Message Authentication Codes (MACs)
Questions And Answers With Verified
Solutions 100% Correct Latest Update.
CBC-MAC - ANSWER
Definition of message authentication code (MAC)... - ANSWER It's a triple
of effiecient algorithms (G, S, V) where:
+ Key generation algorithm: G(1^n) generates akey with security param n.
+ Signing algorithm: S(k, m) generates a tag t for message m and key k.(H_k(m))
+ The verification algorithm: V(k,m,t) output accept or reject
+ For all mesages m and all keys l, S and V must satisfy
+ V(k,m, S(k, m) ) -> accept (correctness property)
Message authentication code (MAC) provides... (for security goals) - ANSWER
data integrity and data origin authentication in the private key setting
Understanding of MAC by Alice and Bob.. - ANSWER - Alice and Bob share
a secret key k
- Alice cimputes t = H_k(m) and send (m, t) to Bob
- Bob receives (m', t') and check that t' = H_k(m')
- if t' = H_k(m'), Bob has confidence that:
+ m' = m (and t' = t) => data integrity
+ (m, t) was sent by Alice => data origin authentication
A MAC is secure if... - ANSWER given polynomially many message-tag
pairs (m_i, H_k(m_i)), it is computationally infeasible to generate a new message-
tag pair (m, H_k(m)) for any new message with non-negligible probability
Such a MAC is said to be "existentially unforeable" against chosen-message attacks
MAC: existential forgery... - ANSWER an adversary can create a valid
message-tag pair for some message (doesn't matter what m is)
MAC: selective forgery... - ANSWER an adversary can create a valid
message-tag pair for a chosen message m (selected by him before the attack)
MAC: universal forgery... - ANSWER an adversary can create a valid
message-tag pair for a any message m
Questions And Answers With Verified
Solutions 100% Correct Latest Update.
CBC-MAC - ANSWER
Definition of message authentication code (MAC)... - ANSWER It's a triple
of effiecient algorithms (G, S, V) where:
+ Key generation algorithm: G(1^n) generates akey with security param n.
+ Signing algorithm: S(k, m) generates a tag t for message m and key k.(H_k(m))
+ The verification algorithm: V(k,m,t) output accept or reject
+ For all mesages m and all keys l, S and V must satisfy
+ V(k,m, S(k, m) ) -> accept (correctness property)
Message authentication code (MAC) provides... (for security goals) - ANSWER
data integrity and data origin authentication in the private key setting
Understanding of MAC by Alice and Bob.. - ANSWER - Alice and Bob share
a secret key k
- Alice cimputes t = H_k(m) and send (m, t) to Bob
- Bob receives (m', t') and check that t' = H_k(m')
- if t' = H_k(m'), Bob has confidence that:
+ m' = m (and t' = t) => data integrity
+ (m, t) was sent by Alice => data origin authentication
A MAC is secure if... - ANSWER given polynomially many message-tag
pairs (m_i, H_k(m_i)), it is computationally infeasible to generate a new message-
tag pair (m, H_k(m)) for any new message with non-negligible probability
Such a MAC is said to be "existentially unforeable" against chosen-message attacks
MAC: existential forgery... - ANSWER an adversary can create a valid
message-tag pair for some message (doesn't matter what m is)
MAC: selective forgery... - ANSWER an adversary can create a valid
message-tag pair for a chosen message m (selected by him before the attack)
MAC: universal forgery... - ANSWER an adversary can create a valid
message-tag pair for a any message m
