In this work, we study message authentication code (MAC) schemes supporting variable tag lengths. We provide a formalisation of such a scheme. Several variants of the classical Wegman-Carter MAC scheme are considered. Most of these are shown to be insecure by pointing out detailed attacks. One of these schemes is highlighted and proved to be secure. We further build on this scheme to obtain single-key variable tag length MAC schemes utilising either a stream cipher or a short-output pseudo-random function. These schemes can be efficiently instantiated using practical well known primitives.

中文翻译：

---

支持可变标签长度的Wegman-Carter消息身份验证代码的变体

在这项工作中，我们研究了支持可变标签长度的消息认证代码（MAC）方案。我们提供了这种方案的形式化形式。考虑了经典的Wegman-Carter MAC方案的几种变体。通过指出详细的攻击，其中大多数被证明是不安全的。这些方案之一被强调并证明是安全的。我们进一步建立在该方案的基础上，利用流密码或短输出伪随机函数获得单键可变标签长度的MAC方案。这些方案可以使用实践中众所周知的原语高效地实例化。