def F(k, x): k1, k2 = split(k) x1, x2 = split(x) y1 = AES(x1, k1) y2 = AES(k1, xor_strings(x2, k2)) return y1 + y2
def A_1(fn): output1 = fn("\x00" * block_len) output2 = fn("\xFF" * block_len) y1, y2 = split(output1) y3, y4 = split(output2) if (y2 + y1 == y3 + y4): return 1 #I think I'm in Real else: return 0 #I think I'm in Rand pass
def A_2(fn): output1 = fn("\x00" * block_len) y1, y2 = split(output1) output2 = fn(y1) y3, y4 = split(output2) if (y2 == y3): return 1 #I think I'm in Real else: return 0 #I think I'm in Rand pass
def hash_f(k, m): if len(m) != 2 * block: return None l, m = k, split(m) for i in range(2): x = enc(l, m[i]) l = xor_strings(x, m[i]) return x
def decrypt(k, cipher): if len(cipher) != 3 * block: return None r, cipher = enc_i(k, cipher[:block]), cipher[block:] c, m = ['', ''], '' c[0], c[1] = split(cipher) for j in range(2): r_j = enc_i(k, c[j]) m, r = m + xor_strings(enc_i(k, r_j), r), r_j return m
def _G(k, x): l_0, r_0 = split(x) L, R = [l_0], [r_0] for i in range(1, r + 1): L.append(R[i-1]) R.append(xor_strings(g(k, R[i-1]), L[i-1])) return L[r] + R[r]
def encrypt(k, input_m): if len(input_m) != 2 * block: return None m = ['', ''] m[0], m[1] = split(input_m) r = random_string_bits(n) c = enc(k, r) for j in range(2): r = enc(k, xor_strings(r, m[j])) c += enc(k, r) return c
def E(k, m): if len(m) != block_len * 4: return None m = split(m, block_len) c = [random_string(block_len)] t = ["\x00" * block_len] for i in range(4): c += [AES(k, xor_strings(m[i], c[i]))] t += [AES(k, xor_strings(m[i], t[i]))] return join(c), t[-1]
def encrypt(k, m): if len(m) != block_size: return None m = [None] + split(m, block_size / 4) ce = [random_string(16)] cm = ["\x00" * 16] for i in range(1, 5): ce += [AES(k, xor_strings(ce[i - 1], m[i]))] cm += [AES(k, xor_strings(cm[i - 1], m[i]))] return join(ce), cm[4]
m = split(m, block_len) c = [random_string(block_len)] t = ["\x00" * block_len] for i in range(4): c += [AES(k, xor_strings(m[i], c[i]))] t += [AES(k, xor_strings(m[i], t[i]))] return join(c), t[-1] def D(k, (c, t)): if len(c) != block_len * 5: return None c = split(c, block_len) m = [] tm = ["\x00" * block_len] for i in range(4): m += [xor_strings(AES_I(k, c[i+1]), c[i])] tm += [AES(k, xor_strings(m[i], tm[i]))] if tm[-1] != t: return None return join(m) """ 1. [20 points] Give an IND-CPA adversary that shows that this sceme is not
m = split(m, block_len) c = [random_string(block_len)] t = ["\x00" * block_len] for i in range(4): c += [AES(k, xor_strings(m[i], c[i]))] t += [AES(k, xor_strings(m[i], t[i]))] return join(c), t[-1] def D(k, (c, t)): if len(c) != block_len * 5: return None c = split(c, block_len) m = [] tm = ["\x00" * block_len] for i in range(4): m += [xor_strings(AES_I(k, c[i + 1]), c[i])] tm += [AES(k, xor_strings(m[i], tm[i]))] if tm[-1] != t: return None return join(m) """ 1. [20 points] Give an IND-CPA adversary that shows that this sceme is not
m = [None] + split(m, block_size / 4) ce = [random_string(16)] cm = ["\x00" * 16] for i in range(1, 5): ce += [AES(k, xor_strings(ce[i - 1], m[i]))] cm += [AES(k, xor_strings(cm[i - 1], m[i]))] return join(ce), cm[4] def decrypt(k, (ce, t)): if len(ce) != block_size + 16: return None ce = split(ce, block_size / 4) cm = ["\x00" * 16] m = [None] for i in range(1, 5): m += [xor_strings(AES_I(k, ce[i]), ce[i - 1])] cm += [AES(k, xor_strings(cm[i - 1], m[i]))] if cm[4] != t: return None else: return join(m[1:]) """ Give an INT-CTXT adversary that shows that this sceme is not secure: