TU Wien:Introduction to Modern Cryptography VU (Maffei)/Exam 1 2018W
My fuzzy recounting of the exam questions:
1) Various functions and whether or not they're negligible. (3 concrete functions and 3 of the form "if f(n) is negligible, is g(f(n)) negligible") (Just true/false, no proofs required)
2) Rank encrypt-and-authenticate, encrypt-then-authenticate, and authenticate-then-encrypt from best to worst and justify your choice for best and worst.
3) Explain why the 2 messages you have to distinguish in a CPA attack have to be of the same length.
4) Given a 2-wise independent permutation:
a) It's an X-wise MAC for what X? Explain why it doesn't work for X+1. (I.e. it's a MAC as long as you only authenticate X messages with it) b) It's a perfectly secure encryption for how many messages? Explain why it won't work for 1 more.
a) Show a CCA-attack on CBC-mode encryption b) Show that the CBC-MAC is not unforgable if the message space are all messages whose length are a multiple of n c) Show that any 2-round Feistel network is not a PRP, regardless of the round functions.