Question

Topic: Encrypt-then-authenticate scheme, Cryptography

Let Π^E = (Gen^E, Enc^E, Dec^E) be an encryption scheme and Π^M = (Gen^M, Mac^M, Vrfy^M) be a MAC scheme.

(a) Formalize the construction of the “encrypt-then-authenticate” scheme Π = (Gen, Enc, Dec) given Π^E and Π^M

Answer 1

SOLUTION-

(a) Encrypt then authenticate scheme

​​​​​​The message is first encrypted and then authenticated

c = Enc_k1(m), t= Mac_k2(c)

Let II_E be a CPA secure private key encryption scheme.

Let II_{M be a} secure message authentication code with unique tags. Then the combination (Gen, Enc, Mac, Dec) derived by applying the encrypt then authenticate approach to II_E and II_M is a secure message transmission scheme.

A pair of computationally independent keys, κa and κe, are derived from each session key. Then, for each transmitted message, m, a unique message identifier m-id is chosen.Finally, the function produces a triple (x, y, z) where x = m-id, y = ENCκe(m), z = MACκa(m-id, y).
On an incoming message (x0, y0, z0) the rcv function verifies the uniqueness of message identifier x0 and the validity of the MAC tag z (comped on (x0, y0));if the checks succeeds y0
is decrypted under key κe and the resultant plain text accepted as a valid message.

the authentication of the ciphertext provides plaintext
integrity as long as the encryption and decrypt
on keys used at the sender and receiver, respectively, are the same. While this key synchrony is implicit in our analytical models a key mismatch can happen in practice. A system concerned with detecting such cases can check the plaintext for redundancy information (such redundancy exists in most probabilit applications: e.g., message formats,non-cryptographic checksums, etc.). If the redundancy entropy is significant then
a key mismatch will corrupt this redundancy with high probability.

IF YOU HAVE ANY DOUBT PLEASE COMMENT DOWN BELOW I WILL SOLVE IT FOR YOU:)
----------------PLEASE RATE THE ANSWER-----------THANK YOU!!!!!!!!----------