Comment on “A Novel Homomorphic MAC Scheme for Authentication in Network Coding”

Recently, Cheng and Jiang [IEEE Commun. Lett., vol. 15, no. 11, pp. 1228-1230, 2011] proposed a novel homomorphic message authentication code (MAC) scheme, called TraceMac, for authentication in network coding, which is based on the trace function over a finite field, and claimed to achieve a reliable security of 1/q^l, where q is the cardinality of the message symbol field Fq, and l ∈ Z⁺ is a proper security parameter. A formal proof of its security is also given in their work. However, in this letter, we show that there exists an inherent vulnerability in Cheng-Jiang TraceMac scheme, which results in a forgery attack on the scheme. Moreover, we also point out an error in their formal security proof. We hope that with our discussion, a better understanding of using trace function to design homomorphic MAC scheme can be identified, and similar mistakes can be avoided in future design and security proof of homomorphic MAC scheme for network coding.