Cryptography Reference
In-Depth Information
39. Mansour, Y., Nisan, N., Tiwari, P.: The computational complexity of universal
hashing. In: Proceedings of the Twenty-Second Annual ACM Symposium on The-
ory of Computing-STOC 1990, pp. 235-243. ACM, New York (1990)
40. McGrew, D., Viega, J.: The security and performance of the Galois/Counter Mode
(GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004.
LNCS, vol. 3348, pp. 343-355. Springer, Heidelberg (2004)
41. Meyer, C., Matyas, S.: Cryptography: A New Dimension in Computer Data Secu-
rity. John Wiley & Sons, Chichester (1982)
42. Preneel, B., Van Oorschot, P.: MDx-MAC and building fast MACs from hash
functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1-14.
Springer, Heidelberg (1995)
43. Preneel, B., Van Oorschot, P.: On the security of iterated message authentication
codes. IEEE Transactions on Information theory 45(1), 188-199 (1999)
44. Rogaway, P.: Bucket hashing and its application to fast message authentication.
Journal of Cryptology 12(2), 91-115 (1999)
45. Rogaway, P., Bellare, M., Black, J.: OCB: A Block-Cipher Mode of Operation for
Ecient Authenticated Encryption. ACM Transactions on Information and System
Security 6(3), 365-403 (2003)
46. Rogaway, P., Black, J.: PMAC: Proposal to NIST for a parallelizable message
authentication code (2001)
47. Stinson, D.: Universal hashing and authentication codes. Designs, Codes and Cryp-
tography 4(3), 369-380 (1994)
48. van Tilborg, H.: Encyclopedia of cryptography and security. Springer, Heidelberg
(2005)
49. Wegman, M., Carter, J.: New classes and applications of hash functions. In: 20th
Annual Symposium on Foundations of Computer Science-FOCS 1979, pp. 175-182.
IEEE, Los Alamitos (1979)
50. Wegman, M., Carter, L.: New hash functions and their use in authentication and
set equality. Journal of Computer and System Sciences 22(3), 265-279 (1981)
51. Ylonen, T., Lonvick, C.: The Secure Shell (SSH) Transport Layer Protocol. Tech-
nical report, RFC 4253 (2006)
A
Proof of Lemma 3
Proof.
Throughout this proof, random variables will be represented by bold
font symbols, whereas the corresponding non-bold font symbols represent spe-
cific values that can be taken by these random variables. Let the secret key
K
=
k
1
||
∈
Z
p
computed according to
equation (1), and any plaintext message
M
, the following holds:
k
2
||···||
k
B
be fixed. Then, for any tag
τ
=
M
)=Pr
=
B−
1
1
p
,
k
i
m
i
)
k
−
1
Pr(
τ
=
τ
|
M
r
=(
τ
−
(15)
B
i
=1
where
m
i
denotes the
i
th
block of the message
M
. Equation (15) holds by
the assumption that
r
is drawn uniformly from
Z
p
. The existence of
k
−
1
B
,the
multiplicative inverse of
k
B
in the integer field
Z
p
, is a guaranteed since
k
B
is
not the zero element. Furthermore, as a direct consequence of the fact that
Z
p
is
Search WWH ::
Custom Search