Paper 2013/248

Another Look at Security Theorems for 1-Key Nested MACs

Neal Koblitz and Alfred Menezes

Abstract

We prove a security theorem without collision-resistance for a class of 1-key hash-function-based MAC schemes that includes HMAC and Envelope MAC. The proof has some advantages over earlier proofs: it is in the uniform model, it uses a weaker related-key assumption, and it covers a broad class of MACs in a single theorem. However, we also explain why our theorem is of doubtful value in assessing the real-world security of these MAC schemes. In addition, we prove a theorem assuming collision-resistance. From these two theorems we conclude that from a provable security standpoint there is little reason to prefer HMAC to Envelope MAC or similar schemes.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown status
Contact author(s)
ajmeneze @ uwaterloo ca
History
2013-12-24: last of 2 revisions
2013-05-03: received
See all versions
Short URL
https://ia.cr/2013/248
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/248,
      author = {Neal Koblitz and Alfred Menezes},
      title = {Another Look at Security Theorems for 1-Key Nested MACs},
      howpublished = {Cryptology ePrint Archive, Paper 2013/248},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/248}},
      url = {https://eprint.iacr.org/2013/248}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.