Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a 32-bit secret key, s, shared with the reader, perform XOR operations, and receive and transmit via radio 32-bit values. The reader generates a random 32-bit challenge x and transmits y = x ⊕ s to the tag. The tag computes z = y ⊕ s and sends z to the reader. The reader authenticates the tag if z = x. (a) Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag. (b) Can the same attack works if the tag and reader share two secret keys s1 and s2, the reader sends x ⊕ s1 and the tag responds with x ⊕ s2 after recovering x? If not, what kind of attack will work?