<p>Recently, the concept of committing message authentication codes (MACs) was proposed at Crypto 2024, following the definition of committing authenticated encryption (AE). A secure committing MAC requires that it is infeasible for any adversary to find two different key and message pairs that generate the same tag. In this paper, we present committing attacks against PMAC, LightMAC, and UMAC, demonstrating that these MACs are not CMT secure. We also provide a CMT-K security proof for UMAC. Furthermore, we introduce two general methods for constructing one-key and two-key MACs with CMT-K security.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

On committing security of PMAC, LightMAC, and UMAC

  • Yan Jia,
  • Xueqi Zhu,
  • Peng Wang,
  • Lei Hu

摘要

Recently, the concept of committing message authentication codes (MACs) was proposed at Crypto 2024, following the definition of committing authenticated encryption (AE). A secure committing MAC requires that it is infeasible for any adversary to find two different key and message pairs that generate the same tag. In this paper, we present committing attacks against PMAC, LightMAC, and UMAC, demonstrating that these MACs are not CMT secure. We also provide a CMT-K security proof for UMAC. Furthermore, we introduce two general methods for constructing one-key and two-key MACs with CMT-K security.