Alice and Bob are strangers. Alice wants Bob to send her a private message A and be able to verify the integrity of the message. What should Bob do? (h() is a hash function and assume both Alice and Bob knows h()). Bob generates an encryption key k and relies on PKI to send Alice X, Y, H where Y=PubE(bob-pri,k), X=SymE(k,A), H=PubE(alice-pub, h(A)).

Question

Alice and Bob are strangers. Alice wants Bob to send her a private message A and be able to verify the integrity of the message. What should Bob do? (h() is a hash function and assume both Alice and Bob knows h()). Bob generates an encryption key k and relies on PKI to send Alice X, Y, H where  Y=PubE(bob-pri,k), X=SymE(k,A), H=PubE(alice-pub, h(A)).

BlackTom AI · Accepted Answer

Consider the scenario and what each component is intended to do in Alice–Bob public-key infrastructure.
Option 1: 'This does not work because this message can be read by anyone.' This claim focuses on readability by third parties, but the real problem here is not whether the message is readable in general; it’s whether Alice can obtain the plaintext and verify integrity. Since X is symmetrically encrypted with k, and Y is a signature-like construct of k with Bob’s private key, an eavesdropper wouldn’t necessarily be able to decrypt X to learn A unless they also know k. The key issue is not simply 'readability by anyone' but the distribution and recoverability of the symmetric key k and the ability for Alice to verify the data.
Option 2: 'This does not work because Alice cannot have access to the encryption key k' This targets the fundamental flaw: X is encrypted with a symmetric key k, but there is no secure means for Alice to obtain k through the given construction. Y = PubE(bob-pri, k) would be a signature over k rather than a means to securely convey k to Alice; a recipient cannot recover k from a signature. Without k, Alice cannot decrypt X to recover A, so the confidentiality/availability chain collapses. This is a precise and accurate reason for the scheme failing, given the described operations.
Option 3: 'This does not work because Alice cannot verify Bob's public key' If Alice cannot verify Bob’s public key, she indeed cannot trust any operations that depend on Bob’s key, but the described failure is not primarily about key verification; it’s about obtaining k to decrypt X and verify H. The statement makes a claim about a prerequisite (verifying Bob’s public key) that is not the central blocker in this construction, so it misidentifies the root cause.
Option 4: 'This works.' This is asserting success of the scheme, but given that Alice cannot obtain k from Y and thus cannot decrypt X to retrieve A (and subsequently verify H(A) encrypted under Alice’s public key), the overall design does not achieve the stated goals. Therefore this option asserts an outcome that contradicts the functional requirements of confidentiality and integrity verification in this setup.

202580-ITIS-4221-001:ITIS-5221-001-XLSDO202580_Combined Midterm Exam Practice

View Explanation

Log in for full answers

Similar Questions

What uses two keys: a public key that everyone can have and a private key for only the recipient?

A typical disadvantage of public key encryption compared to symmetric key encryption is ________.

When is the private key of a public/private key pair used in bidirectional encrypted communications? (Select the best answer.)

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

People born without creativity never can develop it

A product has a selling price of $20, a contribution margin ratio of 40% and fixed cost of $120,000. To make a profit of $30,000. The number of units that must be sold is: Type the number without $ and a comma. Eg: 20000

Which of the following statement regarding cost is correct:

More Practical Tools for Students Powered by AI Study Helper

Homework AI Solver

Stylized AI Paper Writer

Plagiarism Checker Assistant

Citation AI Academic Writing Tool

In-Class Translation Assistant

AI Note Generator

AI Quiz Answers

Past Exam Questions from University Test Bank

Smart Practice Assistant

Adaptive Practice

Making Your Study Simpler