Score:2

Is the tag generated in MAC equal for equal messages in CBC-MAC?

ec flag

The Cipher Block Chaining algorithm for generating message authentication codes uses a 0 IV . So my understanding is that same messages will generate same MACs which seems to violate semantic security. An attacker may deduce that 2 messages are same by looking at the MAC. Is my intuition correct?

Score:2
in flag

First of all, you seem to be talking about semantic security for a cipher. So I'll answer from that perspective. There is no security requirement for a MAC to be indistinguishable for identical messages after all.

So, from that perspective, your intuition is correct. However, generally we perform encrypt-then-MAC, and in that case the IV should be included as well. As the IV should be at least unique and the ciphertext should be randomized, we should not get the same MAC even for the same messages.

The semantic security issue only becomes an issue if you perform a "Encrypt-and-MAC". Quoted from the answer above:

May reveal information about the plaintext in the MAC. Theoretical, of course, but a less than ideal scenario. This occurs if the plaintext messages are repeated, and the MACed data does not include a counter (it does in the SSH 2 protocol, but only as a 32-bit counter, so you should take care to re-key before it overflows).

In AEAD ciphers sometimes a slightly different method is used: GMAC is over the plaintext message, but it is dependent on the nonce, which should of course be unique for each message.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.