Key Recovery and Forgery Attacks on the MacDES MAC Algorithm
We describe a series of new attacks on a CBC-MAC algorithm due to Knudsen and Preneel including two key recovery attacks and a forgery attack. Unlike previous attacks, these techniques will work when the MAC calculation involves prefixing the data to be MACed with a ‘length block’. These attack methods provide new (tighter) upper bounds on the level of security offered by the MacDES technique.
Key wordsMessage Authentication Codes Cryptanalysis CBC-MAC
- 1.B. Bollobás. Random graphs Academic Press, 1985.Google Scholar
- 2.K. Brincat and C. J. Mitchell. A taxonomy of CBC-MAC forgery attacks. Submitted, January 2000.Google Scholar
- 4.International Organization for Standardization, Genève, Switzerland. ISO/IEC 9797-1, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher, December 1999.Google Scholar
- 9.J. Spencer. Ten lectures on the probabilistic method Society for Industrial and Applied Mathematics, Philadelphia, PA, second edition, 1994.Google Scholar