Problem
1) Why do we need to assume an attack model of CPA (or stronger) for differential cryptanalysis to be possible? Your answer should be in terms of the specific operations performed in differential cryptanalysis.
2) Assume you are using any correct plaintext padding method, such as those described in the lecture, with a 128-bit (16-byte) block cipher. If you are sending a message that is 498 bytes long, how many padding bytes would you need to add? Justify your answer.