Improving the Security of MACs Via Randomized Message Preprocessing

13 years 11 months ago
Improving the Security of MACs Via Randomized Message Preprocessing
Abstract. “Hash then encrypt” is an approach to message authentication, where first the message is hashed down using an ε-universal hash function, and then the resulting k-bit value is encrypted, say with a block-cipher. The security of this scheme is proportional to εq2 , where q is the number of MACs the adversary can request. As ε is at least 2−k , the best one can hope for is O(q2 /2k ) security. Unfortunately, such small ε is not achieved by simple hash functions used in practice, such as the polynomial evaluation or the Merkle-Damg˚ard construction, where ε grows with the message length L. The main insight of this work comes from the fact that, by using randomized message preprocessing via a short random salt p (which must then be sent as part of the authentication tag), we can use the “hash then encrypt” paradigm with suboptimal “practical” ε-universal hash functions, and still improve its exact security to optimal O(q2 /2k ). Specifically, by using at most...
Yevgeniy Dodis, Krzysztof Pietrzak
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where FSE
Authors Yevgeniy Dodis, Krzysztof Pietrzak
Comments (0)