A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
MDx-MAC and Building Fast MACs from Hash Functions
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Single-Key Domain Extender for Privacy-Preserving MACs and PRFs
Information Security and Cryptology --- ICISC 2008
ISC '09 Proceedings of the 12th International Conference on Information Security
"Sandwich" is indeed secure: how to authenticate a message with just one hashing
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Boosting Merkle-Damgård hashing for message authentication
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Single-key AIL-MACs from any FIL-MAC
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Hi-index | 0.00 |
HMAC is the internet standard for message authentication [BCK96, KBC97]. What distinguishes HMAC from other MAC algorithms is that it provides proofs of security assuming that the underlying cryptographic hash (e.g. SHA-1) has some reasonable properties. HMAC is efficient for long messages, however, for short messages the nested constructions results in a significant inefficiency. For example to MAC a message shorter than a block, HMAC requires at least two calls to the compression function rather than one.This inefficiency may be particularly high for some applications, like message authentication of signaling messages, where the individual messages may all fit within one or two blocks. Also for TCP/IP traffic it is well known that a large number of packets (e.g. acknowledgement) have sizes around 40 bytes which fit within a block of most cryptographic hashes. We propose an enhancement that allows both short and long messages to be message authenticated more efficiently than HMAC while also providing proofs of security. In particular, for a message smaller than a block our MAC only requires one call to the compression function.