[11909] in cryptography@c2.net mail archive
Re: Why is RMAC resistant to birthday attacks?
daemon@ATHENA.MIT.EDU (Sidney Markowitz)
Tue Oct 22 22:07:12 2002
From: "Sidney Markowitz" <sidney@sidney.com>
To: "Ed Gerck" <egerck@nma.com>
Cc: <Victor.Duchovni@morganstanley.com>,
"Cryptography" <cryptography@wasabisystems.com>
Date: Tue, 22 Oct 2002 18:53:37 -0700
Ed Gerck <egerck@nma.com> wrote:
> A minor nit, but sometimes looking into why
> things were devised is helpful.
> What I explained can be found in
> http://csrc.nist.gov/encryption/modes/workshop2/report.pdf
Thank you, that was really helpful in seeing the motivation for the work that led to
the NIST draft paper. The way I read it now, he includes a justification for block
cipher based MACs in general, then presents his RMAC, which he devised to deal with
the effect of the birthday surprise on the work factor of the forged extension attack
on other block cipher based MACS.
-- sidney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
