Professional Documents
Culture Documents
Perusteet Ratk4 e 11 PDF
Perusteet Ratk4 e 11 PDF
Exercise 4, 15.-18.2.2011
1.
3. • Since the message has to be split into 160 bit blocks, this hash function can’t be used
for arbitrary length messages. However, it could be extended very easily by appending
message with extra padding.
• Hash function produces constant length output.
• It is easy to calculate, since xor is easily implemented in hardware.
• Hash function h is not preimage resistant. For example given a hash y, h(y) = y.
• Hash function h is not secondary preimage resistant. Given a message m1 , we can
construct a message m2 = m1 ||0160 , where 0160 is a series of 160 zero bits. Since
x ⊕ 0 = x, also h(m2 ) = h(m1 ).
• Collision resistance property doesn’t hold, because for any message m1 , we can con-
struct a message m2 with the same hash by appending zero bits to m1 .
5. (a)
Corruption of C̃1 corrupts decrypted clear text P̃1 by one bit. Blocks P̃2 and P̃3 are
totally corrupted. Starting from X4 and P4 the corrupted block C̃1 doesn’t anymore
corrupt plain text blocks.