Key Recovery and Forgery Attacks on the MacDES MAC Algorithm

  • Don Coppersmith
  • Lars R. Knudsen
  • Chris J. Mitchell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1880)


We describe a series of new attacks on a CBC-MAC algorithm due to Knudsen and Preneel including two key recovery attacks and a forgery attack. Unlike previous attacks, these techniques will work when the MAC calculation involves prefixing the data to be MACed with a ‘length block’. These attack methods provide new (tighter) upper bounds on the level of security offered by the MacDES technique.

Key words

Message Authentication Codes Cryptanalysis CBC-MAC 


  1. 1.
    B. Bollobás. Random graphs Academic Press, 1985.Google Scholar
  2. 2.
    K. Brincat and C. J. Mitchell. A taxonomy of CBC-MAC forgery attacks. Submitted, January 2000.Google Scholar
  3. 3.
    D. Coppersmith and C.J. Mitchell. Attacks on MacDES MAC algorithm. Electronics Letters, 35:1626–1627, 1999.CrossRefGoogle Scholar
  4. 4.
    International Organization for Standardization, Genève, Switzerland. ISO/IEC 9797-1, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher, December 1999.Google Scholar
  5. 5.
    L.R. Knudsen. Chosen-text attack on CBC-MAC. Electronics Letters, 33:48–49, 1997.CrossRefGoogle Scholar
  6. 6.
    L.R. Knudsen and B. Preneel. MacDES: MAC algorithm based on DES. Electronics Letters, 34:871–873, 1998.CrossRefGoogle Scholar
  7. 7.
    A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of Applied Cryptography CRC Press, Boca Raton, 1997.zbMATHGoogle Scholar
  8. 8.
    B. Preneel and P.C. van Oorschot. On the security of iterated Message Authentication Codes. IEEE Transactions on Information Theory, 45:188–199, 1999.zbMATHCrossRefGoogle Scholar
  9. 9.
    J. Spencer. Ten lectures on the probabilistic method Society for Industrial and Applied Mathematics, Philadelphia, PA, second edition, 1994.Google Scholar
  10. 10.
    P.C. van Oorschot and M.J. Wiener. Parallel collision search with cryptanalytic applications. Journal of Cryptology, 12(1):1–28, 1999.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Don Coppersmith
    • 1
  • Lars R. Knudsen
    • 2
  • Chris J. Mitchell
    • 3
  1. 1.IBM Research, T.J. Watson Research CenterYorktown HeightsUSA
  2. 2.Department of InformaticsUniversity of BergenBergenNorway
  3. 3.Information Security Group, Royal HollowayUniversity of LondonEghamUK

Personalised recommendations