Quantum-Safe MAC: HMAC and CMAC

bilaljo

3/11/24, 9:09 PM

If understood right, CMAC is not quantum-safe because it relies on AES-128 (which isn't considered as quantum-safe), while HMAC is, because it relies on SHA3 (which is considered as quantum-safe). Did I understand this right?

126

0 + 2

post-quantum-cryptography

hmac

cmac

poncho

3/11/24, 9:12 PM

Actually, AES-128 is quantum safe; $2^{64}$ *serial* AES evaluations are impractical (and even if it was, CMAC can be used with AES-256). And, HMAC can be used with any Merkle-Damgard hash (which SHA-3 isn't; I suppose you could use any hash, but you'd need to redo the security proof) - perhaps you meant KMAC?

Maarten Bodewes

3/12/24, 12:42 AM

I think the long and short of this is: no you haven't understood this correctly. Um, should we leave this question open? It seems to have been answered. I would be more happy with the question if it had some references for the claims (which is probably why poncho posted an off-hand comment). If you are unsure, use AES-256, KMAC-256 or even HMAC-SHA-256 or 512.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Quantum-Safe MAC: HMAC and CMAC

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.