Add solution for 1c

2022-06-14 13:49:54 +02:00 · 2022-06-14 13:49:54 +02:00 · 8ade466e3e
commit 8ade466e3e
parent f519a12152
1 changed files with 6 additions and 1 deletions
--- a/exam/ex.tex
+++ b/exam/ex.tex
@ -122,7 +122,12 @@
      (without the counter) is at most 102 bits long which gives a maximum
      message length of $102\cdot (2^{26}-2) = \unit[6845103924]{bits}$.

-    \item \TODO
+    \item $\widetilde{E}$ should behave like a pseudorandom permutation in order
+      to be able to prove the security of $\mathsf{CrAp}$. If it does not, a
+      distinguisher is able to gain a significant advantage because the block
+      cipher does not actually generate \emph{random} outputs. Further, if the
+      security of the underlying primitive is broken, the whole scheme falls
+      apart.

    \item \TODO