TU Wien:Introduction to Modern Cryptography VU (Maffei)/Exam 1 2018W

My fuzzy recounting of the exam questions:

1) Various functions and whether or not they're negligible. (3 concrete functions and 3 of the form "if f(n) is negligible, is g(f(n)) negligible") (Just true/false, no proofs required)

2) Rank encrypt-and-authenticate, encrypt-then-authenticate, and authenticate-then-encrypt from best to worst and justify your choice for best and worst.

3) Explain why the 2 messages you have to distinguish in a CPA attack have to be of the same length.

4) Given a 2-wise independent permutation:

 a) It's an X-wise MAC for what X? Explain why it doesn't work for X+1. (I.e. it's a MAC as long as you only authenticate X messages with it)
 b) It's a perfectly secure encryption for how many messages? Explain why it won't work for 1 more.

5) Attacks

 a) Show a CCA-attack on CBC-mode encryption
 b) Show that the CBC-MAC is not unforgable if the message space are all messages whose length are a multiple of n
 c) Show that any 2-round Feistel network is not a PRP, regardless of the round functions.