Problem 4 (15 pts)
a. Suppose Alice shares a secret block cipher key, KAB with Bob, and a different secret block cipher key, KAC with Charlie. Describe a method for Alice to encrypt an m-block message such that it can only be decrypted with the cooperation of both Bob and Charlie.
The ciphertext should only be a constant size greater than m blocks. You may assume that Bob and Charlie have a pre-established secret channel on which to communicate.
b. Now, suppose Alice shares a block cipher key, KAB with Bob, a block cipher key KAC with Charlie, and a block cipher key KAD with David. Describe a method for Alice to encrypt an m-block message such that any two of Bob, Charlie, and David can decrypt (for example, Bob and Charlie can decrypt), but none of them can decrypt the message themselves.
Again, the ciphertext should only be a constant size greater than m blocks. (Hint: Pick a random message encryption key to encrypt the message with. Then add three ciphertext blocks to the ciphertext header.)
c. How does your solution from part (b) scale as we increase the number of recipients? In other words, suppose Alice has a secret key with each of n recipients and wants to encrypt so that any k out of n recipients can decrypt, but any k-1 cannot. What would be the length of the header as a function of n and k?