Cryptography
public-key elliptic-curves mac ecies
Updated Thu, 01 Sep 2022 15:38:17 GMT

How to know that MAC isn't modified in ECIES


I am new to ECC but I was wondering,

If there is a situation where instead of the ciphertext being falsified, the sent MAC was tampered. How does the receiver verify that the ciphertext is still correct? How can the receiver verify that only MAC is tampered with? How is it possible to know whether the sent MAC or Ciphertext is the one falsified?

If someone were to modify every MAC they can in a network, wouldn't that stop communication in that network? How could one verify that the MACs aren't tampered with?




Solution

This actually apply to symmetric-key encryption in general, and isn't specific to ECC.

In short: if either ciphertext or MAC is modified, then the decryption fails as whole. There's no way to determine which of the 2 is tamperred if any of them is.

However, it's safe to assume that, any CCA-secure symmetric encryption guarantee the correctness of ciphertext with high confidence, if MAC is verified as correct. That's something to be sure.

Although, as mentioned in the comment, the origin of the ciphertext must remain questionable, since this is public-key encryption, it allows anyone, including adversaries, to send messages.





Comments (2)

  • +2 – Don't be fooled that "correctness of ciphertext" does not imply authenticity of ciphertext: because that's public key encryption, anyone with the public key can encrypt any plaintext of their choice. The MAC (or CCA-security) is here to protect against attacks that alter genuine ciphertexts and attempt to gain knowledge about the corresponding plaintext from the reaction of the receiver, or attempt to get a partially altered plaintext to be accepted. — Aug 02, 2022 at 08:30  
  • +1 – Added a comment below the question which might be integrated in the answer as well. — Aug 02, 2022 at 10:29  


External Links

External links referenced by this document: