For example, suppose that . That is , and . Then the encryption would be ``nDa''.
Now let's try to break this scheme completely given multiple encryptions for a fixed key . We assume that we don't know a priori but that they are in english.
Justify your answer. Try to give at least two reasons.
As with DESX, |k|=56 and . Show that both these proposals do not increase the work needed to break the cryptosystem using brute-force key search. That is, show how to break these schemes using on the order of DES encryptions/decryptions. You may assume that you have a moderate number of plaintext-ciphertext pairs, .
where R is a random bit string of the same size as the message. That is, the output of is the encryption of a random one-time pad along with the original message XORed with the random pad. A new independent random pad R is chosen for every encryption.
We consider two attack models. The goal of both models is to reconstruct the actual secret key k.
Note that for the case of the opponent has no control over the random pad R used in the creation of the given plaintext/ciphertext pairs.
Prove that if is secure against KR-RPA attacks then is secure against attacks.
[Hint: It is easiest to show the contrapositive. Given an algorithm A that executes a successful attack against , exhibit an algorithm B (using A as a ``subroutine'') that executes a successful attack against .]