From 8ade466e3e2f8c9d1eeb640802f8d40279308164 Mon Sep 17 00:00:00 2001 From: Tobias Eidelpes Date: Tue, 14 Jun 2022 13:49:54 +0200 Subject: [PATCH] Add solution for 1c --- exam/ex.tex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/exam/ex.tex b/exam/ex.tex index 8e23599..fe92231 100644 --- a/exam/ex.tex +++ b/exam/ex.tex @@ -122,7 +122,12 @@ (without the counter) is at most 102 bits long which gives a maximum message length of $102\cdot (2^{26}-2) = \unit[6845103924]{bits}$. - \item \TODO + \item $\widetilde{E}$ should behave like a pseudorandom permutation in order + to be able to prove the security of $\mathsf{CrAp}$. If it does not, a + distinguisher is able to gain a significant advantage because the block + cipher does not actually generate \emph{random} outputs. Further, if the + security of the underlying primitive is broken, the whole scheme falls + apart. \item \TODO