David Wagner wrote:
Ed Gerck wrote:
(A required property of MACs is providing a uniform distribution of values for a
change in any of the input bits, which makes the above sequence extremely
improbable)
Not so. This is not a required property for a MAC.
(Not all MACs must be PRFs.)
Ed Gerck wrote:
Wei Dai wrote:
No matter how good the MAC design is, it's internal collision probability
is bounded by the inverse of the size of its internal state space.
Actually, for any two (different) messages the internal collision probability
is bounded by the inverse of the SQUARE of
Adam Back [EMAIL PROTECTED] wrote:
See for example Rogaway's arguments about limited value of
defending against extension forgery attacks in XCBC:
[... quote snipped ...]
http://csrc.nist.gov/encryption/modes/workshop2/presentations/xcbc.pdf
This doesn't contain the paragraph that you quoted,
Dear all,
The preliminary program for the STORK cryptography workshop is now available
on the STORK website, and is also included below for your information. The
most recent version is always available on the STORK website. May I also
remind you of the early registration deadline of 28 October.
On Thu, Oct 24, 2002 at 02:08:11AM -0700, Sidney Markowitz wrote:
[...] XCBC should be inherently resistant to extension forgery
attacks. The attack requires that the MAC have the property that
MAC(x) == MAC(y) implies that MAC(x||z) == MAC(y||z). In the case of
XCBC, because of the padding
There seems to be a question about whether:
1. the internal collision probability of a hash function is bounded by the
inverse of the size of its internal state space, or
2. the internal collision probability of a hash function is bounded by the
inverse of the square root of size of its
There seems to be a question about whether:
1. the internal collision probability of a hash function is bounded by the
inverse of the size of its internal state space, or
2. the internal collision probability of a hash function is bounded by the
inverse of the square root of size of its
... pls read this message with the edits below...
missing ^ in exp and the word WITHOUT...still no coffee...
David Wagner wrote:
Ed Gerck wrote:
Wei Dai wrote:
No matter how good the MAC design is, it's internal collision probability
is bounded by the inverse of the size of its internal