\documentclass[a4paper]{article} \usepackage[english]{babel} \usepackage{amsmath,amssymb,amsthm} \usepackage{color} \newcommand{\TODO}{\textcolor{red}{TO DO}} \begin{document} \begin{center} \textbf{\Large NWI-IMC061 -- Applied Cryptography}\\[4pt] \textbf{\large Final Exam, Academic Year 2021--2022} \end{center} \bigskip \hrule \bigskip \noindent \textbf{Last Name:} Eidelpes \medskip\noindent \textbf{First Name:} Tobias \medskip\noindent \textbf{Student Number:} s1090746 \medskip\noindent \textbf{Personalized Appendix Sequence Number:} 30 \bigskip \hrule \bigskip \begin{enumerate} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%% SYMMETRIC - LITERATURE %%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \item \textbf{(18 points)} \begin{enumerate} \item EWCDM stands for \emph{Encrypted Wegman-Carter with Davies-Meyer}. As the name implies, EWCDM is based on a Wegman-Carter construction which takes the hash of a message $M$ and XORes it with the application of a pseudorandom function (PRF) to a nonce $N$. This construction is very efficient and also has a strong security bound. However, it is very vulnerable to \emph{nonce-misuse}. To deal with that problem, the Wegman-Carter construction is wrapped by another call to the PRF with a different key. Another disadvantage is the fact that PRFs are hard to get by and instead pseudorandom permutations are used. If a pseudorandom permutation (i.e. block cipher) is used, the security bound of the construction drops to the birthday bound ($2^{n/2}$). The authors replace the inner call to the PRF with the \emph{Davies-Meyer} construction \[ \mathrm{DM}[E]_K(N) = E_K(N)\oplus N \] and then encrypt that (with the hashed message) in another call to the block cipher. The resulting EWCDM construction looks like this \[ E_{K'}(E_K(N)\oplus N\oplus H_{K_h}(M)) \] and is secure \emph{beyond} the birthday bound against nonce-respecting adversaries while still offering birthday bound security against nonce-misusing adversaries. \item The type of symmetric cryptographic scheme introduced is a Message Authentication Code (MAC). \item The size of the key(s) depends on the block cipher and the keyed hash function. In total there likely need to be two distinct keys for the block cipher calls and one key for the hash function. \item Since EWCDM is based on a block cipher and a hash function and because those usually operate on fixed-length inputs, the construction also operates on fixed-length inputs. Messages come in variable-length sizes and need to be padded by the block cipher to the specified block size. \item Depending on the amount of input blocks, the construction will generate multiples of the block size as outputs. The outputs are variable-length. \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \end{enumerate} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%% SYMMETRIC - KEYED %%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \item \textbf{(16 points)} \begin{enumerate} \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \end{enumerate} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%% SYMMETRIC - UNKEYED %%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \item \textbf{(16 points)} \begin{enumerate} \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \end{enumerate} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%% ASYMMETRIC - LITERATURE %%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \item \textbf{(17 points)} \begin{enumerate} \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \end{enumerate} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%% ASYMMETRIC - SECURITY %%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \item \textbf{(33 points)} \begin{enumerate} \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \item \TODO \end{enumerate} \end{enumerate} \end{document}