Cryptology ePrint Archive: Report 2004/309

The Power of Verification Queries in Message Authentication and Authenticated Encryption

Mihir Bellare and Oded Goldreich and Anton Mityagin

Abstract: This paper points out that, contrary to popular belief, allowing a message authentication adversary multiple verification attempts towards forgery is NOT equivalent to allowing it a single one, so that the notion of security that most message authentication schemes are proven to meet does not guarantee their security in practice. We then show, however, that the equivalence does hold for STRONG unforgeability. Based on this we recover security of popular classes of message authentication schemes such as MACs (including HMAC and PRF-based MACs) and CW-schemes. Furthermore, in many cases we do so with a TIGHT security reduction, so that in the end the news we bring is surprisingly positive given the initial negative result. Finally, we show analogous results for authenticated encryption.

Category / Keywords: secret-key cryptography / message authentication, authenticated encryption, MAC, PRF

Date: received 16 Nov 2004, last revised 18 Nov 2004

Contact author: mihir at cs ucsd edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20041118:175249 (All versions of this report)

Short URL: ia.cr/2004/309

Discussion forum: Show discussion | Start new discussion