In the applied cryptography book by Boneh and Shoup, Chapter 6 on MACs, it is stated that an adversary that is also capable of requesting the challenger for verification queries (in addition to signing queries) is not stronger than an Adversary that can only ask for signing queries. I do not understand why a verification query cannot be emulated by the signing query Adversary by generating the pair (mi, ti) for himself, and then generate a signing query for the challenger with mi, getting back ti', compare ti'==ti if comparison succeeds, adversary wins, else it fails. Why do you need additional entity (B) between the Adversary to the Challenger?
Asked
Active
Viewed 103 times
