Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
FSE
2007
Springer
2007
Springer
Improving the Security of MACs Via Randomized Message Preprocessing
Abstract. “Hash then encrypt” is an approach to message authentication, where first the message is hashed down using an ε-universal hash function, and then the resulting k-bit value is encrypted, say with a block-cipher. The security of this scheme is proportional to εq2 , where q is the number of MACs the adversary can request. As ε is at least 2−k , the best one can hope for is O(q2 /2k ) security. Unfortunately, such small ε is not achieved by simple hash functions used in practice, such as the polynomial evaluation or the Merkle-Damg˚ard construction, where ε grows with the message length L. The main insight of this work comes from the fact that, by using randomized message preprocessing via a short random salt p (which must then be sent as part of the authentication tag), we can use the “hash then encrypt” paradigm with suboptimal “practical” ε-universal hash functions, and still improve its exact security to optimal O(q2 /2k ). Specifically, by using at most...
Real-time TrafficRelated Content
| Added | 07 Jun 2010 |
| Updated | 07 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | FSE |
| Authors | Yevgeniy Dodis, Krzysztof Pietrzak |
Comments (0)
Researcher Info
|
