University of Ljubljana
Universal hash functions are commonly used primitives for fast and secure message authentication in the form of Message Authentication Codes (MACs) or Authenticated Encryption with Associated Data (AEAD) schemes. These schemes are widely used and standardized, the most well known being McGrew and viega's Galois/Counter Mode (GCM). In this paper the authors identify some properties of hash functions based on polynomial evaluation that arise from the underlying algebraic structure. As a result they are able to describe a general forgery attack, of which saarinen's cycling attack from FSE 2012 is a special case.