[cryptography] "stream MAC" - does anything like it exist?

James A. Donald jamesd at echeque.com
Sun Sep 12 18:37:38 EDT 2010

On 2010-09-13 8:03 AM, Steven Bellovin wrote:
> I confess I'm not sure I understand what properties you're actually
> looking forthat aren't handled by the truncated MAC you describe.
> (I'd also that unless your frames are very small, truncation doesn't
> buy you much.)  Are you looking for chaining properties between frames?
> What are they?  (Stream ciphers don't have such, of course.)  Do you
> want to MAC each frame with some probability, then get a strong MAC
> on a group of frames?  I note that no matter the algorithm, the basic
> properties are pretty obvious: if you have an N-bit authentication
> field, the odds on a random field being accepted are 2^-N.  What else
> do you want?

What he wants is the that probability is cumulative - that each short 
field not only validates the latest packet, but strengthens the 
probability that all previous accepted packets were correct.

More information about the cryptography mailing list