6

I'm wondering if there are other resources that cover Carter-Wegman style message authentication, besides the sources themselves.

Is there an online text or a book that covers their ideas? I'd prefer something that's very thorough, and less importantly, free. I'm just really trying to get a feel for their ideas and related works.

Wikipedia covers VMAC, which is an application of their ideas, here: http://en.wikipedia.org/wiki/VMAC

LINKS

The original sources are linked through http://www.dblp.org/search/index.php#query=author:mark_n_wegman:&qp=H1.1000:W1.4:F1.4:F2.4:F3.4:F4.4

...and you can refine the search to just Wegman and Carter's works by clicking on Carter on the right side.

Patriot
  • 3,162
  • 3
  • 20
  • 66
Matt Groff
  • 163
  • 6

2 Answers2

10

You didn't mention at what level you're hoping for, so I'll provide a few resources, and you can figure out which ones best meet your needs.

  • UMAC: Fast and secure message authentication. John Black, Shai Halevi, Hugo Krawczyk, Ted Krovetz and Phillip Rogaway, CRYPTO 1999. (This research paper describes UMAC, a fast Carter-Wegman style hash. It also gives a lot of good background on the topic.)

  • Wikipedia's entry on UMAC gives some background on universal hashing and its relevance to message authentication.

  • On fast and provably secure message authentication based on universal hashing, Victor Shoup, CRYPTO 1996. (This research paper gives some of the theory behind universal hashing. It might be a tough slog if you are not a theoretician.)

  • Stronger security bounds for Wegman-Carter-Shoup authenticators. Dan Bernstein, EUROCRYPT 2005. (Even more of the theory behind universal hashing. An even tougher slog, if you are not used to theoretical crypto, but good stuff if you are.)

  • If you want to learn some of the crypto-theory, here are some resources:

    • You could start with Chapter 7 of Bellare and Rogaway's lecture notes on modern cryptography, which provides an introduction to message authentication from a theoretical perspective. Read to the end of Section 7.4, then you can skip 7.5, 7.6, and 7.7, and jump straight to 7.8, which describes universal hashing -- but is unfortunately as yet incomplete.

    • You could read Katz and Lindell's Introduction to Modern Cryptography. Start with Chapter 1, then Chapter 4 (particularly 4.1-4.4). Unfortunately, while they have a good treatment of the theoretical foundations of message authentication, they don't cover universal hashing as a method of message authentication.

These days, Carter-Wegman-style message authentication is often mentioned under the name "universal hashing". That search term may help you find a lot more.

D.W.
  • 36,982
  • 13
  • 107
  • 196
0

I found chapter 7 of the (still in progress) book "Graduate Course in Applied Cryptography" by Shoup and Boneh pretty useful as a thorough explanation of authentication based on universal hashing: https://crypto.stanford.edu/~dabo/cryptobook/

Kris
  • 632
  • 4
  • 8