Assume that we have a authentication-capable block cipher with key size $k$ and block size $n$ where $n = 2 \times m$. The function used to encrypt blocks takes the block index $i$ as an additional input and returns an $m$-bit intermediate authentication tag $\phi_{i}$. At the end of the encryption process, the authentication tag $\Phi$ is produced. $\Phi$, unlike $\phi_{i}$, is $n$ bits in size. It is derived from all $\phi_{i}$ and the encryption key. Assuming the the length of the key is equal to $n$, would the strength of the security tag be at most half of that given that each block encryption produces an $m$-bit intermediate tag?
Asked
Active
Viewed 34 times
