COMP 165  Fall 2016  Homework 6
Due Wednesday, 2 November, 2016 in class
Report problems to ablumer via email

(This is Problem 12.2) Show how the Data Authentication Algorithm of
Section 12.6 could be implemented using Cipher Feedback mode (CFB)
instead of Cipher Block Chaining (CBC).

(This is a version of Problem 12.4) Define a variant of CMAC by
VMAC(K, M) = CBC(K, M) XOR K_{1}
Suppose an adversary is able to obtain VMACs of the allzeroes block,
the allones block, and the twoblock message consisting of the allones
block followed by the allzeroes block. Show that the adversary can compute
the VMAC for the twoblock message consisting of the allzeroes block
followed by a block that's the XOR of VMAC(K, 000...0) and VMAC(K, 111...1).

(This is a version of Problem 12.7) The description of GHASH claims that
it can be parallelized by expressing it as
(X_{1}*H^{m}) XOR (X_{2}*H^{m1}) XOR
... (X_{m1}*H^{2}) XOR (X_{m}*H)
where * denotes multiplication in GF(2^{128})
Prove that this expression is correct, giving a reason for each step of your proof.