Security analysis of a TESLA-based homomorphic MAC scheme for authentication in P2P live streaming system

In this paper, we present a pollution attack on the homomorphic message authentication code scheme PMAC, which was proposed, by Cheng, Jiang, and Zhang in [IEEE Journal on Selected Areas in Communications/Supplement 2013; 31(9): 291-298]. In particular, Cheng et al. claimed that their main contribution lies in that, compared with the existing scheme, such as SpaceMac, PMAC can achieve a reliable security 1/q(l) instead of 1/q (for SpaceMac), where q is usually set as a small number in practical applications and l is a flexible parameter chosen by users to improve their security level. However, by presenting a pollution attack, we prove that PMAC can only achieve the security at most 1/q no matter how large l is. Our attack shows that it may be dangerous to directly use PMAC in the peer-to-peer live streaming systems. Moreover, we also point out a basic but fatal error in their proof of theorem 1 and hope that by identifying the design flaw, similar mistakes can be avoided in future design of homomorphic message authentication code. Copyright (C) 2016 John Wiley & Sons, Ltd.