[Cryptography] Perfect Integrity?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Aug 5 05:01:40 EDT 2018
Peter Fairbrother <peter at tsto.co.uk> writes:
>A one-bit W-C MAC will give an attacker no advantage in guessing the bit -
>but he will still have a 50% chance of guessing right.
>
>For information-theoretic security the MAC has to be as long as the message.
>I think.
Depends on the circumstances. Lets say the MAC is being used as part of an
alarm circuit, where a keepalive is sent across the circuit every 50ms, with a
1-bit MAC attached. The attacker would have to guess the bit, then 50ms later
guess the next bit, then 50ms later guess the next one, etc. Get a single bit
wrong and you trigger the alarm.
Peter.
More information about the cryptography
mailing list