#DOWNLOAD MACFORGE MAC#
Any other concerns? Truncation attack! MacK(m1,…, 𝑚 𝑑−1 )= 𝑡 1 ,…, 𝑡 𝑑−1īuilding Block Π’=(Mac’,Vrfy’), a secure MAC for length n messages Attempt 3 Let m = m1,…,md where each mi is n bits and m has length ℓ=𝑛𝑑 Let 𝑡 𝑖 = Mac 𝐾 ′ 𝑖 ∥ℓ∥𝑚 𝑖 MacK(m)= 𝑡 1 ,…, 𝑡 𝑑 Addresses truncation.
Limitation: What if we want to authenticate a longer message?īuilding Block Π’=(Mac’,Vrfy’), a secure MAC for length n messages First: A few failed attempts Let m = m1,…,md where each mi is n bits and let 𝑡 𝑖 = Mac 𝐾 ′ 𝑚 𝑖 MacK(m)= 𝑡 1 ,…, 𝑡 𝑑 What is wrong? Block-reordering attack MacK(md,…, 𝑚 1 )= 𝑡 𝑑 ,…, 𝑡 1īuilding Block Π’=(Mac’,Vrfy’), a secure MAC for length n messages Attempt 2 Let m = m1,…,md where each mi is n bits and let 𝑡 𝑖 = Mac 𝐾 ′ 𝑖 ∥𝑚 𝑖 MacK(m)= 𝑡 1 ,…, 𝑡 𝑑 Addresses block-reordering attack. Mack (𝑚) =FK(𝑚) Vrfyk (𝑚,𝑡) = 1 if 𝑡=FK(𝑚) 0 otherwise Theorem 4.6: If F is a PRF then this is a secure (fixed-length) MAC for messages of length n. Run PPT Macforge adversary A When adversary queries with message m, respond with O(m) Output 1 if attacker wins (otherwise 0) If O = f then Pr 𝐷𝑂 1𝑛 =1 =Pr Macforge 𝐴, Π 𝑛 =1 ≤ 2 −𝑛 If O=FK then Pr 𝐷𝑂 1𝑛 =1 =Pr Macforge 𝐴,Π 𝑛 =1 >𝜇(𝑛) Proof: Start with attacker who breaks MAC security and build an attacker who breaks PRF security (contradiction!) Sufficient to start with attacker who breaks regular MAC security (why?)Ĩ Breaking MAC Security ( Macforge 𝐴,Π (𝑛))
#DOWNLOAD MACFORGE VERIFICATION#
Simply uses a secure PRF F Mack (𝑚) =FK(𝑚) Canonical Verification Algorithm… Vrfyk (𝑚,𝑡) = 1 if 𝑡=FK(𝑚) 0 otherwise
#DOWNLOAD MACFORGE CODE#
Presentation on theme: "Topic 10: Constructing Message Authentication Codes"- Presentation transcript:ġ Topic 10: Constructing Message Authentication CodesĬryptography CS 555 Topic 10: Constructing Message Authentication CodesĢ Reminder: Homework 1 Due on Friday (next class) at the beginning of class Please typeset your solutionsģ Recap Data Integrity Message Authentication Codes Side-Channel Attacksīuild Secure MACs Today’s Goals: Build a Secure MAC Key tool in Construction of CCA-Secure Encryption Schemes Construct CCA-Secure Encryption Schemeĭefinition 4.1: A message authentication code (MAC) consists of three algorithms Π= Gen, Mac, Vrfy Gen ( 1 𝑛 𝑅) (Key-generation algorithm) Input: security parameter 1n (unary) and random bits R Output: Secret key k∈𝒦 Mack (𝑚 𝑅) (Tag Generation algorithm) Input: Secret key k∈𝒦 and message m∈ℳ and random bits R Output: a tag t Vrfyk (𝑚,𝑡) (Verification algorithm) Input: Secret key k∈𝒦, a message m and a tag t Output: a bit b (b=1 means “valid” and b=0 means “invalid”) Vrfyk (𝑚, Mack (𝑚 𝑅) ) =1ĥ Strong MAC Authentication ( Macsforge 𝐴,Π (𝑛))
0 kommentar(er)
