Sciweavers

TCC
2010
Springer

Delayed-Key Message Authentication for Streams

14 years 5 months ago
Delayed-Key Message Authentication for Streams
We consider message authentication codes for streams where the key becomes known only at the end of the stream. This usually happens in key-exchange protocols like SSL and TLS where the exchange phase concludes by sending a MAC for the previous transcript and the newly derived key. SSL and TLS provide tailor-made solutions for this problem (modifying HMAC to insert the key only at the end, as in SSL, or using upstream hashing as in TLS). Here we take a formal approach to this problem of delayed-key MACs and provide solutions which are “as secure as schemes where the key would be available right away” but still allow to compute the MACs online even if the key becomes known only later.
Marc Fischlin, Anja Lehmann
Added 09 Jul 2010
Updated 09 Jul 2010
Type Conference
Year 2010
Where TCC
Authors Marc Fischlin, Anja Lehmann
Comments (0)