Paper 2024/928

The Committing Security of MACs with Applications to Generic Composition

Ritam Bhaumik, EPFL, Switzerland
Bishwajit Chakraborty, Nanyang Technological University, Singapore
Wonseok Choi, Purdue University, West Lafayette, IN, USA
Avijit Dutta, Institute for Advancing Intelligence, TCG CREST, India
Jérôme Govinden, Technische Universität Darmstadt, Germany
Yaobin Shen, School of Informatics, Xiamen University, Xiamen, China

Message Authentication Codes (MACs) are ubiquitous primitives deployed in multiple flavors through standards such as HMAC, CMAC, GMAC, LightMAC, and many others. Its versatility makes it an essential building block in applications necessitating message authentication and integrity checks, in authentication protocols, authenticated encryption schemes, or as a pseudorandom or key derivation function. Its usage in this variety of settings makes it susceptible to a broad range of attack scenarios. The latest attack trends leverage a lack of commitment or context-discovery security in AEAD schemes and these attacks are mainly due to the weakness in the underlying MAC part. However, these new attack models have been scarcely analyzed for MACs themselves. This paper provides a thorough treatment of MACs committing and context-discovery security. We reveal that commitment and context-discovery security of MACs have their own interest by highlighting real-world vulnerable scenarios. We formalize the required security notions for MACs, and analyze the security of standardized MACs for these notions. Additionally, as a constructive application, we analyze generic AEAD composition and provide simple and efficient ways to build committing and context-discovery secure AEADs.

Available format(s)
Secret-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2024
Contact author(s)
ritam bhaumik @ epfl ch
bishwajit chakrabort @ ntu edu sg
wonseok @ purdue edu
avijit dutta @ tcgcrest org
jerome govinden @ tu-darmstadt de
yaobin shen @ xmu edu cn
2024-06-12: revised
2024-06-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ritam Bhaumik and Bishwajit Chakraborty and Wonseok Choi and Avijit Dutta and Jérôme Govinden and Yaobin Shen},
      title = {The Committing Security of {MACs} with Applications to Generic Composition},
      howpublished = {Cryptology ePrint Archive, Paper 2024/928},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.