On committing security of PMAC, LightMAC, and UMAC
摘要
Recently, the concept of committing message authentication codes (MACs) was proposed at Crypto 2024, following the definition of committing authenticated encryption (AE). A secure committing MAC requires that it is infeasible for any adversary to find two different key and message pairs that generate the same tag. In this paper, we present committing attacks against PMAC, LightMAC, and UMAC, demonstrating that these MACs are not CMT secure. We also provide a CMT-K security proof for UMAC. Furthermore, we introduce two general methods for constructing one-key and two-key MACs with CMT-K security.