Theory of Cryptography Conference

TCC 2010: Theory of Cryptography pp 290-307

Delayed-Key Message Authentication for Streams

  • Marc Fischlin
  • Anja Lehmann
Conference paper

DOI: 10.1007/978-3-642-11799-2_18

Volume 5978 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

We consider message authentication codes for streams where the key becomes known only at the end of the stream. This usually happens in key-exchange protocols like SSL and TLS where the exchange phase concludes by sending a MAC for the previous transcript and the newly derived key. SSL and TLS provide tailor-made solutions for this problem (modifying HMAC to insert the key only at the end, as in SSL, or using upstream hashing as in TLS). Here we take a formal approach to this problem of delayed-key MACs and provide solutions which are “as secure as schemes where the key would be available right away” but still allow to compute the MACs online even if the key becomes known only later.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Marc Fischlin
    • 1
  • Anja Lehmann
    • 1
  1. 1.Darmstadt University of TechnologyGermany