Sciweavers

FSE
2007
Springer

Improving the Security of MACs Via Randomized Message Preprocessing

14 years 5 months ago
Improving the Security of MACs Via Randomized Message Preprocessing
Abstract. “Hash then encrypt” is an approach to message authentication, where first the message is hashed down using an ε-universal hash function, and then the resulting k-bit value is encrypted, say with a block-cipher. The security of this scheme is proportional to εq2 , where q is the number of MACs the adversary can request. As ε is at least 2−k , the best one can hope for is O(q2 /2k ) security. Unfortunately, such small ε is not achieved by simple hash functions used in practice, such as the polynomial evaluation or the Merkle-Damg˚ard construction, where ε grows with the message length L. The main insight of this work comes from the fact that, by using randomized message preprocessing via a short random salt p (which must then be sent as part of the authentication tag), we can use the “hash then encrypt” paradigm with suboptimal “practical” ε-universal hash functions, and still improve its exact security to optimal O(q2 /2k ). Specifically, by using at most...
Yevgeniy Dodis, Krzysztof Pietrzak
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where FSE
Authors Yevgeniy Dodis, Krzysztof Pietrzak
Comments (0)