David Wagner wrote:
> Ed Gerck wrote:
> >Wei Dai wrote:
> >> No matter how good the MAC design is, it's internal collision probability
> >> is bounded by the inverse of the size of its internal state space.
> >
> >Actually, for any two (different) messages the internal collision probability
> >
... pls read this message with the edits below...
missing "^" in exp and the word "WITHOUT"...still no coffee...
David Wagner wrote:
> Ed Gerck wrote:
> >Wei Dai wrote:
> >> No matter how good the MAC design is, it's internal collision probability
> >> is bounded by the inverse of the size of i
There seems to be a question about whether:
1. the internal collision probability of a hash function is bounded by the
inverse of the size of its internal state space, or
2. the internal collision probability of a hash function is bounded by the
inverse of the square root of size of its internal
> There seems to be a question about whether:
>
> 1. the internal collision probability of a hash function is bounded by the
> inverse of the size of its internal state space, or
>
> 2. the internal collision probability of a hash function is bounded by the
> inverse of the square root of size o
David Wagner wrote:
> > There seems to be a question about whether:
> >
> > 1. the internal collision probability of a hash function is bounded by the
> > inverse of the size of its internal state space, or
> >
> > 2. the internal collision probability of a hash function is bounded by the
> > i
On Thu, Oct 24, 2002 at 02:08:11AM -0700, Sidney Markowitz wrote:
> [...] XCBC should be inherently resistant to extension forgery
> attacks. The attack requires that the MAC have the property that
> MAC(x) == MAC(y) implies that MAC(x||z) == MAC(y||z). In the case of
> XCBC, because of the padding
Dear all,
The preliminary program for the STORK cryptography workshop is now available
on the STORK website, and is also included below for your information. The
most recent version is always available on the STORK website. May I also
remind you of the early registration deadline of 28 October. T
Adam Back <[EMAIL PROTECTED]> wrote:
> See for example Rogaway's arguments about limited value of
> defending against extension forgery attacks in XCBC:
[... quote snipped ...]
> http://csrc.nist.gov/encryption/modes/workshop2/presentations/xcbc.pdf
This doesn't contain the paragraph that you quot
Ed Gerck wrote:
>Wei Dai wrote:
>> No matter how good the MAC design is, it's internal collision probability
>> is bounded by the inverse of the size of its internal state space.
>
>Actually, for any two (different) messages the internal collision probability
>is bounded by the inverse of the SQUA
David Wagner wrote:
> Ed Gerck wrote:
> >(A required property of MACs is providing a uniform distribution of values for a
> >change in any of the input bits, which makes the above sequence extremely
> >improbable)
>
> Not so. This is not a required property for a MAC.
> (Not all MACs must be P
10 matches
Mail list logo
