[cryptography] "stream MAC" - does anything like it exist?
James A. Donald
jamesd at echeque.com
Sun Sep 12 18:37:38 EDT 2010
On 2010-09-13 8:03 AM, Steven Bellovin wrote:
> I confess I'm not sure I understand what properties you're actually
> looking forthat aren't handled by the truncated MAC you describe.
> (I'd also that unless your frames are very small, truncation doesn't
> buy you much.) Are you looking for chaining properties between frames?
> What are they? (Stream ciphers don't have such, of course.) Do you
> want to MAC each frame with some probability, then get a strong MAC
> on a group of frames? I note that no matter the algorithm, the basic
> properties are pretty obvious: if you have an N-bit authentication
> field, the odds on a random field being accepted are 2^-N. What else
> do you want?
What he wants is the that probability is cumulative - that each short
field not only validates the latest packet, but strengthens the
probability that all previous accepted packets were correct.
More information about the cryptography