Re: [Cfrg] VMAC Internet-Draft Available
Ted Krovetz <tdk@acm.org> Thu, 03 May 2007 16:12 UTC
Return-path: <cfrg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hjduu-0003Dn-UO; Thu, 03 May 2007 12:12:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hjdus-0003DX-SR for cfrg@ietf.org; Thu, 03 May 2007 12:12:26 -0400
Received: from smtp106.sbc.mail.mud.yahoo.com ([68.142.198.205]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Hjdur-0006jA-FT for cfrg@ietf.org; Thu, 03 May 2007 12:12:26 -0400
Received: (qmail 56954 invoked from network); 3 May 2007 16:12:24 -0000
Received: from unknown (HELO ?192.168.0.101?) (krovetz@sbcglobal.net@71.142.234.148 with plain) by smtp106.sbc.mail.mud.yahoo.com with SMTP; 3 May 2007 16:12:24 -0000
X-YMail-OSG: d33cGqQVM1lTeNYmZ9bniZU0q1sRdW6xUWQZlAfPUqdJ2.LHouP.hKqp03Gs.O8DR4VcSMILNg--
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: <5418320A-6B46-4190-85EC-B1E0C29490C7@cisco.com>
References: <7DCE3EFF-BA9C-46E5-80C9-06A020E02AF7@acm.org> <5418320A-6B46-4190-85EC-B1E0C29490C7@cisco.com>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <261AF02F-39C7-43FA-B375-FE53B6618D9E@acm.org>
Content-Transfer-Encoding: 7bit
From: Ted Krovetz <tdk@acm.org>
Subject: Re: [Cfrg] VMAC Internet-Draft Available
Date: Thu, 03 May 2007 09:12:26 -0700
To: cfrg@ietf.org
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
Hi David, > I do have a quick question, though. What would change if the high > level structure were modified to something like Tag = F_K2(H_K1 > (M))? As you probably guessed, the reason that I ask is that I > believe that there are applications that would be interested in > alternatives to HMAC, but which would prefer to use a MAC that does > not require a sequence number. Two things, really only affecting short-tag macs: 1) Speed on short messages. Because I use only half an AES output per VMAC-64 mac tag, VMAC can save a hundred or so cycles on average by caching AES outputs on sequential nonces. Your suggestion wouldn't allow this kind of caching. 2) Birthday bound. F_K2(H_K1(M)) gives away knowledge of hash collisions when they happen. If we define this as failure, then over q tags, failure occurs with probability around (q(q-1)/2) \epsilon for an \epsilon-AU hash family. These issues are really only relevant for VMAC-64 and UMAC-32/64/96. For VMAC/UMAC-128, \epsilon is low enough to tolerate the birthday bound and AES caching is not possible. So, my next project is to look at constructing a universal-hash-based incarnation of Phil's SIV mode (which is essentially F_K2(H_K1(M)) on steroids). Something should come out this summer. -Ted _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] VMAC Internet-Draft Available Ted Krovetz
- Re: [Cfrg] VMAC Internet-Draft Available David McGrew
- Re: [Cfrg] VMAC Internet-Draft Available Ted Krovetz
- Re: [Cfrg] VMAC Internet-Draft Available Wei Dai