Cryptography Week 4 Quiz Answer
By University Of Maryland
Cryptography Quiz 4
Message Authentication Codes
Q1) True or false: CBC-mode encryption with PKCS#5 padding provides message integrity, as long as the receiver makes sure to verify the padding upon decryption
- True
- False
Q2) Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mac (mi, m2) = F (m m 2). Which of the following gives a valid attack on this scheme?
- Obtain tag ton message m, 0....0, and then output the tagte (1...1) on the message m, 1... 1.
- Obtain tag ton message m, m, and then output the tag 0...0 on the message 0...0, m.
- Obtain tag t on message m, 0...0(with m +0...0), and then output the tag t on the message 0...0,0...0
- Obtain tag ton message mi, m2 (with mı + m2), and then output the tagt on the message m2, mı.
Q3) Let F be a block cipher with n-bit block length. Consider the message authentication code for 2n-bit messages defined by Mac (mi, m2) = F (mi) e F (m2). Which of the following gives a valid attack on this scheme?
- There is no attack; the scheme is secure.
- Obtain tagt on the message 0...0,1... 1, and output the tagte (1...1) on the message 1...1,1...1.
- Obtain tagt on the message 0...0,1... 1, and output the tagte (1...1) on the message 1...1,0...0.
- Output the tag 0...0 on the message 0...0.0...0.
Q4) Assume a sender and receiver use basic CBC-MAC but authenticate/accept messages of different lengths. Which of the following is a valid attack?
- Obtain tag ta on message mı, and tag ta on message mi, m2. Then output the tag to on the message t1 o m2.
- Obtain tag ti on message mı, and tag ta on message m2, m. Then output the tag t2 on the message mi, m2.
- Obtain tag ti on message mi, and tag ta on message mi, m2. Then output the tag ti on the message t2 m2.
- Obtain tag ti on message mı, and tag ta on message t1, m2. Then output the tag t2 on the message m1 m 2.
Q5) Assume we want to use a hash function with output length as small as possible, subject to being collision resistant against a birthday attack running in time 212. Which hash function would be the best choice?
- SHA-2, with output truncated to 192 bits.
- SHA-3 with 384-bit output.
- OSHA-1
- OMDS.
Q6) Let H, H' be collision-resistant hash functions. Which of the following functions H" is NOT necessarily collision-resistant?
- H"(x) = H(H'(x)).
- H"(x) = H (2) H'(x).
- H"(x) = H()|| H'(x), where | denotes concatenation.
- H"(x) = H20...0, where | denotes concatenation.
Q7) Assume a sender and receiver use the encrypt-and-authenticate approach for variable-length messages, using CTR-mode encryption and a variant of CBC-MAC secure for authenticating variable-length data (and independent keys for each). Which of the following statements is true?
- The combination is CPA-secure, but it does not provide integrity.
- The combination is not CPA-secure, but it does provide integrity.
- The combination is not CPA-secure, and it does not provide integrity because the CTR-mode encryption allows the attacker to forge a tag in the CBC-MAC.
- The combination is not CPA-secure, and it does not provide integrity because CTR-mode encryption is malleable.
Q8) Let F be a block cipher with block length n. Consider the following encryption scheme for n-bit messages: to encrypt message m using key k, choose a random co € {0,1}" and output the ciphertext co, C1, F(F(Co) e C), where c = Fx (co) em. Which of the following statements is true?
- This can be viewed as an example of the encrypt-and-authenticate approach using CBC-mode and CBC-MAC (with the same key), and is insecure.
- This looks like the authenticate-then-encrypt approach using CBC-MAC and CBC-mode encryption (with the same key) -- but here it's ok, since CBC-MAC is applied to something random.
- This is an example of the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, so is secure.
- This looks like the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, except that here the same key is being used for both -- Prof. Katz warned us about that; this looks insecure!
Q9) Which of the following is the most appropriate primitive for achieving message integrity between two users sharing a key?
- Message authentication code.
- Block cipher.
- Collision-resistant hash function.
- Private-key encryption scheme.
Q10) Which of the following is an example of a message authentication code used widely in practice?
- HMAC.
- CBC-mode encryption.
- SHA-1.
- AES
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Cryptography
-----------------------------------------------------------------------------------------------------------------------------------------------------------
0 Comments