Cryptography WS 2016/2017

Homework

Exercises

• Exercise 1 - discussed on 26/10/2016 Solution
• Exercise 2 - discussed on 16/11/2016 Solution
• Exercise 3 - discussed on 30/11/2016 Solution
• Exercise 4 - discussed on 13/12/2016 Solution
• Exercise 5 - discussed on 16/01/2017 Solution
• Exercise 6 - discussed on 31/01/2017 Solution
• Exercise 7 - discussed on 08/02/2017 Solution
Important correction: In exercise 4.3, a 0-padding is used for the MAC. As it was shown by someone of you in class, such a padding is not injective, e.g. 0 and 0^2 are both padded to 0^n, which gives rise to a succesful attack. Here it is crucial to note that in the game FrgMAC, the padding always happens inside the oracle upon the attacker's request, i.e. it is NOT the attacker whoe does pad the message (in fact, the padding may even be unknown to the attacker (it could be dependent on a secret key)). The solution was updated accordingly.

Previous years' exams (with solution sketches):

• Mock Exam 2010/11: [PDF] Solution: [PDF]
• Exam 2010/11: [PDF] Solution: [PDF]
• Exam 2011/12: [PDF] Solution: [PDF]
• Exam 2012/13: [PDF] Solution: [PDF]
• Exam 2013/14: [PDF] Solution: [PDF]
• Exam 2014/15: Solution: [PDF]