Abstract
MAC striping intermixes a payload with its authentication tag, placing the bits used for message authentication in positions derived from a secret key. The use of MAC striping has been suggested to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as , when utilizing MAC striping with ℓ-bit payloads and m-bit tags. We show that this estimate is too optimistic. For and any payload, we achieve a selective forgery with probability , and usually many orders of magnitude more than that.
Original language | English |
---|---|
Journal | Information Processing Letters |
Volume | 115 |
Issue number | 11 |
Pages (from-to) | 899-902 |
Number of pages | 4 |
ISSN | 0020-0190 |
DOIs | |
Publication status | Published - 11.2015 |