Message authentication, revisited

Yevgeniy Dodis, Eike Kiltz, Krzysztof Pietrzak, Daniel Wichs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Traditionally, symmetric-key message authentication codes (MACs) are easily built from pseudorandom functions (PRFs). In this work we propose a wide variety of other approaches to building efficient MACs, without going through a PRF first. In particular, unlike deterministic PRF-based MACs, where each message has a unique valid tag, we give a number of probabilistic MAC constructions from various other primitives/assumptions. Our main results are summarized as follows: We show several new probabilistic MAC constructions from a variety of general assumptions, including CCA-secure encryption, Hash Proof Systems and key-homomorphic weak PRFs. By instantiating these frameworks under concrete number theoretic assumptions, we get several schemes which are more efficient than just using a state-of-the-art PRF instantiation under the corresponding assumption. For probabilistic MACs, unlike deterministic ones, unforgeability against a chosen message attack (uf-cma ) alone does not imply security if the adversary can additionally make verification queries (uf-cmva ). We give an efficient generic transformation from any uf-cma secure MAC which is "message-hiding" into a uf-cmva secure MAC. This resolves the main open problem of Kiltz et al. from Eurocrypt'11; By using our transformation on their constructions, we get the first efficient MACs from the LPN assumption. While all our new MAC constructions immediately give efficient actively secure, two-round symmetric-key identification schemes, we also show a very simple, three-round actively secure identification protocol from any weak PRF. In particular, the resulting protocol is much more efficient than the trivial approach of building a regular PRF from a weak PRF.

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Pages355-374
Number of pages20
Volume7237 LNCS
DOIs
StatePublished - 2012
Event31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2012 - Cambridge, United Kingdom
Duration: Apr 15 2012Apr 19 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7237 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2012
CountryUnited Kingdom
CityCambridge
Period4/15/124/19/12

Fingerprint

Message Authentication
Message Authentication Code
Pseudorandom Function
Authentication
Attack
Network protocols
Identification Scheme
Proof System
Homomorphic
Encryption
Cryptography
Immediately
Open Problems
Resolve
Trivial

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., Kiltz, E., Pietrzak, K., & Wichs, D. (2012). Message authentication, revisited. In Advances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (Vol. 7237 LNCS, pp. 355-374). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7237 LNCS). https://doi.org/10.1007/978-3-642-29011-4_22

Message authentication, revisited. / Dodis, Yevgeniy; Kiltz, Eike; Pietrzak, Krzysztof; Wichs, Daniel.

Advances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 7237 LNCS 2012. p. 355-374 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7237 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, Kiltz, E, Pietrzak, K & Wichs, D 2012, Message authentication, revisited. in Advances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. vol. 7237 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7237 LNCS, pp. 355-374, 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2012, Cambridge, United Kingdom, 4/15/12. https://doi.org/10.1007/978-3-642-29011-4_22
Dodis Y, Kiltz E, Pietrzak K, Wichs D. Message authentication, revisited. In Advances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 7237 LNCS. 2012. p. 355-374. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-29011-4_22
Dodis, Yevgeniy ; Kiltz, Eike ; Pietrzak, Krzysztof ; Wichs, Daniel. / Message authentication, revisited. Advances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 7237 LNCS 2012. pp. 355-374 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{535ef6b9b5594079ae22ed787d5dc5a9,
title = "Message authentication, revisited",
abstract = "Traditionally, symmetric-key message authentication codes (MACs) are easily built from pseudorandom functions (PRFs). In this work we propose a wide variety of other approaches to building efficient MACs, without going through a PRF first. In particular, unlike deterministic PRF-based MACs, where each message has a unique valid tag, we give a number of probabilistic MAC constructions from various other primitives/assumptions. Our main results are summarized as follows: We show several new probabilistic MAC constructions from a variety of general assumptions, including CCA-secure encryption, Hash Proof Systems and key-homomorphic weak PRFs. By instantiating these frameworks under concrete number theoretic assumptions, we get several schemes which are more efficient than just using a state-of-the-art PRF instantiation under the corresponding assumption. For probabilistic MACs, unlike deterministic ones, unforgeability against a chosen message attack (uf-cma ) alone does not imply security if the adversary can additionally make verification queries (uf-cmva ). We give an efficient generic transformation from any uf-cma secure MAC which is {"}message-hiding{"} into a uf-cmva secure MAC. This resolves the main open problem of Kiltz et al. from Eurocrypt'11; By using our transformation on their constructions, we get the first efficient MACs from the LPN assumption. While all our new MAC constructions immediately give efficient actively secure, two-round symmetric-key identification schemes, we also show a very simple, three-round actively secure identification protocol from any weak PRF. In particular, the resulting protocol is much more efficient than the trivial approach of building a regular PRF from a weak PRF.",
author = "Yevgeniy Dodis and Eike Kiltz and Krzysztof Pietrzak and Daniel Wichs",
year = "2012",
doi = "10.1007/978-3-642-29011-4_22",
language = "English (US)",
isbn = "9783642290107",
volume = "7237 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "355--374",
booktitle = "Advances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

