Delayed-Key Message Authentication for Streams

  • Marc Fischlin
  • Anja Lehmann
Conference paper

DOI: 10.1007/978-3-642-11799-2_18

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5978)
Cite this paper as:
Fischlin M., Lehmann A. (2010) Delayed-Key Message Authentication for Streams. In: Micciancio D. (eds) Theory of Cryptography. TCC 2010. Lecture Notes in Computer Science, vol 5978. Springer, Berlin, Heidelberg


We consider message authentication codes for streams where the key becomes known only at the end of the stream. This usually happens in key-exchange protocols like SSL and TLS where the exchange phase concludes by sending a MAC for the previous transcript and the newly derived key. SSL and TLS provide tailor-made solutions for this problem (modifying HMAC to insert the key only at the end, as in SSL, or using upstream hashing as in TLS). Here we take a formal approach to this problem of delayed-key MACs and provide solutions which are “as secure as schemes where the key would be available right away” but still allow to compute the MACs online even if the key becomes known only later.

Download to read the full conference paper text

Copyright information

© IFIP International Federation for Information Processing 2010

Authors and Affiliations

  • Marc Fischlin
    • 1
  • Anja Lehmann
    • 1
  1. 1.Darmstadt University of TechnologyGermany

Personalised recommendations