1 CIS 5371 Cryptography 4. Message Authentication Codes B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography
2 Message Authentication Codes
3 Definition 4.1 Message Authentication Code
4
5 Definition Secure MAC
6 Construction 4.3 A fixed length MAC from any PRF
7 Theorem 4.4
8 A secure fixed length MAC Proof
9 Distinguisher D
10 Distinguisher D
11 Distinguisher D
12 Replay atta cks
13 Construction 4.5 A variable length MAC
14 Theorem 4.6
15 Construction 4.9 CBC- MAC
16 Theorem 4.10
17 CBC-MAC vs CBC-mode encryption 1.CBC-mode encryption uses a random IV. If we use a random IV for CBS-MAC then we lose security. 2.In CBC-mode encryption all encrypted blocks are output as part of the ciphertext. This is not the case with CBC-MAC. If we do so we loose security.
18 Secure CBC-MAC for variable length messages – three options
19 Variable length CBC-MAC