A Parallelizable PRF-Based MAC Algorithm: Well beyond the Birthday Bound

In this note we suggest a new parallelizable mode of operation for message authentication codes (MACs). The new MAC algorithm iterates a pseudo-random function (PRF) F-K : {0, 1}(m) -> {0, 1}(n), where K is a key and m, n are positive integers such that m >= 2n. The new construction is an improvement over a sequential MAC algorithm presented at FSE 2008, solving positively an open problem posed in the paper-the new mode is capable of fully parallel execution while achieving rate-1 efficiency and "full n-bit" security. Interestingly enough, PMAC-like parallel structure, rather than CBC-like serial iteration, has beneficial side effects on security. That is, the new construction is provided with a more straight-forward security proof and with an even better ("l-free") security bound than the FSE 2008 construction.