# CIS 5371 Cryptography QUIZ 10 (5 minutes only)

```CIS 5371 Cryptography
QUIZ 10 (5 minutes only)
This quiz concerns MACs.
1. Let F be a pseudorandom function, and let k ∈ {0, 1}n be a key. Show that the following
MAC for messages of length 2n is insecure.
To authenticate the message m1 ||m2 with |m1 | = |m2 | = n compute the tag
hFk (m1 ), Fk (m1 ⊕ m02 ))i,
where m02 is m2 with its last bit flipped (so 1100 = 111). What is the minimum number of
queries that the adversary has to make to the MAC-oracle to forge this MAC?
Proof that the MAC is insecure: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
..........................................................................................
..........................................................................................
..........................................................................................
..........................................................................................
Min number of queries: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mike Burmester
```