Print this page and give the answers. 

Name:______________________________     Alpha:________________________________
  1. [20pts] In this problem, we will see that the ECB mode is not indistinguishable under the chosen plaintext attack. In particular, we will be the adversary that participates in the following indistinguishability game:
    1. As an adversary, we will choose the following two messages: 
      M0 = b"Don't Use ECB, please"
M1 = b"It's not IND-CPA secure"
      These two messages are sent to the challenger box.
    2. The challenger box secretly flips a coin b and encrypts Mb. The ciphertext C is sent to us (in the hexstring from): 
      903f9f5ae5a74cd1df2335c1b9e2c0eccfbd14f3b16483b9d1f0abc9b6f20f5d
    3. Now, as the adversary, we need to figure out whether C encrypts M0 or M1. If we can figure out the answer better than a random guess, it will mean that this encryption scheme is distinguishable, and so indistinguishability doesn't hold.
    Fortunately, with a CPA attack, we are given an encryption function in hw10.py. You can use function enc_ecb to encrypt any message you want (under the same unknown key that was used for getting C).

    Sample runs: 

    
>>> from hw10 import *
>>> enc_ecb(b"Hello")
'cdb8bb812f68fcd94e106ea62a08af8b'
>>> enc_ecb(b"Zello")
'edc504c067e3a5492c63a268ddf24c11'
    Note: Don't care about how enc_ecb is implemented. Just do the function calls. Moreover, the code works only when you are on the yard.

    Question: Which message does C encrypt? Describe how figured out the answer.
  2. [20pts] Recall how the CBC mode works.

    In this problem, we will follow the above diagram step by step. In particular, we will consider the following (padded) message consisting of three blocks: 
    M1: 556e6465727374616e64696e6720686f
M2: 772074686520434243206d6f64652077
M3: 6f726b730c0c0c0c0c0c0c0c0c0c0c0c
    IV is given as follows: 
    IV: 90c371a51f8357554e60fdcf6c4cf621
    You are given the block cipher Fk (with unknown key). Use the function as follows: 
    
>>> from hw10 import * 
>>> Fk("abcde71a51f8357554e60fdcf6c4cf62")
'b06dbee2fcee567914c3435e501b4e53'
    That is, the input the function Fk should be a single block (i.e., 16 bytes = 32 hex letters).

    Follow each step of the CBC mode given the message, IV, Fk as above. Fill in the black; for each object, just give the first 6 hex letters instead of the full 32 letters. 

    M1 xor C0: 

C1:

M2 xor C1: acaae22c258813dbcc492a5ead368da0

C2: 

M3 xor C2:

C3: 93225ab8a838fe8db64b780dae3712ef