From 0f66d8ec3ed1ee16e0f2e0adff29fad067244830 Mon Sep 17 00:00:00 2001
From: Tobias Eidelpes <tobias@eidelpes.info>
Date: Tue, 14 Jun 2022 11:48:02 +0200
Subject: [PATCH] Add solution for 1g

---
 exam/ex.tex | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/exam/ex.tex b/exam/ex.tex
index 1d3df4d..f48f261 100644
--- a/exam/ex.tex
+++ b/exam/ex.tex
@@ -75,7 +75,12 @@
     \item EWCDM is based on a pseudorandom permutation (i.e. block cipher) and
       an almost xor-universal (AXU) hash function (one-way function).
 
-    \item \TODO
+    \item Yes, the authors delivered a security proof. The proof assumes that
+      the encryption function $E$ is a secure pseudorandom permutation for the
+      case of a nonce-misusing adversary. This requirement on the security of
+      $E$ is not present if the adversary is nonce-respecting. Additionally, the
+      distinguisher is computationally unbounded and never repeats a query.
+
     \item \TODO
     \item \TODO
     \item \TODO