[cryptography] "stream MAC" - does anything like it exist?

Chris Palmer chris at noncombatant.org
Sun Sep 12 21:15:13 EDT 2010


James A. Donald writes:

> What he wants is the that probability is cumulative - that each short 
> field not only validates the latest packet, but strengthens the 
> probability that all previous accepted packets were correct.

Schneier and Kelsey described a potentially-similar-enough technique:

http://www.schneier.com/paper-auditlogs.pdf

In their case, they were verifying the integrity of a sequence of log
entries instead of media frames. But maybe that is close enough to Travis'
problem to be of use.

I agree with Bellovin that truncating the MAC is of little benefit except in
bandwidth-constrained applications --- truncating the MAC decreases its
protective power. There may be situations in which it's a fine trade-off, of
course.

This survey paper has more references:

http://www.cs.berkeley.edu/~archanag/publications/privacypaper.pdf


-- 
http://noncombatant.org/



More information about the cryptography mailing list