Decorrelation over Infinite Domains: the Encrypted CBC-MAC Case
user correction - Legacy Corrections
SVM HeaderParse 0.1
; Swiss Federal Institute of Technology (EPFL);, for a message x = (m 1; : : : ; m ` ) 2 (f0; 1g; m
SVM HeaderParse 0.2
Decorrelation theory has recently been proposed in order to address the security of block ciphers and other cryptographic primitives over a nite domain. We show here how to extend it to innite domains, which can be used in the Message Authentication Code (MAC) case. In 1994, Bellare, Kilian and Rogaway proved that CBC-MAC is secure when the input length is xed. This has been extended by Petrank and Racko in 1997 with a variable length. In this paper, we prove a result similar to Petrank and Racko's one by using decorrelation theory. This leads to a slightly improved result and a more compact proof. This result is meant to be a general proving technique for security, which can be compared to the approach which was announced by Maurer at CRYPTO'99. Decorrelation theory has recently been introduced. (See references  to .) Its rst aim was to address provable security in the area of block ciphers in order to prove their security against dierential  and linear cryptanalysis...