Designs, Codes and Cryptography

, Volume 64, Issue 1–2, pp 161–169 | Cite as

Security of message authentication codes in the presence of key-dependent messages

Article

Abstract

In recent years, the security of encryption and signature schemes in the presence of key-dependent plaintexts received attention, and progress in understanding such scenarios has been made. In this article we motivate and discuss a setting where an adversary can access tags of a message authentication code (MAC) on key-dependent message inputs, and we propose a way to formalize the security of MACs in the presence of key-dependent messages (KD−EUF). Like signature schemes, MACs have a verification algorithm, and hence the tagging algorithm must be stateful. We present a scheme MAC-ver which offers KD−EUF security and also yields a forward-secure scheme.

Keywords

Message authentication codes Key-dependent message 

Mathematics Subject Classification (2000)

94A60 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Backes M., Pfitzmann B., Scedrov A.: Key-dependent message security under active attacks–BRSIM/UC-soundness of symbolic encryption with key cycles. In: CSF 2007: Proceedings of the 20th IEEE Computer Security Foundations Symposium, pp. 112–124. IEEE Computer Society, Washington (2007).Google Scholar
  2. 2.
    Bellare M., Namprempre C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (eds) Advances in Cryptology—ASIACRYPT 2000, Lecture Notes in Computer Science, vol. 1976, pp. 531–545. Springer, Berlin (2000)Google Scholar
  3. 3.
    Bellare M., Yee B.: Forward-security in private-key cryptography. In: Joye, M. (eds) Topics in Cryptology—CT-RSA 2003, Lecture Notes in Computer Science, vol. 2612, pp. 1–18. Springer, Berlin (2003)Google Scholar
  4. 4.
    Bellare M., Kilian J., Rogaway P.: The security of cipher block chaining. In: Franklin M. (ed.) Advances in Cryptology—CRYPTO 1994: Proceedings of the 14th Annual International Cryptology Conference, vol. 839, pp. 341–358. Springer, Berlin (1994).Google Scholar
  5. 5.
    Black J., Rogaway P., Shrimpton T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg K., Heys H.M. (eds.) Selected Areas in Cryptography—SAC 2003: 10th Annual International Workshop, Lecture Notes in Computer Science, vol. 2595, pp. 62–75. Springer-Verlag, Berlin (2003).Google Scholar
  6. 6.
    Dziembowski S., Pietrzak K.: Leakage-resilient cryptography. In: FOCS 2008: Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science, pp. 293–302. IEEE Computer Society, Washington (2008).Google Scholar
  7. 7.
    Faust S., Kiltz E., Pietrzak K., Rothblum G.: Leakage-resilient signatures. In: Micciancio D. (ed.) 7th Theory of Cryptography Conference, TCC 2010, Lecture Notes in Computer Science, vol. 5978, pp. 343–360. Springer, Berlin (2010).Google Scholar
  8. 8.
    González Muñiz M., Steinwandt R.: Security of signature schemes in the presence of key-dependent messages. Tatra Mt. Math. Publ. 47, 15–29 (2010)MathSciNetMATHGoogle Scholar
  9. 9.
    Haitner I., Holenstein T.: On the (im)possibility of key dependent encryption. In: Reingold O. (ed.) Theory of Cryptography—TCC 2009: Sixth Theory of Cryptography Conference, Lecture Notes in Computer Science, vol. 5444, pp. 202–219. Springer, Berlin (2009).Google Scholar
  10. 10.
    Halevi S., Krawczyk H.: Security under key-dependent inputs. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 466–475. ACM, New York (2007).Google Scholar
  11. 11.
    Hofheinz D., Unruh D.: Towards key-dependent message security in the standard model. In: Smart N. (ed.) Advances in Cryptology—EUROCRYPT 2008: International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 4965, pp. 108–126. Springer, Berlin (2008).Google Scholar
  12. 12.
    Jaulmes E., Joux A., Valette F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: a new construction. In: Daemen J., Rijmen V. (eds.) FSE 2002: Revised Papers from the 9th International Workshop on Fast Software Encryption, vol. 2365, pp. 237–251. Springer, Heidelberg (2002).Google Scholar
  13. 13.
    Katz J., Vaikuntanathan V.: Signature schemes with bounded leakage resilience. In: Matsui M. (ed.) Advances in Cryptology—ASIACRYPT 2009, Lecture Notes in Computer Science, vol. 5912, pp. 703–720. Springer, Berlin (2009).Google Scholar
  14. 14.
    Kim J., Biryukov A., Preneel B., Hong S.: On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract). In: Prisco R.D., Yung M. (eds.) Security and Cryptography for Networks, 5th International Conference, SCN 2006, Lecture Notes in Computer Science, vol. 4116, pp. 242–256. Springer, Berlin (2006).Google Scholar
  15. 15.
    Menezes A., Vanstone S., Oorschot P.V.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2006)Google Scholar
  16. 16.
    Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: Naor M. (ed.) Theory of Cryptography—TCC 2004: First Theory of Cryptography Conference, Lecture Notes in Computer Science, vol. 2951, pp. 278–296. Springer, Berlin (2004).Google Scholar
  17. 17.
    Preneel B., van Oorschot P.: On the security of iterated message authentication codes. IEEE Trans. Inform. Theory 45(1), 188–199 (1999)MathSciNetMATHCrossRefGoogle Scholar
  18. 18.
    Standaert F.X., Pereira O., Yu Y., Quisquater J.J., Yung M., Oswald E.: Leakage resilient cryptography in practice. Cryptology ePrint Archive, Report 2009/341 (2009). http://www.eprint.iacr.org/. Accessed 10 July 2009.

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Cybernetica ASTallinnEstonia
  2. 2.Florida Atlantic UniversityBoca RatonUSA

Personalised recommendations