Cryptology ePrint Archive: Report 2019/404

Efficient Message Authentication Codes with Combinatorial Group Testing

Kazuhiko Minematsu

Abstract: Message authentication code, MAC for short, is a symmetric-key cryptographic function for authenticity. A standard MAC verification only tells whether the message is valid or invalid, and thus we can not identify which part is corrupted in case of invalid message. In this paper we study a class of MAC functions that enables to identify the part of corruption, which we call group testing MAC (GTM). This can be seen as an application of a classical (non-adaptive) combinatorial group testing to MAC. Although the basic concept of GTM (or its keyless variant) has been proposed in various application areas, such as data forensics and computer virus testing, they rather treat the underlying MAC function as a black box, and exact computation cost for GTM seems to be overlooked. In this paper, we study the computational aspect of GTM, and show that a simple yet non-trivial extension of parallelizable MAC (PMAC) enables $O(m+t)$ computation for $m$ data items and $t$ tests, irrespective of the underlying test matrix we use, under a natural security model. This greatly improves efficiency from naively applying a black-box MAC for each test, which requires $O(mt)$ time. Based on existing group testing methods, we also present experimental results of our proposal and observe that ours runs as fast as taking single MAC tag, with speed-up from the conventional method by factor around 8 to 15 for $m=10^4$ to $10^5$ items.

Category / Keywords: secret-key cryptography / Message authentication code, Combinatorial group testing, Data corruption, Provable security.

Original Publication (with minor differences): ESORICS 2015

Date: received 17 Apr 2019, last revised 24 Apr 2019

Contact author: k-minematsu at ah jp nec com

Available format(s): PDF | BibTeX Citation

Note: Minor corrections on technical backgrounds, tables and figures.

Version: 20190425:013939 (All versions of this report)

Short URL: ia.cr/2019/404


[ Cryptology ePrint archive ]