{"extern":1,"publisher":"Springer","doi":"10.1007/978-3-540-74619-5_26","intvolume":"      4593","conference":{"name":"FSE: Fast Software Encryption"},"status":"public","publist_id":"3458","year":"2007","type":"conference","month":"10","date_published":"2007-10-11T00:00:00Z","alternative_title":["LNCS"],"citation":{"short":"Y. Dodis, K.Z. Pietrzak, in:, Springer, 2007, pp. 414–433.","chicago":"Dodis, Yevgeniy, and Krzysztof Z Pietrzak. “Improving the Security of MACs via Randomized Message Preprocessing,” 4593:414–33. Springer, 2007. <a href=\"https://doi.org/10.1007/978-3-540-74619-5_26\">https://doi.org/10.1007/978-3-540-74619-5_26</a>.","ama":"Dodis Y, Pietrzak KZ. Improving the security of MACs via randomized message preprocessing. In: Vol 4593. Springer; 2007:414-433. doi:<a href=\"https://doi.org/10.1007/978-3-540-74619-5_26\">10.1007/978-3-540-74619-5_26</a>","ista":"Dodis Y, Pietrzak KZ. 2007. Improving the security of MACs via randomized message preprocessing. FSE: Fast Software Encryption, LNCS, vol. 4593, 414–433.","ieee":"Y. Dodis and K. Z. Pietrzak, “Improving the security of MACs via randomized message preprocessing,” presented at the FSE: Fast Software Encryption, 2007, vol. 4593, pp. 414–433.","mla":"Dodis, Yevgeniy, and Krzysztof Z. Pietrzak. <i>Improving the Security of MACs via Randomized Message Preprocessing</i>. Vol. 4593, Springer, 2007, pp. 414–33, doi:<a href=\"https://doi.org/10.1007/978-3-540-74619-5_26\">10.1007/978-3-540-74619-5_26</a>.","apa":"Dodis, Y., &#38; Pietrzak, K. Z. (2007). Improving the security of MACs via randomized message preprocessing (Vol. 4593, pp. 414–433). Presented at the FSE: Fast Software Encryption, Springer. <a href=\"https://doi.org/10.1007/978-3-540-74619-5_26\">https://doi.org/10.1007/978-3-540-74619-5_26</a>"},"author":[{"full_name":"Dodis, Yevgeniy","last_name":"Dodis","first_name":"Yevgeniy"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","full_name":"Krzysztof Pietrzak","last_name":"Pietrzak","first_name":"Krzysztof Z","orcid":"0000-0002-9139-1654"}],"publication_status":"published","title":"Improving the security of MACs via randomized message preprocessing","_id":"3223","page":"414 - 433","date_created":"2018-12-11T12:02:06Z","abstract":[{"text":"“Hash then encrypt” is an approach to message authentication, where first the message is hashed down using an ε-universal hash function, and then the resulting k-bit value is encrypted, say with a block-cipher. The security of this scheme is proportional to εq2, where q is the number of MACs the adversary can request. As ε is at least 2−k, the best one can hope for is O(q2/2k) security. Unfortunately, such small ε is not achieved by simple hash functions used in practice, such as the polynomial evaluation or the Merkle-Damg ̊ard construction, where ε grows with the message length L.\nThe main insight of this work comes from the fact that, by using ran- domized message preprocessing via a short random salt p (which must then be sent as part of the authentication tag), we can use the “hash then encrypt” paradigm with suboptimal “practical” ε-universal hash func- tions, and still improve its exact security to optimal O(q2/2k). Specif- ically, by using at most an O(logL)-bit salt p, one can always regain the optimal exact security O(q2/2k), even in situations where ε grows polynomially with L. We also give very simple preprocessing maps for popular “suboptimal” hash functions, namely polynomial evaluation and the Merkle-Damg ̊ard construction.\nOur results come from a general extension of the classical Carter- Wegman paradigm, which we believe is of independent interest. On a high level, it shows that public randomization allows one to use the potentially much smaller “average-case” collision probability in place of the “worst-case” collision probability ε.","lang":"eng"}],"date_updated":"2021-01-12T07:41:55Z","volume":4593,"day":"11","quality_controlled":0}