Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Given that we know that nonce + message + hash(nonce + message + mac-key) all in

ID: 652580 • Letter: G

Question

Given that we know that nonce + message + hash(nonce + message + mac-key) all inside the encryption makes it possible to detect if any bits of the message have been changed by the attacker (in essence converting a malleable cipher into a non-malleable one), why do they still say encrypt then MAC?

Furthermore, doesn't adding the mac-key that is split into pairs like the symmetric cipher authenticate the attacker by proving the rest of the material not subject to attack on the cipher is known (assuming adequate length)?

Explanation / Answer

If there exists an encryption scheme, then there exists an encryption schemes such that
one can easily modify a single ciphertext so that whether or not that modifies the decryption
result depends in a predictable-and-useful way on what the plaintext message was, such as:

The modified encryption operation outputs a zero concatenated with the original encryption algorithm's output. If the input ciphertext is empty then the modified decryption operation gives the same output as the original decryption algorithm. If the input ciphertext begins with a zero then the modified decryption operation outputs the original decryption algorithm's output when given the rest of the ciphertext.
If the input ciphertext begins with a one followed by a prefix-free encoding of a natural number,
then the modified decryption operation takes the output of the original decryption algorithm on the
rest of the ciphertext, appends however many (possibly zero) zeros are needed to make it longer
than the natural number, makes the [natural number]-th bit a one, and outputs that result of that.
Otherwise, the modified decryption operation outputs the original
decryption algorithm's output when given the empty ciphertext.


If MAC-then-encrypt is used with an encryption scheme which allows such ciphertext modifications
that depend in a predictable-and-useful way on the actual message component of the plaintext,
then the resulting scheme will still be malleable.

Related Questions

Given that the density of air at 0.987 bar and 27°C is 1.146 kg m 3 , calculate
Question #1060080
Given that the directional filter can be set at a specific angle, suggest a bett
Question #117606
Given that the electric field in an xy plane produced by apostively charged part
Question #1669434
Given that the electric field in an xy plane produced by apostively charged part
Question #1669791
Given that the electric potential is 7.5x102 V higher outside the cell than insi
Question #1578730
Given that the electric potential is 7.5x102 V higher outside the cell than insi
Question #1871321
Given that the equation for a first-order rate law is In([A]_t/[A]_o) = -kt, Ple
Question #955301
Given that the equation for a first-order rate law is in((A)_t/(A)_o)=-kt, pleas
Question #987985
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Given that we are supplied with the initial population p0 , we can compute the p
Next
Given that women have normally distributed heights with a mean of 62.5 in. and a

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.