Has reducing MAC size and increasing message size the same effect on security?

Septatrix

7/24/23, 11:57 AM

I am evaluating ways to reduce the overhead of (H)MACs on small messages. I was primarily wondering if there is a difference between halving the MAC length or keeping the same MAC length but using it to authenticate a message of twice the size.

My initial thought was that the message/MAC ration would be the same though then it occured to me that this is probably not the complete picture as each individual package would be simpler to attack. Therefore I would probably have to discard both packages if one if them fail an integrity check.

Is my last conclusion correct for them to behave identically or am I missing something?

0 + 0

mac

hmac

integrity

output-size

SAI Peregrinus

7/24/23, 8:25 PM

MAC security is independent of message size.

kelalaka

7/24/23, 10:54 PM

You should be careful about truncating the MAC output, You may give huge advantage to the attacker. Still your question is not clear or wide to answer!

Septatrix

7/25/23, 11:18 AM

@kelalaka I was more thinking about shrinking the output by using a different Algo (e.g. SHA-512 → SHA-256) though I think SAI Peregrinus already cleared up my misunderstanding

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Has reducing MAC size and increasing message size the same effect on security?

TH: การลดขนาด MAC และการเพิ่มขนาดข้อความมีผลกับความปลอดภัยเหมือนกันหรือไม่

RO: Reducerea dimensiunii MAC și creșterea dimensiunii mesajului are același efect asupra securității?

RU: Оказывает ли уменьшение размера MAC и увеличение размера сообщения одинаковый эффект на безопасность?

VI: Việc giảm kích thước MAC và tăng kích thước thư có ảnh hưởng tương tự đến bảo mật không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.