def E(k, m): if len(m) != block_len * 4: return None m = split(m, block_len) c = [random_string(block_len)] t = ["\x00" * block_len] for i in range(4): c += [AES(k, xor_strings(m[i], c[i]))] t += [AES(k, xor_strings(m[i], t[i]))] return join(c), t[-1]
def encrypt(k, m): if len(m) != block_size: return None m = [None] + split(m, block_size / 4) ce = [random_string(16)] cm = ["\x00" * 16] for i in range(1, 5): ce += [AES(k, xor_strings(ce[i - 1], m[i]))] cm += [AES(k, xor_strings(cm[i - 1], m[i]))] return join(ce), cm[4]
def D(k, (c, t)): if len(c) != block_len * 5: return None c = split(c, block_len) m = [] tm = ["\x00" * block_len] for i in range(4): m += [xor_strings(AES_I(k, c[i+1]), c[i])] tm += [AES(k, xor_strings(m[i], tm[i]))] if tm[-1] != t: return None return join(m) """ 1. [20 points] Give an IND-CPA adversary that shows that this sceme is not IND-CPA secure: """ def A_1(lr): """ You must fill in this method. This is the adversary that the problem is asking for. :param lr: This is the oracle supplied by GameLR, you can call this oracle to get an encryption of the data you pass into it. :return: return 1 to indicate your adversary believes it is the right world
def D(k, (c, t)): if len(c) != block_len * 5: return None c = split(c, block_len) m = [] tm = ["\x00" * block_len] for i in range(4): m += [xor_strings(AES_I(k, c[i + 1]), c[i])] tm += [AES(k, xor_strings(m[i], tm[i]))] if tm[-1] != t: return None return join(m) """ 1. [20 points] Give an IND-CPA adversary that shows that this sceme is not IND-CPA secure: """ def A_1(lr): """ You must fill in this method. This is the adversary that the problem is asking for. :param lr: This is the oracle supplied by GameLR, you can call this oracle to get an encryption of the data you pass into it.
def decrypt(k, (ce, t)): if len(ce) != block_size + 16: return None ce = split(ce, block_size / 4) cm = ["\x00" * 16] m = [None] for i in range(1, 5): m += [xor_strings(AES_I(k, ce[i]), ce[i - 1])] cm += [AES(k, xor_strings(cm[i - 1], m[i]))] if cm[4] != t: return None else: return join(m[1:]) """ Give an INT-CTXT adversary that shows that this sceme is not secure: """ def adversary(enc, dec): """ You must fill in this method. This is the adversary that the problem is asking for. :param enc: This is an oracle supplied by GameINTCTXT, you can call this oracle to get an encryption of the data you pass into it. :param dec: This is an oracle supplied by GameINTCTXT, you can call this