Cryptography Week 4 Quiz Answer

Cryptography Week 4 Quiz Answer

By University Of Maryland

Cryptography Quiz 4

Message Authentication Codes

 

Q1) True or false: CBC-mode encryption with PKCS#5 padding provides message integrity, as long as the receiver makes sure to verify the padding upon decryption

• True

• False

Q2) Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mac (mi, m2) = F (m m 2). Which of the following gives a valid attack on this scheme?

• Obtain tag ton message m, 0....0, and then output the tagte (1...1) on the message m, 1... 1.

• Obtain tag ton message m, m, and then output the tag 0...0 on the message 0...0, m.

• Obtain tag t on message m, 0...0(with m +0...0), and then output the tag t on the message 0...0,0...0

• Obtain tag ton message mi, m2 (with mı + m2), and then output the tagt on the message m2, mı.

Q3) Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mac (mi, m2) = F (mi) e F (m2). Which of the following gives a valid attack on this scheme?

• There is no attack; the scheme is secure.

• Obtain tagt on the message 0...0,1... 1, and output the tagte (1...1) on the message 1...1,1...1. 

• Obtain tagt on the message 0...0,1... 1, and output the tagte (1...1) on the message 1...1,0...0.

• Output the tag 0...0 on the message 0...0.0...0.

Q4) Assume a sender and receiver use basic CBC-MAC but authenticate/accept messages of different lengths. Which of the following is a valid attack?

• Obtain tag ta on message mı, and tag ta on message mi, m2. Then output the tag to on the message t1 o m2.

• Obtain tag ti on message mı, and tag ta on message m2, m. Then output the tag t2 on the message mi, m2.

• Obtain tag ti on message mi, and tag ta on message mi, m2. Then output the tag ti on the message t2 m2.

• Obtain tag ti on message mı, and tag ta on message t1, m2. Then output the tag t2 on the message m1 m 2.

Q5) Assume we want to use a hash function with output length as small as possible, subject to being collision resistant against a birthday attack running in time 212. Which hash function would be the best choice?

• SHA-2, with output truncated to 192 bits. 

• SHA-3 with 384-bit output.

• OSHA-1

• OMDS.

Q6) Let H, H' be collision-resistant hash functions. Which of the following functions H" is NOT necessarily collision-resistant?

• H"(x) = H(H'(x)). 

• H"(x) = H (2) H'(x). 

• H"(x) = H()|| H'(x), where | denotes concatenation. 

• H"(x) = H20...0, where | denotes concatenation.

Q7) Assume a sender and receiver use the encrypt-and-authenticate approach for variable-length messages, using CTR-mode encryption and a variant of CBC-MAC secure for authenticating variable-length data (and independent keys for each). Which of the following statements is true?

• The combination is CPA-secure, but it does not provide integrity.

• The combination is not CPA-secure, but it does provide integrity.

• The combination is not CPA-secure, and it does not provide integrity because the CTR-mode encryption allows the attacker to forge a tag in the CBC-MAC.

• The combination is not CPA-secure, and it does not provide integrity because CTR-mode encryption is malleable.

Q8) Let F be a block cipher with block length n. Consider the following encryption scheme for n-bit messages: to encrypt message m using key k, choose a random co € {0,1}" and output the ciphertext co, C1, F(F(Co) e C), where c = Fx (co) em. Which of the following statements is true?

• This can be viewed as an example of the encrypt-and-authenticate approach using CBC-mode and CBC-MAC (with the same key), and is insecure.

• This looks like the authenticate-then-encrypt approach using CBC-MAC and CBC-mode encryption (with the same key) -- but here it's ok, since CBC-MAC is applied to something random.

• This is an example of the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, so is secure.

• This looks like the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, except that here the same key is being used for both -- Prof. Katz warned us about that; this looks insecure!

Q9) Which of the following is the most appropriate primitive for achieving message integrity between two users sharing a key?

• Message authentication code.

• Block cipher.

• Collision-resistant hash function.

• Private-key encryption scheme.

Q10) Which of the following is an example of a message authentication code used widely in practice?

• HMAC.

• CBC-mode encryption.

• SHA-1.

• AES

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Cryptography

• Cryptography Week 1 Quiz Answer

• Cryptography Week 2 Quiz Answer

• Cryptography Week 3 Quiz Answer

• Cryptography Week 4 Quiz Answer

• Cryptography Week 5 Quiz Answer

• Cryptography Week 6 Quiz Answer

• Cryptography Week 7 Quiz Answer

• Cryptography Final Quiz Answer Coursera

-----------------------------------------------------------------------------------------------------------------------------------------------------------