(The exact security of) Message Authentication Codes (Record no. 373536)

000 -LEADER
fixed length control field 03852nam a22003137a 4500
003 - CONTROL NUMBER IDENTIFIER
control field AT-ISTA
005 - DATE AND TIME OF LATEST TRANSACTION
control field 20190813091454.0
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION
fixed length control field 180627s2017 aut||||| m||| 00| 0 eng d
040 ## - CATALOGING SOURCE
Transcribing agency IST
100 ## - MAIN ENTRY--PERSONAL NAME
Personal name Rybar, Michal
9 (RLIN) 4264
245 ## - TITLE STATEMENT
Title (The exact security of) Message Authentication Codes
260 ## - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT)
Name of publisher, distributor, etc. IST Austria
Date of publication, distribution, etc. 2017
500 ## - GENERAL NOTE
General note Thesis
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note Abstract<br/>
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note About the author
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note List of publications
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note List of abbreviations
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note 1 Introduction
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note 2 Preliminaries
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note 3 Message Authentication Codes
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note 4 Exact Security of HMAC
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note 5 Exact Security of PMAC
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note 6 Paper 1
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note 7 Paper 2
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note Bibliography
520 ## - SUMMARY, ETC.
Summary, etc. In this thesis we discuss the exact security of message authentications codes HMAC,<br/> NMAC, and PMAC. NMAC is a mode of operation which turns a fixed input-length keyed<br/> hash function f into a variable input-length function. A practical single-key variant of<br/> NMAC called HMAC is a very popular and widely deployed message authentication code<br/> (MAC). PMAC is a block-cipher based mode of operation, which also happens to be the<br/> most famous fully parallel MAC.<br/> NMAC was introduced by Bellare, Canetti and Krawczyk Crypto’96, who proved it to<br/> be a secure pseudorandom function (PRF), and thus also a MAC, under two assumptions.<br/> Unfortunately, for many instantiations of HMAC one of them has been found to be wrong.<br/> To restore the provable guarantees for NMAC, Bellare [Crypto’06] showed its security<br/> without this assumption.<br/> PMAC was introduced by Black and Rogaway at Eurocrypt 2002. If instantiated with<br/> a pseudorandom permutation over n-bit strings, PMAC constitutes a provably secure<br/> variable input-length PRF. For adversaries making q queries, each of length at most ` (in<br/> n-bit blocks), and of total length σ ≤ q`, the original paper proves an upper bound on<br/> the distinguishing advantage of O(σ 2 /2 n ), while the currently best bound is O(qσ/2 n ). In<br/> this work we show that this bound is tight by giving an attack with advantage Ω(q 2 `/2 n ).<br/> In the PMAC construction one initially XORs a mask to every message block, where the<br/> mask for the ith block is computed as τ i := γ i · L, where L is a (secret) random value,<br/> and γ i is the i-th codeword of the Gray code. Our attack applies more generally to any<br/> sequence of γ i ’s which contains a large coset of a subgroup of GF (2 n ).<br/> As for NMAC, our first contribution is a simpler and uniform proof: If f is an ε-secure<br/> PRF (against q queries) and a δ-non-adaptively secure PRF (against q queries), then<br/> NMAC f is an (ε + `qδ)-secure PRF against q queries of length at most ` blocks each. We<br/> also show that this ε + `qδ bound is basically tight by constructing an f for which an<br/> attack with advantage `qδ exists.<br/> Moreover, we analyze the PRF-security of a modification of NMAC called NI by An and<br/> Bellare that avoids the constant rekeying on multi-block messages in NMAC and allows<br/> for an information-theoretic analysis. We carry out such an analysis, obtaining a tight<br/> `q 2 /2 c bound for this step, improving over the trivial bound of ` 2 q 2 /2 c .<br/> Finally, we investigate, if the security of PMAC can be further improved by using τ i ’s<br/> that are k-wise independent, for k > 1 (the original has k = 1). We observe that the<br/> security of PMAC will not increase in general if k = 2, and then prove that the security<br/> increases to O(q 2 /2 n ), if the k = 4. Due to simple extension attacks, this is the best<br/> bound one can hope for, using any distribution on the masks. Whether k = 3 is already<br/> sufficient to get this level of security is left as an open problem.
856 ## - ELECTRONIC LOCATION AND ACCESS
Uniform Resource Identifier <a href="https://doi.org/10.15479/at:ista:th_828">https://doi.org/10.15479/at:ista:th_828</a>
942 ## - ADDED ENTRY ELEMENTS (KOHA)
Source of classification or shelving scheme
Holdings
Withdrawn status Lost status Source of classification or shelving scheme Damaged status Not for loan Permanent Location Current Location Date acquired Barcode Date last seen Price effective from Koha item type
  Not Lost       Library Library 2018-06-27 AT-ISTA#001526 2018-11-06 2018-06-27 Book

Powered by Koha