}

TY - GEN

T1 - Message authentication, revisited

AU - Dodis, Yevgeniy

AU - Kiltz, Eike

AU - Pietrzak, Krzysztof

AU - Wichs, Daniel

PY - 2012

Y1 - 2012

N2 - Traditionally, symmetric-key message authentication codes (MACs) are easily built from pseudorandom functions (PRFs). In this work we propose a wide variety of other approaches to building efficient MACs, without going through a PRF first. In particular, unlike deterministic PRF-based MACs, where each message has a unique valid tag, we give a number of probabilistic MAC constructions from various other primitives/assumptions. Our main results are summarized as follows: We show several new probabilistic MAC constructions from a variety of general assumptions, including CCA-secure encryption, Hash Proof Systems and key-homomorphic weak PRFs. By instantiating these frameworks under concrete number theoretic assumptions, we get several schemes which are more efficient than just using a state-of-the-art PRF instantiation under the corresponding assumption. For probabilistic MACs, unlike deterministic ones, unforgeability against a chosen message attack (uf-cma ) alone does not imply security if the adversary can additionally make verification queries (uf-cmva ). We give an efficient generic transformation from any uf-cma secure MAC which is "message-hiding" into a uf-cmva secure MAC. This resolves the main open problem of Kiltz et al. from Eurocrypt'11; By using our transformation on their constructions, we get the first efficient MACs from the LPN assumption. While all our new MAC constructions immediately give efficient actively secure, two-round symmetric-key identification schemes, we also show a very simple, three-round actively secure identification protocol from any weak PRF. In particular, the resulting protocol is much more efficient than the trivial approach of building a regular PRF from a weak PRF.

AB - Traditionally, symmetric-key message authentication codes (MACs) are easily built from pseudorandom functions (PRFs). In this work we propose a wide variety of other approaches to building efficient MACs, without going through a PRF first. In particular, unlike deterministic PRF-based MACs, where each message has a unique valid tag, we give a number of probabilistic MAC constructions from various other primitives/assumptions. Our main results are summarized as follows: We show several new probabilistic MAC constructions from a variety of general assumptions, including CCA-secure encryption, Hash Proof Systems and key-homomorphic weak PRFs. By instantiating these frameworks under concrete number theoretic assumptions, we get several schemes which are more efficient than just using a state-of-the-art PRF instantiation under the corresponding assumption. For probabilistic MACs, unlike deterministic ones, unforgeability against a chosen message attack (uf-cma ) alone does not imply security if the adversary can additionally make verification queries (uf-cmva ). We give an efficient generic transformation from any uf-cma secure MAC which is "message-hiding" into a uf-cmva secure MAC. This resolves the main open problem of Kiltz et al. from Eurocrypt'11; By using our transformation on their constructions, we get the first efficient MACs from the LPN assumption. While all our new MAC constructions immediately give efficient actively secure, two-round symmetric-key identification schemes, we also show a very simple, three-round actively secure identification protocol from any weak PRF. In particular, the resulting protocol is much more efficient than the trivial approach of building a regular PRF from a weak PRF.

UR - http://www.scopus.com/inward/record.url?scp=84859941399&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84859941399&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-29011-4_22

DO - 10.1007/978-3-642-29011-4_22

M3 - Conference contribution

SN - 9783642290107

VL - 7237 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 355

EP - 374

BT - Advances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

ER -