with:
|
||||||
$$a \ne b \ne c \ne d$$
|
$$a \ne b \ne c \ne d$$
|
||||||
therefore
|
therefore
|
||||||
$$H(m)=H(m') \land m\ne m'$$
|
$$H(m)=H(m') \land m\ne m'$$
|
||||||
|
therefore the hash function is not collision resistant.
|
||||||
|
Since this can be expanded with more than 2 blocks the hash functions is not collision resistant for any message bigger than 1 block.
|
||||||
|
\subsection*{5.2}
|
||||||
|
When the message has the size of a block, the authenticated encryption system scheme has both data confidentiality and integrity because the hash function is only collision resistant with messages of block size 1, because of that is impossible to change the ciphertext in away that when the mac is generated on the receiver side, the mac will be the same and since the mac key is not public the attacker cannot generate the new mac.
|
||||||
|
When the message has a bigger size than one block, the scheme still has data confidentiality because the message can still not be decrypted without knowing the key, but it has no longer data integrity because the attacker can change the message in such a way that it would generate a hash collision; therefore the sender could not prove that the information that was received was not sent that way by the server.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user