Why is RMAC resistant to birthday attacks?
Sidney Markowitz
sidney at sidney.com
Tue Oct 22 21:53:37 EDT 2002
Ed Gerck <egerck at nma.com> wrote:
> A minor nit, but sometimes looking into why
> things were devised is helpful.
> What I explained can be found in
> http://csrc.nist.gov/encryption/modes/workshop2/report.pdf
Thank you, that was really helpful in seeing the motivation for the work that led to
the NIST draft paper. The way I read it now, he includes a justification for block
cipher based MACs in general, then presents his RMAC, which he devised to deal with
the effect of the birthday surprise on the work factor of the forged extension attack
on other block cipher based MACS.
-- sidney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list