C3 would be decrypted incorrectly if INC was used for encryption. INC is not IND-CPA secure because an attacker could determine which of two messages M0 or M1 was encrypted by creating messages where the second block is the same in both and observing if the second ciphertext is also the same.
iii. Suppose that you encrypted three blocks of messages M1,M2,M3 usi.pdf
1. iii. Suppose that you encrypted three blocks of messages M1,M2,M3 using INC and received
ciphertexts C1,C2,C3. If C3 was corrupted, which of the three message blocks will be decrypted
incorrectly? Explain your answer. iv. Show that INC is an NOT an IND-CPA secure method.
That is, provide two multi-block messages M0 and M1 chosen by an IND-CPA attacker and
show how this attacker, given either C0 or C1, can determine which message was encrypted by
the challenger. Explain the attacker's strategy precisely.