Message authentication with one-way hash functions
IEEE INFOCOM '92 Proceedings of the eleventh annual joint conference of the IEEE computer and communications societies on One world through communications (Vol. 3)
Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
An Efficient MAC for Short Messages
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
MDx-MAC and Building Fast MACs from Hash Functions
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Pseudorandom functions revisited: the cascade construction and its concrete security
FOCS '96 Proceedings of the 37th Annual Symposium on Foundations of Computer Science
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
"Sandwich" is indeed secure: how to authenticate a message with just one hashing
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
A simple variant of the Merkle-Damgård scheme with a permutation
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Boosting Merkle-Damgård hashing for message authentication
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Security of NMAC and HMAC based on non-malleability
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Multi-property-preserving hash domain extension and the EMD transform
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
New proofs for NMAC and HMAC: security without collision-resistance
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
| Hi-index | 0.00 |
We present a new secret-prefix MAC (Message Authentication Code) based on hash functions. Just like the well-known HMAC algorithm, the new MAC can utilize current hash functions without modifying their Merkle-Damgård implementations. Indeed, the new MAC is almost the same as HMAC except that the second call to the secret key, which is made at the finalization stage, is omitted . In this way we not only increase efficiency over HMAC but also reduce the cost of managing the key, as the new MAC invokes a key only once at the initialization stage, and the rest of the process depends solely on incoming data. We give a rigorous security proof of the new MAC algorithm. Like HMAC, our new MAC is proven to be a secure PRF (Pseudo-Random Function) based on a reasonable assumption about the underlying compression function. In theory our assumption is neither stronger nor weaker than the PRF-type compression-function requirement for the PRF security of HMAC. In practice our assumption looks somewhat similar to the PRF-type requirement for the security of HMAC.