Abstract
In this paper the newly proposed RMAC system is analysed. The scheme allows a (traditional MAC) attack some control over one of two keys of the underlying block cipher and makes it possible to mount several related-key attacks on RMAC. First, an efficient attack on RMAC when used with triple-DES is presented, which rely also on other findings in the proposed draft standard. Second, a generic attack on RMAC is presented which can be used to find one of the two keys in the system faster than by an exhaustive search. Third, related-key attacks on RMAC in a multi-user setting are presented. In addition to beating the claimed security bounds in NIST’s RMAC proposal, this work suggests that, as a general principle, one may wish to avoid designing modes of operation that use related keys.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Biham, E.: How to decrypt or even substitute DES-encrypted messages in 228 steps. Information Processing Letters 84 (2002)
Jaulmes, E., Joux, A., Valette, F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: A new construction. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, p. 237. Springer, Heidelberg (2002)
Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, GDES, GOST, SAFER, and triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)
Knudsen, L.R., Preneel, B.: MacDES: a new MAC algorithm based on DES. Electronics Letters 34(9), 871–873 (1998)
Mitchell, C.: Private communication
NIST. DRAFT Recommendation for Block Cipher Modes of Operation: the RMAC Authentication Mode. NIST Special Publication 800-38B. October 18 (2002)
Rivest, R., Shamir, A.: Payword and Micromint: Two simple micropayment schemes. Cryptobytes 2(1), 7–11 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Knudsen, L.R., Kohno, T. (2003). Analysis of RMAC. In: Johansson, T. (eds) Fast Software Encryption. FSE 2003. Lecture Notes in Computer Science, vol 2887. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39887-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-39887-5_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20449-7
Online ISBN: 978-3-540-39887-5
eBook Packages: Springer Book Archive