[cryptography] "stream MAC" - does anything like it exist?

James A. Donald jamesd at echeque.com
Sat Sep 11 01:10:46 EDT 2010


On 2010-09-11 4:06 AM, travis+ml-rbcryptography at subspacefield.org wrote:
> So there's an obvious (though imperfect) analogy between block ciphers
> and, say, HMAC.  Imperfect because authentication always seems to
> involve metadata.
>
> But is there a MAC analog to a stream cipher?  That is, something
> where you can spend a few bits authenticating each frame of a movie,
> or sound sample, for example, and have some probabilistic chance of
> detecting alteration at each frame.  I suppose it could also have uses
> with, say, an interactive SSH session, where each keystroke might be
> sent in its own packet.
>
> The closest thing I can think of is doing a truncated MAC on each
> frame.  Looking at HMAC, it looks like you could leave the inner hash
> running while also finalizing it for each frame (assuming your library
> supports this), so that you could keep it open to feed the next frame
> to it - this allows each truncated MAC to attest to the authenticity
> of prior frames, which might or might not allow you to get by with
> fewer bits of MAC per frame in certain applications (details of which
> are complicated and not particularly germane to this query).

If you want to authenticate each fragment, you are probably doing 
something real time - video instant messaging, or voice instant 
messaging, in which case you need authentication to be resilient against 
dropped fragments.

Authentication delayed several round trips is probably acceptable. 
Sound or video delayed several round trips is not.

So you could send voice and image using an unreliable protocol, with a 
CRC checksum inside the encryption in each packet, notify the other end 
what got through using a reliable protocol, and receive a 
cryptographically strong authentication for what made it through using a 
reliable protocol, with a standard authentication for each 16384 bit 
block of data that got through.



More information about the cryptography mailing list