CIS 5371 Cryptography QUIZ 10 (5 minutes only) This quiz concerns MACs. 1. Let F be a pseudorandom function, and let k ∈ {0, 1}n be a key. Show that the following MAC for messages of length 2n is insecure. To authenticate the message m1 ||m2 with |m1 | = |m2 | = n compute the tag hFk (m1 ), Fk (m1 ⊕ m02 ))i, where m02 is m2 with its last bit flipped (so 1100 = 111). What is the minimum number of queries that the adversary has to make to the MAC-oracle to forge this MAC? Proof that the MAC is insecure: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .......................................................................................... .......................................................................................... .......................................................................................... .......................................................................................... Min number of queries: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mike Burmester