Прикладна криптологія та стеганографія (6с ННІ 4-23-302/303) Course Materials & Test Answers | kursant.khnuvs.org.ua

Припустимо, що F - блоковий шифр із довжиною блоку n, а схема

шифрування n-бітових повідомлень m за

допомогою ключа k така:

1) обирається випадковий c₀∈{0,1}ⁿ

2) шифртекст - c₀, c₁, F_k(F_k(c₀)⊕c₁), де c₁=F_k(c₀)⊕m.

Яке з наведених тверджень

вірне?

This looks like the

authenticate-then-encrypt approach using CBC-mode and CBC-MAC (with the same

key) -- but here it's ok, since CBC-MAC is applied to something random

This is an example of

the encrypt-then-authenticate approach using (a variant of) CTR-mode and

CBC-MAC, so is secure

This can be viewed as an

example of the encrypt-and-authenticate approach using CBC-mode and CBC-MAC (with

the same key), and is insecure

This looks like the

encrypt-then-authenticate approach using (a variant of) CTR-mode and CBC-MAC,

except that here the same key is being used for both; this looks insecure!

100%

View this question

Crowdly