Cryptography Week 4 Quiz Answer

Cryptography Week 4 Quiz Answer Coursera


Cryptography Week 4 Quiz Answer

By University Of Maryland




Cryptography Quiz 4

Message Authentication Codes


 

Q1) True or false: CBC-mode encryption with PKCS#5 padding provides message integrity, as long as the receiver makes sure to verify the padding upon decryption

  • True
  • False




Q2) Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mac (mi, m2) = F (m m 2). Which of the following gives a valid attack on this scheme?

  • Obtain tag ton message m, 0....0, and then output the tagte (1...1) on the message m, 1... 1.
  • Obtain tag ton message m, m, and then output the tag 0...0 on the message 0...0, m.
  • Obtain tag t on message m, 0...0(with m +0...0), and then output the tag t on the message 0...0,0...0
  • Obtain tag ton message mi, m2 (with mı + m2), and then output the tagt on the message m2, mı.





Q3) Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mac (mi, m2) = F (mi) e F (m2). Which of the following gives a valid attack on this scheme?

  • There is no attack; the scheme is secure.
  • Obtain tagt on the message 0...0,1... 1, and output the tagte (1...1) on the message 1...1,1...1. 
  • Obtain tagt on the message 0...0,1... 1, and output the tagte (1...1) on the message 1...1,0...0.
  • Output the tag 0...0 on the message 0...0.0...0.





Q4) Assume a sender and receiver use basic CBC-MAC but authenticate/accept messages of different lengths. Which of the following is a valid attack?

  • Obtain tag ta on message mı, and tag ta on message mi, m2. Then output the tag to on the message t1 o m2.
  • Obtain tag ti on message mı, and tag ta on message m2, m. Then output the tag t2 on the message mi, m2.
  • Obtain tag ti on message mi, and tag ta on message mi, m2. Then output the tag ti on the message t2 m2.
  • Obtain tag ti on message mı, and tag ta on message t1, m2. Then output the tag t2 on the message m1 m 2.




Q5) Assume we want to use a hash function with output length as small as possible, subject to being collision resistant against a birthday attack running in time 212. Which hash function would be the best choice?

  • SHA-2, with output truncated to 192 bits. 
  • SHA-3 with 384-bit output.
  • OSHA-1
  • OMDS.




Q6) Let H, H' be collision-resistant hash functions. Which of the following functions H" is NOT necessarily collision-resistant?
  • H"(x) = H(H'(x)). 
  • H"(x) = H (2) H'(x). 
  • H"(x) = H()|| H'(x), where | denotes concatenation. 
  • H"(x) = H20...0, where | denotes concatenation.




Q7) Assume a sender and receiver use the encrypt-and-authenticate approach for variable-length messages, using CTR-mode encryption and a variant of CBC-MAC secure for authenticating variable-length data (and independent keys for each). Which of the following statements is true?

  • The combination is CPA-secure, but it does not provide integrity.
  • The combination is not CPA-secure, but it does provide integrity.
  • The combination is not CPA-secure, and it does not provide integrity because the CTR-mode encryption allows the attacker to forge a tag in the CBC-MAC.
  • The combination is not CPA-secure, and it does not provide integrity because CTR-mode encryption is malleable.




Q8) Let F be a block cipher with block length n. Consider the following encryption scheme for n-bit messages: to encrypt message m using key k, choose a random co € {0,1}" and output the ciphertext co, C1, F(F(Co) e C), where c = Fx (co) em. Which of the following statements is true?

  • This can be viewed as an example of the encrypt-and-authenticate approach using CBC-mode and CBC-MAC (with the same key), and is insecure.
  • This looks like the authenticate-then-encrypt approach using CBC-MAC and CBC-mode encryption (with the same key) -- but here it's ok, since CBC-MAC is applied to something random.
  • This is an example of the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, so is secure.
  • This looks like the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, except that here the same key is being used for both -- Prof. Katz warned us about that; this looks insecure!





Q9) Which of the following is the most appropriate primitive for achieving message integrity between two users sharing a key?

  • Message authentication code.
  • Block cipher.
  • Collision-resistant hash function.
  • Private-key encryption scheme.




Q10) Which of the following is an example of a message authentication code used widely in practice?

  • HMAC.
  • CBC-mode encryption.
  • SHA-1.
  • AES








--------------------------------------------------------------------------------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------------------------------------------------------------------------



Post a Comment

0 Comments