1

I am new to ECC but I was wondering,

If there is a situation where instead of the ciphertext being falsified, the sent MAC was tampered. How does the receiver verify that the ciphertext is still correct? How can the receiver verify that only MAC is tampered with? How is it possible to know whether the sent MAC or Ciphertext is the one falsified?

If someone were to modify every MAC they can in a network, wouldn't that stop communication in that network? How could one verify that the MACs aren't tampered with?

Taha Canturk
  • 53
  • 5

1 Answers1

6

This actually apply to symmetric-key encryption in general, and isn't specific to ECC.

In short: if either ciphertext or MAC is modified, then the decryption fails as whole. There's no way to determine which of the 2 is tamperred if any of them is.

However, it's safe to assume that, any CCA-secure symmetric encryption guarantee the correctness of ciphertext with high confidence, if MAC is verified as correct. That's something to be sure.

Although, as mentioned in the comment, the origin of the ciphertext must remain questionable, since this is public-key encryption, it allows anyone, including adversaries, to send messages.

DannyNiu
  • 10,640
  • 2
  • 27
  • 64