Paper 2004/309

The Power of Verification Queries in Message Authentication and Authenticated Encryption

Mihir Bellare, Oded Goldreich, and Anton Mityagin


This paper points out that, contrary to popular belief, allowing a message authentication adversary multiple verification attempts towards forgery is NOT equivalent to allowing it a single one, so that the notion of security that most message authentication schemes are proven to meet does not guarantee their security in practice. We then show, however, that the equivalence does hold for STRONG unforgeability. Based on this we recover security of popular classes of message authentication schemes such as MACs (including HMAC and PRF-based MACs) and CW-schemes. Furthermore, in many cases we do so with a TIGHT security reduction, so that in the end the news we bring is surprisingly positive given the initial negative result. Finally, we show analogous results for authenticated encryption.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
message authenticationauthenticated encryptionMACPRF
Contact author(s)
mihir @ cs ucsd edu
2004-11-18: revised
2004-11-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Oded Goldreich and Anton Mityagin},
      title = {The Power of Verification Queries in Message Authentication and Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2004/309},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.