Which of the following encryption schemes does a ciphertext leak nothing about the key that was used?

True or false: CBC-mode encryption with PKCS #7 padding provides message integrity, as long as the receiver makes sure to verify the padding upon decryption.

Say we modify CBC-MAC to incorporate a random IV. So authentication of a 1-block message m using a block cipher F and key k is done by choosing a uniform IV and outputting the tag IV,Fk(IV⊕m). Verification is done in the natural way. Say this scheme is used with an 4-byte block cipher, and an attacker sees the tag 0x01 01 01 01 05 06 07 08 on the message 0x 00 00 01 01. Which of the following will be a valid message/tag pair?

Assume El Gamal encryption, where the group being used is Z47∗ with generator 5. (This group has order 46, which is not prime. But El Gamal encryption can be defined in any cyclic group.) Assume the public key contains h=10. Say an attacker sees a ciphertext (41, 18) that is the encryption of some unknown message m. Which of the following is an encryption of [5m mod 47]?

Assume CBC-mode encryption using an 8-byte (64-bit) block cipher. Say a sender encrypts the 8-byte message “sendme$2” (encoded in ASCII), resulting in ciphertext 0xFF 09 28 30 8C 93 81 06 39 D0 81 5A 07 79 17 43. Which of the following ciphertexts will decrypt to the message “sendme$4” ?

Which of the following is a generator of Z*11?

What is ϕ(77)?

Which of the following is a setting in which a pseudorandom generator could be applied?

Which of the following would NOT be a secure way for a receiver to distribute her key for a public-key encryption scheme? (Assume a passive, eavesdropping attacker here.)

Which of the following BEST describes the security offered by the Diffie-Hellman key-exchange protocol (assuming the DDH problem is hard)?