# Re: enc and auth scheme with tiny cryptograms

*From*: daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)*Date*: Mon, 9 Oct 2006 18:39:02 +0000 (UTC)

Alexander Bernauer wrote:

The receiver discards authentication failures.

Why does this matter?

Only in that it affects the number of forgery attempts an attacker

can make. The attacker's overall success probability is related to

the probability that any particular forgery attempt is successful

(which is basically 1/2^T, for a T-bit message authentication tag)

times the number of forgery attempts the attacker can make. If you

can reduce the latter quantity, then you might be able to shorten the

tag and maintain the same level of security.

If the receiver discards authentication failures, the number of

forgery attempts the attacker can make is basically related to the

maximum channel throughput (the number of packets that can be sent

to the receiver per second) times the expected lifetime of the system.

.

**References**:**enc and auth scheme with tiny cryptograms***From:*Alexander Bernauer

**Re: enc and auth scheme with tiny cryptograms***From:*David Wagner

**Re: enc and auth scheme with tiny cryptograms***From:*Alexander Bernauer

- Prev by Date:
**Re: enc and auth scheme with tiny cryptograms** - Next by Date:
**Re: Need Graph Isomorphism Algorithm De-bunked** - Previous by thread:
**Re: enc and auth scheme with tiny cryptograms** - Next by thread:
**Re: enc and auth scheme with tiny cryptograms** - Index(es):