mirror of
https://github.com/calofmijuck/blog.git
synced 2025-12-06 22:53:51 +00:00
fix: broken image links have been fixed
This commit is contained in:
@@ -26,7 +26,7 @@ On the other hand, MAC fixes data that is tampered in purpose. We will also requ
|
||||
|
||||
## Message Authentication Code
|
||||
|
||||
|
||||
|
||||
|
||||
> **Definition.** A **MAC** system $\Pi = (S, V)$ defined over $(\mathcal{K}, \mathcal{M}, \mathcal{T})$ is a pair of efficient algorithms $S$ and $V$ where $S$ is a **signing algorithm** and $V$ is a **verification algorithm**.
|
||||
>
|
||||
@@ -58,7 +58,7 @@ In the security definition of MACs, we allow the attacker to request tags for ar
|
||||
|
||||
For strong MACs, the attacker only has to change the tag for the attack to succeed.
|
||||
|
||||
|
||||
|
||||
|
||||
> **Definition.** Let $\Pi = (S, V)$ be a MAC system defined over $(\mathcal{K}, \mathcal{M}, \mathcal{T})$. Given an adversary $\mathcal{A}$, the security game goes as follows.
|
||||
>
|
||||
@@ -123,7 +123,7 @@ The above construction uses a PRF, so it is restricted to messages of fixed size
|
||||
|
||||
### CBC-MAC
|
||||
|
||||
|
||||
|
||||
|
||||
> **Definition.** For any message $m = (m_0, m_1, \dots, m_{l-1}) \in \left\lbrace 0, 1 \right\rbrace^{nl}$, let $F_k := F(k, \cdot)$.
|
||||
>
|
||||
@@ -211,7 +211,7 @@ Since CBC-MAC is vulnerable to extension attacks, we encrypt the last block agai
|
||||
|
||||
ECBC-MAC doesn't require us to know the message length in advance, but it is relatively expensive in practice, since a block cipher has to be initialized with a new key.
|
||||
|
||||
|
||||
|
||||
|
||||
> **Theorem.** Let $F : \mathcal{K} \times X \rightarrow X$ be a secure PRF. Then for any $l \geq 0$, $F_\mathrm{ECBC} : \mathcal{K}^2 \times X^{\leq l} \rightarrow X$ is a secure PRF.
|
||||
>
|
||||
|
||||
Reference in New Issue
Block a user