COMP 165 - Fall 2016 - Homework 6
Due Wednesday, 2 November, 2016 in class
Report problems to ablumer via email
(This is Problem 12.2) Show how the Data Authentication Algorithm of
Section 12.6 could be implemented using Cipher Feedback mode (CFB)
instead of Cipher Block Chaining (CBC).
(This is a version of Problem 12.4) Define a variant of CMAC by
VMAC(K, M) = CBC(K, M) XOR K1
Suppose an adversary is able to obtain VMACs of the all-zeroes block,
the all-ones block, and the two-block message consisting of the all-ones
block followed by the all-zeroes block. Show that the adversary can compute
the VMAC for the two-block message consisting of the all-zeroes block
followed by a block that's the XOR of VMAC(K, 000...0) and VMAC(K, 111...1).
(This is a version of Problem 12.7) The description of GHASH claims that
it can be parallelized by expressing it as
(X1*Hm) XOR (X2*Hm-1) XOR
... (Xm-1*H2) XOR (Xm*H)
where * denotes multiplication in GF(2128)
Prove that this expression is correct, giving a reason for each step of your proof.