XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions

  • Mihir Bellare
  • Roch Guérin
  • Phillip Rogaway
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 963)


We describe a new approach for authenticating a message using a finite pseudorandom function (PRF). Our “XOR MACs” have several nice features, including parallelizability, incrementality, and provable security. The finite PRF can be “instantiated” via DES (yielding an alternative to the CBC MAC), via the compression function of MD5 (yielding an alternative to various “keyed MD5” constructions), or in a variety of other ways. The proven security is quantitative, expressing the adversary’s inability to forge in terms of her (presumed) inability to break the underlying finite PRF. This is backed by attacks showing the analysis is tight. Our proofs exploit linear algebraic techniques.


Success Probability Random Function Block Cipher Message Authentication Code Message Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [ABI]
    N. Alon, L. Babai and A. Itai. A fast and simple randomized parallel algorithm for the maximal independent set problem. J. of Algorithms, Vol.7, 567–583, 1986.MATHCrossRefMathSciNetGoogle Scholar
  2. [BGR]
    M. Bellare, R. Guérin and P. Rogaway. XOR MACs: New methods for message authentication using finite pseudorandom functions. Available from the authors or out of http://www.cs.ucdavis.edu/~rogaway/
  3. [BKR]
    M. Bellare, J. Kilian and P. Rogaway. On the security of cipher block chaining. Advances in Cryptology — Crypto 94 Proceedings.Google Scholar
  4. [BGG1]
    M. Bellare, O. Goldreich and S. Goldwasser. Incremental cryptography: The case of hashing and signing. Advances in Cryptology — Crypto 94 Proceedings.Google Scholar
  5. [BGG2]
    M. Bellare, O. Goldreich and S. Goldwasser. Incremental cryptography and application to virus protection. Proceedings of the Twenty Seventh Annual Symposium on the Theory of Computing, ACM, 1995.Google Scholar
  6. [BeRo]
    B. Berger and J. Rompel, “Simulating (logcn)-wise independence in NC,” Proceedings of the Thirtieth Annual Symposium on the Foundations of Computer Science, IEEE, 1989.Google Scholar
  7. [GGM]
    O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, Vol. 33, No. 4, 210–217, 1986.CrossRefMathSciNetGoogle Scholar
  8. [GMR]
    S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, 17(2):281–308, April 1988.MATHCrossRefMathSciNetGoogle Scholar
  9. [ISO]
    ISO/IEC 9797. Data cryptographic techniques-Data integrity mechanism using a cryptographic check function employing a block cipher algorithm, 1989.Google Scholar
  10. [Kr]
    H. Krawczyk. Personal communication, September 1994.Google Scholar
  11. [LuRa]
    M. Luby and C. Rackoff, “How to construct pseudorandom permutations from pseudorandom functions,” SIAM J. Comput, Vol. 17, No. 2, April 1988.Google Scholar
  12. [PV]
    B. Preneel and P. van Oorschot. A new generic attack on message authentication codes. Advances in Cryptology — Crypto 95 Proceedings.Google Scholar
  13. [Ri]
    R. Rivest, “The MD5 message digest algorithm.” IETF RFC-1321, 1992.Google Scholar
  14. [Ts]
    G. Tsudik, “Message authentication with one-way hash functions.” Proceedings of Infocom 92, IEEE Press, 1992.Google Scholar
  15. [X9.9]
    ANSI X9.9, American National Standard for Financial Institution Message Authentication (Wholesale), American Bankers Association, 1981. Revised 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Roch Guérin
    • 1
  • Phillip Rogaway
    • 2
  1. 1.IBM T.J. Watson Research CenterYorktown HeightsUSA
  2. 2.Dept. of Computer Science, Eng. II Bldg.University of CaliforniaDavisUSA

Personalised recommendations