Sign in to confirm you’re not a bot
This helps protect our community. Learn more
These chapters are auto-generated

Substitution Attacks aga Message Authentication


Algorithm Substitution Attack An ASA replaces a cryptographic scheme with a subverted version that aims to reveal information to an adversary engaged in mass surveillance, while remaining undetected by users.


Authentication Alice and Bob want to ensure the authenticity of their communication Alice can use a message authentication code to generate a tag t for a message m being sent. Bob can check the validity of the tag using the shared key


The verification algorithm is subverted so that it accepts a fraction of invalid tags - The adversary intercepts a valid message tag pair. If the tag

Substitution Attacks against Message Authentication
2020Nov 5
Paper by Marcel Armour, Bertram Poettering presented at FSE 2020 See The conference program is at

Substitution Attacks aga Message Authentication


Algorithm Substitution Attack An ASA replaces a cryptographic scheme with a subverted version that aims to reveal information to an adversary engaged in mass surveillance, while remaining undetected by users.


Authentication Alice and Bob want to ensure the authenticity of their communication Alice can use a message authentication code to generate a tag t for a message m being sent. Bob can check the validity of the tag using the shared key


The verification algorithm is subverted so that it accepts a fraction of invalid tags - The adversary intercepts a valid message tag pair. If the tag


Follow along using the transcript.


9.82K subscribers