Discussion forum for Cryptology ePrint Archive
reports posted in 2012
. Please put the report number in the subject.
2012/074 There is no flaw
Posted by: lindell
Date: 28 February 2012 05:42
There is no flaw whatsoever in the HMAC proof. The so-called flaw pointed out by Koblitz and Menezes is a standard proof in the non-uniform model (where adversaries are modeled as families of polynomial-size circuits, or equivalently as polynomial-time Turing machines with advice). This type of proof is known to anyone who has taken a basic theory of cryptography (or complexity) course, and the security guaranteed is based on the assumption that the underlying compression function is "secure" (as defined in the paper) for non-uniform adversaries.
It is a shame that some people do not have enough humility to first approach the authors and ask if there is or is not a mistake. I would also hope that other people in the community take this type of behavior as an example of what NOT to do. If you find a flaw in someone's proof (something that is not the case here), then send them a nice email. You will get a nice acknowledgement, you will be known as a gracious person, and you will have done something for science. This is much better than writing an entire paper about it and getting a line on your CV that isn't worth too much. You're better off spending your time doing new and productive research.
Edited 1 time(s). Last edit at 13-Mar-2012 13:18 by Orr.