From e09a183984ad92729c40b1ed51d2e9f6388ca9ba Mon Sep 17 00:00:00 2001 From: mdw Date: Wed, 31 Oct 2001 09:33:59 +0000 Subject: [PATCH] Fix bugs. --- auth-mac.tex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-mac.tex b/auth-mac.tex index 8b4eb8a..cd3defa 100644 --- a/auth-mac.tex +++ b/auth-mac.tex @@ -107,7 +107,7 @@ If $F_K\colon \{0, 1\}^* \to \{0, 1\}^L$ is a $(t, q, \epsilon)$-secure PRF, then it's also a $(t', q_T, q_V, \epsilon')$-secure MAC, with $q = q_T - + q_V + 1$, $t = t' + O(q)$, and $\epsilon \le \epsilon' + (q_V + 1) + + q_V + 1$, $t = t' + O(q)$, and $\epsilon' \le \epsilon + (q_V + 1) 2^{-L}$. The constant hidden by the $O(\cdot)$ is small and depends on the model of computation. @@ -152,7 +152,7 @@ $A$ does when it's given a random function. But we know that the probability of it successfully guessing the MAC for a message for which it didn't query $T$ can be at most $(q_V + 1) 2^{-L}$. So - \[ \Adv{prf}{F}(D) \le \Succ{suf-cma}{F}(A) - (q_V + 1) 2^{-L}. \] + \[ \Adv{prf}{F}(D) \ge \Succ{suf-cma}{F}(A) - (q_V + 1) 2^{-L}. \] Let $q = q_T + q_V + 1$; then counting, rearranging, maximizing yields \[ \InSec{suf-cma}(F; t, q_T, q_V) \le \InSec{prf}(F; t + O(q), q) + (q_V + 1)2^{-L}. \]% -- 2.11.0