1

Suppose I apply a PRF to a secure MAC. Do I still have a secure MAC?

Demi
  • 4,793
  • 1
  • 19
  • 39

2 Answers2

3

Yes.

A secure PRF is a secure MAC. A secure MAC of a secure MAC is a secure MAC. Therefore, applying a PRF to a MAC still gives you a MAC.

Depending on the length of the inner MAC and the PRF you may lose security bits, but if they are long enough it works.

otus
  • 32,132
  • 5
  • 70
  • 165
  • 2
    One needs some condition on the PRF's input and output size; otherwise, a PRF applied to a secure MAC could well be a much less secure MAC than the original MAC is. Even if the PRF's input and output are the MAC's output size, odds of forgery by reusing a former MAC value are slightly better for the resulting MAC than they are for the original MAC. – fgrieu May 03 '16 at 19:41
  • @fgrieu, yes, the linked question mentioned length, but I added it explicitly. – otus May 03 '16 at 19:56
-2

Assuming you're asking if PRF(MAC) can be used as MAC (message authentication code)? Depends on the PRF. MAC is de-factor PRF too with several properties in mind (collision resistance, pre-image resistance, avalanche effect, non-linearity...).

Until your PRF keeps these properties, you should be ok. The basic idea is you should not weak the strength (length) of the MAC.

gusto2
  • 1,192
  • 7
  • 13