Why is RMAC resistant to birthday attacks?

Sidney Markowitz sidney at sidney.com
Tue Oct 22 21:53:37 EDT 2002

Ed Gerck <egerck at nma.com> wrote:
> A minor nit, but sometimes looking into why
> things were devised is helpful.
> What I explained can be found in
> http://csrc.nist.gov/encryption/modes/workshop2/report.pdf

Thank you, that was really helpful in seeing the motivation for the work that led to
the NIST draft paper. The way I read it now, he includes a justification for block
cipher based MACs in general, then presents his RMAC, which he devised to deal with
the effect of the birthday surprise on the work factor of the forged extension attack
on other block cipher based MACS.

  -- sidney

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list