On the security margin of MAC striping

Thomas Eisenbarth, Aaron Meyerowitz, Rainer Steinwandt


MAC striping intermixes a payload with its authentication tag, placing the bits used for message authentication in positions derived from a secret key. The use of MAC striping has been suggested to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as , when utilizing MAC striping with ℓ-bit payloads and m-bit tags. We show that this estimate is too optimistic. For and any payload, we achieve a selective forgery with probability , and usually many orders of magnitude more than that.
Original languageEnglish
JournalInformation Processing Letters
Issue number11
Pages (from-to)899-902
Number of pages4
Publication statusPublished - 11.2015


Dive into the research topics of 'On the security margin of MAC striping'. Together they form a unique fingerprint.

Cite this