Re: Why is RMAC resistant to birthday attacks?

David Wagner wrote: Ed Gerck wrote: (A required property of MACs is providing a uniform distribution of values for a change in any of the input bits, which makes the above sequence extremely improbable) Not so. This is not a required property for a MAC. (Not all MACs must be PRFs.)

Re: Why is RMAC resistant to birthday attacks?

Ed Gerck wrote: Wei Dai wrote: No matter how good the MAC design is, it's internal collision probability is bounded by the inverse of the size of its internal state space. Actually, for any two (different) messages the internal collision probability is bounded by the inverse of the SQUARE of

Re: comparing RMAC to AES+CBC-MAC or XCBC (Re: Why is RMAC resistant to birthday attacks?)

Adam Back [EMAIL PROTECTED] wrote: See for example Rogaway's arguments about limited value of defending against extension forgery attacks in XCBC: [... quote snipped ...] http://csrc.nist.gov/encryption/modes/workshop2/presentations/xcbc.pdf This doesn't contain the paragraph that you quoted,

STORK CRYPTOGRAPHY WORKSHOP: preliminary program

Dear all, The preliminary program for the STORK cryptography workshop is now available on the STORK website, and is also included below for your information. The most recent version is always available on the STORK website. May I also remind you of the early registration deadline of 28 October.

Re: comparing RMAC to AES+CBC-MAC or XCBC (Re: Why is RMAC resistant to birthday attacks?)

On Thu, Oct 24, 2002 at 02:08:11AM -0700, Sidney Markowitz wrote: [...] XCBC should be inherently resistant to extension forgery attacks. The attack requires that the MAC have the property that MAC(x) == MAC(y) implies that MAC(x||z) == MAC(y||z). In the case of XCBC, because of the padding

Re: collision resistance -- Re: Why is RMAC resistant to birthday attacks?

There seems to be a question about whether: 1. the internal collision probability of a hash function is bounded by the inverse of the size of its internal state space, or 2. the internal collision probability of a hash function is bounded by the inverse of the square root of size of its

collision resistance -- Re: Why is RMAC resistant to birthday attacks?

There seems to be a question about whether: 1. the internal collision probability of a hash function is bounded by the inverse of the size of its internal state space, or 2. the internal collision probability of a hash function is bounded by the inverse of the square root of size of its

Re: Why is RMAC resistant to birthday attacks?

... pls read this message with the edits below... missing ^ in exp and the word WITHOUT...still no coffee... David Wagner wrote: Ed Gerck wrote: Wei Dai wrote: No matter how good the MAC design is, it's internal collision probability is bounded by the inverse of the size of its internal