So... Suppose I want a function to provide integrity and authentication, and that is to be combined with a stream cipher (as is the plaintext). I believe that authentication is free once I have integrity given the fact that the hash value is superencrypted using the stream cipher, whose key is shared by only the sender and recipient. I believe what I'm looking for is a strongly universal hash. I don't need much; everything I've seen is simultaneously too much and too little, often calling upon a block cipher, which seems redundant.
What I was thinking of doing was using Poly1305, and using the stream cipher instead of AES. I think in this case that I can leave the MAC exposed, since it's a MAC and not a hash. Is there an analogous, hash function that does not use encryption internally? Backing up a bit, are there simpler hash functions (or families of functions) that could scale and, given the stream cipher, do the job? For example, the wikipedia entry for UMAC* shows a very simple hash family, which is trivial to scale to give a desired security level |D|. So I have a couple of questions about it; first, is it appropriate to use in this circumstance? Second, how would I authenticate variable-length messages; do I merely break them up into sequential pieces and authenticate each piece seperately, or is there a way to authenticate the whole thing without using some other hash function? [*] http://en.wikipedia.org/wiki/UMAC I'd really like to read the fine literature, but most of the papers I've found appear to predate the web. Any URLs would be much appreciated. And for reading this whole email, you get a present: http://dsns.csie.nctu.edu.tw/research/crypto/ -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]