How to thwart birthday attacks against MACs via small randomness
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Γ-MAC[H, P]: a new universal MAC scheme
WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology
On security of universal hash function based multiple authentication
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
Message Authentication Codes (MACs) are core algorithms deployed in virtually every security protocol in common usage. In these protocols, the integrity and authenticity of messages rely entirely on the security of the MAC; we examine cases in which this security is lost.In this paper, we examine the notion of "reforgeability" for MACs, and motivate its utility in the context of {power, bandwidth, CPU}-constrained computing environments. We first give a definition for this new notion, then examine some of the most widely-used and well-known MACs under our definition in a variety of adversarial settings, finding in nearly all cases a failure to meet the new notion. We examine simple counter-measures to increase resistance to reforgeabiliy, using state and truncating the tag length, but find that both are not simultaneously applicable to modern MACs. In response, we give a tight security reduction for a new MAC, WMAC, which we argue is the "best fit" for resource-limited devices.