Re: [Cfrg] UMAC draft version 06
"D. J. Bernstein" <djb@cr.yp.to> Thu, 20 October 2005 08:17 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ESVbr-0001T3-8U; Thu, 20 Oct 2005 04:17:11 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ESVbp-0001Sw-LO for cfrg@megatron.ietf.org; Thu, 20 Oct 2005 04:17:09 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA23836 for <cfrg@ietf.org>; Thu, 20 Oct 2005 04:16:59 -0400 (EDT)
Received: from stoneport.math.uic.edu ([131.193.178.160]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1ESVni-0007FY-KT for cfrg@ietf.org; Thu, 20 Oct 2005 04:29:27 -0400
Received: (qmail 68176 invoked by uid 1016); 20 Oct 2005 08:17:29 -0000
Date: Thu, 20 Oct 2005 08:17:29 -0000
Message-ID: <20051020081729.68175.qmail@cr.yp.to>
Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html.
From: "D. J. Bernstein" <djb@cr.yp.to>
To: cfrg@ietf.org
Subject: Re: [Cfrg] UMAC draft version 06
References: <20051019084840.22903.qmail@cr.yp.to> <Pine.GSO.4.44_heb2.09.0510191718160.28450-100000@ee.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Sender: cfrg-bounces@ietf.org
Errors-To: cfrg-bounces@ietf.org
Hugo Krawczyk writes: > There were NO no new security claims nor new proofs since Ted's thesis > which has been in the public domain since 2000 False. Consider, for example, the following security claim appearing in draft-krovetz-umac-05.txt, shortly after the claim that UMAC ``has been rigorously proven to be secure'': When UMAC produces 32-, 64-, 96- or 128-bit tags, the probability that an attacker can produce a correct tag for any message of its choosing is no more than 1/2^30, 1/2^60, 1/2^90 or 1/2^120, respectively. This is just one of many UMAC security claims that did not appear in the 2000 Krovetz thesis. In fact, if you look at the Krovetz thesis, you won't find _any_ proofs of bounds on UMAC forgery probabilities! As David Wagner put it: ``There are some claims and proofs about the UMAC 2-universal hash, but that's just a component in the UMAC authentication scheme.'' Let me also emphasize that the above security claim is false. I've already given a detailed explanation of a fast attack that indisputably has much larger success probability against UMAC-128. This is an illustration of the importance of reviewing security claims. > The only adjustment we did recently is to move our PRF-based > quantification to PRP-based using your recent results. No, that's not the only ``adjustment'' you did recently. You've removed quite a few false and questionable security claims---while failing to state for the record that you are no longer making those claims---and replaced them with different security claims. The new claims need review, just as the old ones did. ---D. J. Bernstein, Professor, Mathematics, Statistics, and Computer Science, University of Illinois at Chicago _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] UMAC draft version 06 David McGrew
- Re: [Cfrg] UMAC draft version 06 D. J. Bernstein
- [Cfrg] UMAC draft version 06 David Wagner
- Re: [Cfrg] UMAC draft version 06 John Wilkinson
- Re: [Cfrg] UMAC draft version 06 canetti
- Re: [Cfrg] UMAC draft version 06 D. J. Bernstein
- Re: [Cfrg] UMAC draft version 06 canetti
- Re: [Cfrg] UMAC draft version 06 D. J. Bernstein
- Re: [Cfrg] UMAC draft version 06 Hugo Krawczyk
- Re: [Cfrg] UMAC draft version 06 canetti
- Re: [Cfrg] UMAC draft version 06 D. J. Bernstein
- Re: [Cfrg] UMAC draft version 06 D. J. Bernstein
- Re: [Cfrg] UMAC draft version 06 Ted Krovetz
- [Cfrg] UMAC draft version 06 David Wagner
- Re: [Cfrg] UMAC draft version 06 D. J. Bernstein
- Re: [Cfrg] UMAC draft version 06 D. J. Bernstein
- [Cfrg] UMAC draft version 06 David Wagner
- Re: [Cfrg] UMAC draft version 06 canetti