Security of this MAC scheme

Question

I'm studying for a cryptography exam, I have this question from a past exam:

Consider the MAC with key $k$, based on a block cipher $E_{(k)}$ with block size $n$, and a collision-resistant hash function $h$ with output size $n$. The MAC on a message m is calculated as: $$ \text{MAC}(m) = E_{h(m)}(k) $$

Discuss the security of this MAC scheme.

Obviously, the security of this scheme depends on the hash function chosen, the block cipher, and the length of $n$.

What other considerations can be made?

score 1 · Answer 1 · answered Jan 06 '24 at 20:00

1

Given a MAC scheme as $\text{MAC}(k,m) = E_{h(m)}(k)$

take the message $m$ and hash it, these are public knowledge for the security game of MACs
Now use the decryption of the Encryption function, what do you get?

answered Jan 06 '24 at 20:00

kelalaka

48,443
11
116
196

Security of this MAC scheme

1 Answers1