def E(k, m):
if len(m) != block_len * 4: return None
m = split(m, block_len)
c = [random_string(block_len)]
t = ["\x00" * block_len]
for i in range(4):
c += [AES(k, xor_strings(m[i], c[i]))]
t += [AES(k, xor_strings(m[i], t[i]))]
return join(c), t[-1]
def E(k, m):
if len(m) != block_len * 4: return None
m = split(m, block_len)
c = [random_string(block_len)]
t = ["\x00" * block_len]
for i in range(4):
c += [AES(k, xor_strings(m[i], c[i]))]
t += [AES(k, xor_strings(m[i], t[i]))]
return join(c), t[-1]
def encrypt(k, m):
if len(m) != block_size:
return None
m = [None] + split(m, block_size / 4)
ce = [random_string(16)]
cm = ["\x00" * 16]
for i in range(1, 5):
ce += [AES(k, xor_strings(ce[i - 1], m[i]))]
cm += [AES(k, xor_strings(cm[i - 1], m[i]))]
return join(ce), cm[4]
def G1(k, x):
xbar = xor_strings(x, "\xFF" * block_len)
y1 = F(k, x)
y2 = F(k, xbar)
return y1 + y2
def encrypt(k, x):
r = random_string(block_size)
c = r
for i in range(1, len(x) / block_size + 1, 1):
w_i = add_int_to_string(r, i, block_size * 8)
x_i = x[((i - 1) * block_size):(i * block_size)]
c += AES(k, xor_strings(x_i, w_i))
return c
def F(k, x):
k1, k2 = split(k)
x1, x2 = split(x)
y1 = AES(x1, k1)
y2 = AES(k1, xor_strings(x2, k2))
return y1 + y2
def hash_f(k, m):
if len(m) != 2 * block:
return None
l, m = k, split(m)
for i in range(2):
x = enc(l, m[i])
l = xor_strings(x, m[i])
return x
def decrypt(k, cipher):
if len(cipher) != 3 * block:
return None
r, cipher = enc_i(k, cipher[:block]), cipher[block:]
c, m = ['', ''], ''
c[0], c[1] = split(cipher)
for j in range(2):
r_j = enc_i(k, c[j])
m, r = m + xor_strings(enc_i(k, r_j), r), r_j
return m
def _G(k, x):
l_0, r_0 = split(x)
L, R = [l_0], [r_0]
for i in range(1, r + 1):
L.append(R[i-1])
R.append(xor_strings(g(k, R[i-1]), L[i-1]))
return L[r] + R[r]
def encrypt(k, input_m):
if len(input_m) != 2 * block:
return None
m = ['', '']
m[0], m[1] = split(input_m)
r = random_string_bits(n)
c = enc(k, r)
for j in range(2):
r = enc(k, xor_strings(r, m[j]))
c += enc(k, r)
return c
def encrypt(k, x):
"""
:param k: The key used to encrypt/decrypt the message
:param x: The plaintext to be decrypted
:return: return the encryption of plaintext x
"""
r = random_string(block_len)
c = r
for i in range(1, len(x) / block_len + 1, 1):
w_i = add_int_to_string(r, i, block_len * 8)
x_i = x[((i - 1) * block_len): (i * block_len)]
c += AES(k, xor_strings(x_i, w_i))
return c
for i in range(4):
c += [AES(k, xor_strings(m[i], c[i]))]
t += [AES(k, xor_strings(m[i], t[i]))]
return join(c), t[-1]
def D(k, (c, t)):
if len(c) != block_len * 5: return None
c = split(c, block_len)
m = []
tm = ["\x00" * block_len]
for i in range(4):
m += [xor_strings(AES_I(k, c[i+1]), c[i])]
tm += [AES(k, xor_strings(m[i], tm[i]))]
if tm[-1] != t: return None
return join(m)
"""
1. [20 points] Give an IND-CPA adversary that shows that this sceme is not
IND-CPA secure:
"""
def A_1(lr):
"""
You must fill in this method. This is the adversary that the problem is
c += [AES(k, xor_strings(m[i], c[i]))]
t += [AES(k, xor_strings(m[i], t[i]))]
return join(c), t[-1]
def D(k, (c, t)):
if len(c) != block_len * 5: return None
c = split(c, block_len)
m = []
tm = ["\x00" * block_len]
for i in range(4):
m += [xor_strings(AES_I(k, c[i + 1]), c[i])]
tm += [AES(k, xor_strings(m[i], tm[i]))]
if tm[-1] != t: return None
return join(m)
"""
1. [20 points] Give an IND-CPA adversary that shows that this sceme is not
IND-CPA secure:
"""
def A_1(lr):
"""
ce += [AES(k, xor_strings(ce[i - 1], m[i]))]
cm += [AES(k, xor_strings(cm[i - 1], m[i]))]
return join(ce), cm[4]
def decrypt(k, (ce, t)):
if len(ce) != block_size + 16:
return None
ce = split(ce, block_size / 4)
cm = ["\x00" * 16]
m = [None]
for i in range(1, 5):
m += [xor_strings(AES_I(k, ce[i]), ce[i - 1])]
cm += [AES(k, xor_strings(cm[i - 1], m[i]))]
if cm[4] != t:
return None
else:
return join(m[1:])
"""
Give an INT-CTXT adversary that shows that this sceme is not secure:
"""
def adversary(enc, dec):
"""
