Add solution for 1g

2022-06-14 11:48:02 +02:00 · 2022-06-14 11:48:02 +02:00 · 0f66d8ec3e
commit 0f66d8ec3e
parent 640a0fe9de
1 changed files with 6 additions and 1 deletions
--- a/exam/ex.tex
+++ b/exam/ex.tex
@ -75,7 +75,12 @@
    \item EWCDM is based on a pseudorandom permutation (i.e. block cipher) and
      an almost xor-universal (AXU) hash function (one-way function).

-    \item \TODO
+    \item Yes, the authors delivered a security proof. The proof assumes that
+      the encryption function $E$ is a secure pseudorandom permutation for the
+      case of a nonce-misusing adversary. This requirement on the security of
+      $E$ is not present if the adversary is nonce-respecting. Additionally, the
+      distinguisher is computationally unbounded and never repeats a query.
+
    \item \TODO
    \item \TODO
    \item \TODO