## Homework Corrections - Due Tuesday, March 15

Students who want to raise their homework average can submit homework corrections by Tuesday, March 15. These will be graded and you can earn back up to half of the points you missed. You must turn in both your original submission, and your corrected version. These corrections are to be done *on your own* - do not discuss or look at solutions from other students!

For students who want to re-do the formal models question (question 4 on assignment 3), since a detailed solution was distributed, you need to solve the following alternate question rather than the original one:

- In problem 2, "Lazy Davy" implemented a system using CTR mode, but used the same starting counter value for every encryption. In that problem you saw that this was not secure in a very practical way. For this problem, consider the following "correction" from the standpoint of formal security models: The iCTR mode (I just made that up - there really isn't such a mode) keeps track of the starting counter values that are used for each encryption, and increments the starting counter value so that it is not reused. So if the last encryption was performed with a starting counter value of 47, then the next encryption will use a starting counter value of 48. Prove that this scheme is not IND-CPA secure. (Hint: The initial counter value goes up by one each time,
*regardless of how many blocks of plaintext were encrypted in the previous encryption*.)