Now, you talked about a MAC function (with AES). I previously talked about
encryption.
If I , the only person, uses the MAC key, when I generate more than 2^64 MAC
values (Let's say each MAC value is 96 bits), I have many collided MAC pairs.
But, I am the only one (beside the person(s) verifyi
On Nov 2, 2015 2:14 AM, "Dang, Quynh" wrote:
>
> Hi Eric,
>
>
> As you asked the question about how many ciphertext blocks should be safe
under a single key, I think it is safe to have 2^96 blocks under a given
key if the IV (counter) is 96 bits.
This is wrong for PRP, right for PRF. It's not tha
