## Another look at security theorems for 1-key nested MACs

Neal Koblitz and Alfred Menezes

*Open Problems in Mathematics and Computational Science*,
edited by Çetin Koç, pp. 69-89, 2014.

Abstract: We prove a security theorem without
collision-resistance for a class of 1-key hash-function-based MAC schemes
that includes HMAC and Envelope MAC. The proof has some advantages over
earlier proofs: it is in the uniform model, it uses a weaker related-key
assumption, and it covers a broad class of MACs in a single theorem.
However, we also explain why our theorem is of doubtful value in assessing
the real-world security of these MAC schemes. In addition, we prove a
theorem assuming collision-resistance. From these two theorems we conclude
that from a provable security standpoint there is little reason to prefer
HMAC to Envelope MAC or similar schemes.

Published paper
Preprint