Abstract
MAC striping intermixes a payload with its authentication tag, placing the bits used for message authentication in positions derived from a secret key. The use of MAC striping has been suggested to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as , when utilizing MAC striping with ℓ-bit payloads and m-bit tags. We show that this estimate is too optimistic. For and any payload, we achieve a selective forgery with probability , and usually many orders of magnitude more than that.
Originalsprache | Englisch |
---|---|
Zeitschrift | Information Processing Letters |
Jahrgang | 115 |
Ausgabenummer | 11 |
Seiten (von - bis) | 899-902 |
Seitenumfang | 4 |
ISSN | 0020-0190 |
DOIs | |
Publikationsstatus | Veröffentlicht - 11.2015 |