Serious Cryptography: A Practical Introduction to Modern Encryption by Aumasson Jean-Philippe

Author:Aumasson, Jean-Philippe [Aumasson, Jean-Philippe]
Language: eng
Format: azw3, epub
ISBN: 9781593278823
Publisher: No Starch Press
Published: 2017-11-21T05:00:00+00:00

The trick to authenticating multiple messages using a universal hash function arrived thanks to IBM researchers Wegman and Carter and their 1981 paper “New Hash Functions and Their Use in Authentication and Set Equality.” The so-called Wegman–Carter construction builds a MAC from a universal hash function and a PRF, using two keys, K1 and K2, and it returns

MAC(K1, K2, N, M) = UH(K1, M) + PRF(K2, N)

where N is a nonce that should be unique for each key, K2, and where PRF’s output is as large as that of the universal hash function UH. By adding these two values, PRF’s strong pseudorandom output masks the cryptographic weakness of UH. You can see this as the encryption of the universal hash’s result, where the PRF acts as a stream cipher and prevents the preceding attack by making it possible to authenticate multiple messages with the same key, K1.

To recap, the Wegman–Carter construction UH(K1, M) + PRF(K2, N) gives a secure MAC if we assume the following:

UH is a secure universal hash.

PRF is a secure PRF.

Each nonce N is used only once for each key K2.

The output values of UH and PRF are long enough to ensure high enough security.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.