A Tight Bound for EMAC

نویسنده

  • Krzysztof Pietrzak
چکیده

We prove a new upper bound on the advantage of any adversary for distinguishing the encrypted CBC-MAC (EMAC) based on random permutations from a random function. Our proof uses techniques recently introduced in [BPR05], which again were inspired by [DGH04]. The bound we prove is tight — in the sense that it matches the advantage of known attacks up to a constant factor — for a wide range of the parameters: let n denote the block-size, q the number of queries the adversary is allowed to make and ` an upper bound on the length (i.e. number of blocks) of the messages, then for ` ≤ 2 and q ≥ ` the advantage is in the order of q/2 (and in particular independent of `). This improves on the previous bound of q` ln ln /2 from [BPR05] and matches the trivial attack (which thus is basically optimal) where one simply asks random queries until a collision is found.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Revisiting Structure Graph and Its Applications to CBC-MAC and EMAC

In Crypto’05, Bellare et al. proved O(`q/2) bound for the PRF (pseudorandom function) security of the CBC-MAC based on an n-bit random permutation Π, provided ` < 2. Here an adversary can make at most q prefix-free queries each having at most ` “blocks” (elements of {0, 1}). In the same paper O(`q/2) bound for EMAC (or encrypted CBC-MAC) was proved, provided ` < 2. Both proofs are based on stru...

متن کامل

Revisiting structure graphs: Applications to CBC-MAC and EMAC

In Crypto’05, Bellare et al. proved an O(lq/2) bound for the PRF (pseudorandom function) security of the CBC-MAC based on an n-bit random permutation Π, provided l < 2. Here an adversary can make at most q prefix-free queries each having at most l many “blocks” (elements of {0, 1}). In the same paper an O(lq/2) bound for EMAC (or encrypted CBC-MAC) was proved, provided l < 2. Both proofs are ba...

متن کامل

A bound for Feichtinger conjecture

In this paper‎, ‎using the discrete Fourier transform in the finite-dimensional Hilbert space C^n‎, ‎a class of nonRieszable equal norm tight frames is introduced ‎and‎ using this class, a bound for Fiechtinger Conjecture is presented. By the Fiechtinger Conjecture that has been proved recently, for given A,C>0 there exists a universal constant delta>0 independent of $n$ such that every C-equal...

متن کامل

On The Exact Security of Message Authentication Using Pseudorandom Functions

Traditionally, modes of Message Authentication Codes(MAC) such as Cipher Block Chaining (CBC) are instantiated using block ciphers or keyed Pseudo Random Permutations(PRP). However, one can also use domain preserving keyed Pseudo Random Functions(PRF) to instantiate MAC modes. The very first security proof of CBC-MAC [BKR00], essentially modeled the PRP as a PRF. Until now very little work has ...

متن کامل

Sharp Upper bounds for Multiplicative Version of Degree Distance and Multiplicative Version of Gutman Index of Some Products of Graphs

In $1994,$ degree distance  of a graph was introduced by Dobrynin, Kochetova and Gutman. And Gutman proposed the Gutman index of a graph in $1994.$ In this paper, we introduce the concepts of  multiplicative version of degree distance and the multiplicative version of Gutman index of a graph. We find the sharp upper bound for the  multiplicative version of degree distance and multiplicative ver...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006