### COMP 165 - Fall 2016 - Homework 6

Due Wednesday, 2 November, 2016 in class

Report problems to ablumer via email

1. (This is Problem 12.2) Show how the Data Authentication Algorithm of Section 12.6 could be implemented using Cipher Feedback mode (CFB) instead of Cipher Block Chaining (CBC).
2. (This is a version of Problem 12.4) Define a variant of CMAC by

VMAC(K, M) = CBC(K, M) XOR K1

Suppose an adversary is able to obtain VMACs of the all-zeroes block, the all-ones block, and the two-block message consisting of the all-ones block followed by the all-zeroes block. Show that the adversary can compute the VMAC for the two-block message consisting of the all-zeroes block followed by a block that's the XOR of VMAC(K, 000...0) and VMAC(K, 111...1).
3. (This is a version of Problem 12.7) The description of GHASH claims that it can be parallelized by expressing it as

(X1*Hm) XOR (X2*Hm-1) XOR ... (Xm-1*H2) XOR (Xm*H)     where * denotes multiplication in GF(2128)

Prove that this expression is correct, giving a reason for each step of your proof.