In: Computer Science
Topic: Encrypt-then-authenticate scheme, Cryptography
Let ΠE = (GenE, EncE, DecE) be an encryption scheme and ΠM = (GenM, MacM, VrfyM) be a MAC scheme.
(a) Formalize the construction of the “encrypt-then-authenticate” scheme Π = (Gen, Enc, Dec) given ΠE and ΠM
SOLUTION-
(a) Encrypt then authenticate scheme
The message is first encrypted and then authenticated
c = Enck1(m), t= Mack2(c)
Let IIE be a CPA secure private key encryption scheme.
Let IIM be a secure message authentication code with unique tags. Then the combination (Gen, Enc, Mac, Dec) derived by applying the encrypt then authenticate approach to IIE and IIM is a secure message transmission scheme.
A pair of computationally independent
keys, κa and κe, are derived from each session key. Then, for each
transmitted message, m, a unique message identifier m-id is
chosen.Finally, the function produces a triple (x, y, z) where x =
m-id, y = ENCκe(m), z = MACκa(m-id, y).
On an incoming message (x0, y0, z0) the rcv function verifies the
uniqueness of message identifier x0 and the validity of the MAC tag
z (comped on (x0, y0));if the checks succeeds y0
is decrypted under key κe and the resultant plain text accepted as
a valid message.
the authentication of the ciphertext
provides plaintext
integrity as long as the encryption and decrypt
on keys used at the sender and receiver, respectively, are the
same. While this key synchrony is implicit in our analytical models
a key mismatch can happen in practice. A system concerned with
detecting such cases can check the plaintext for redundancy
information (such redundancy exists in most probabilit
applications: e.g., message formats,non-cryptographic checksums,
etc.). If the redundancy entropy is significant then
a key mismatch will corrupt this redundancy with high
probability.
IF YOU HAVE ANY DOUBT
PLEASE COMMENT DOWN BELOW I WILL SOLVE IT FOR YOU:)
----------------PLEASE RATE THE ANSWER-----------THANK
YOU!!!!!!!!----------