|Cryptography WS 2016/2017|
|News | Dates | Exam | Content | Tutorials | Slides | Contact|
HomeworkExercises are voluntary and do not account for the final grade. They are however highly recommended.
ExercisesYou need the login obtained from the password quiz (see slides page) in order to download the exercise sheets.
- Exercise 1 - discussed on 26/10/2016 Solution
- Exercise 2 - discussed on 16/11/2016 Solution
- Exercise 3 - discussed on 30/11/2016 Solution
- Exercise 4 - discussed on 13/12/2016 Solution
- Exercise 5 - discussed on 16/01/2017 Solution
- Exercise 6 - discussed on 31/01/2017 Solution
- Exercise 7 - discussed on 08/02/2017 Solution
Important correction: In exercise 4.3, a 0-padding is used for the MAC. As it was shown by someone of you in class, such a padding is not injective, e.g. 0 and 0^2 are both padded to 0^n, which gives rise to a succesful attack. Here it is crucial to note that in the game FrgMAC, the padding always happens inside the oracle upon the attacker's request, i.e. it is NOT the attacker whoe does pad the message (in fact, the padding may even be unknown to the attacker (it could be dependent on a secret key)). The solution was updated accordingly.