Advertisement

Decorrelation over Infinite Domains: The Encrypted CBC-MAC Case

  • Serge Vaudenay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2012)

Abstract

Decorrelation theory has recently been proposed in order to address the security of block ciphers and other cryptographic primitives over a finite domain. We show here how to extend it to infinite domains, which can be used in the Message Authentication Code (MAC) case. In 1994, Bellare, Kilian and Rogaway proved that CBC-MAC is secure when the input length is fixed. This has been extended by Petrank and Rackoff in 1997 with a variable length.

In this paper, we prove a result similar to Petrank and Rackoff’s one by using decorrelation theory. This leads to a slightly improved result and a more compact proof.

This result is meant to be a general proving technique for security, which can be compared to the approach which was announced by Maurer at CRYPTO’99.

Keywords

Random Function Block Cipher Message Authentication Code Data Encryption Standard Input Length 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Data Encryption Standard. Federal Information Processing Standard Publication 46, U. S. National Bureau of Standards, 1977.Google Scholar
  2. 2.
    ANSI X9.9. American National Standard-Financial Institution Message Authentication (Wholesale). ASC X9 Secretariat-American Bankers Association, 1986.Google Scholar
  3. 3.
    ISO 8731-2. Banking-Approved Algorithms for Message Authentication-Part 2: Message Authenticator Algorithm. International Organization for Standardization, Geneva, Switzerland, 1992.Google Scholar
  4. 4.
    RACE Project, Lectures Notes in Computer Science 1005, Springer-Verlag, 1995..Google Scholar
  5. 5.
    J. H. An, M. Bellare. Constructing VIL-MACs from FIL-MACs: Message Authentication under Weakened Assumptions. In Advances in Cryptology CRYPTO’99, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 1666, pp. 252–269, Springer-Verlag, 1999.Google Scholar
  6. 6.
    M. Bellare, J. Kilian, P. Rogaway. The Security of Cipher Block Chaining. In Advances in Cryptology CRYPTO’94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 341–358, Springer-Verlag, 1994.Google Scholar
  7. 7.
    E. Biham, A. Shamir. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  8. 8.
    I. B. Damgård. A Design Principle for Hash Functions. In Advances in Cryptology CRYPTO’89, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 435, pp. 416–427, Springer-Verlag, 1990.Google Scholar
  9. 9.
    M. Luby, C. Rackoff. How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing, vol. 17, pp. 373–386, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    M. Matsui. The first experimental cryptanalysis of the Data Encryption Standard. In Advances in Cryptology CRYPTO’94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 1–11, Springer-Verlag, 1994.Google Scholar
  11. 11.
    U. M. Maurer. A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom permutation generators. In Advances in Cryptology EUROCRYPT’92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 239–255, Springer-Verlag, 1993.Google Scholar
  12. 12.
    U. M. Maurer. Information-Theoretic Cryptography. Invited lecture. In Advances in Cryptology CRYPTO’99, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 1666, pp. 47–64, Springer-Verlag, 1999.Google Scholar
  13. 13.
    R. C. Merkle. One way Hash Functions and DES. In Advances in Cryptology CRYPTO’89, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 435, pp. 416–427, Springer-Verlag, 1990.Google Scholar
  14. 14.
    J. Patarin. Etude des Générateurs de Permutations Basés sur le Schéma du D.E.S., Thèse de Doctorat de l’Université de Paris 6, 1991.Google Scholar
  15. 15.
    J. Patarin. How to Construct Pseudorandom and Super Pseudorandom Permutations from One Single Pseudorandom Function. In Advances in Cryptology EUROCRYPT’ 92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 256–266, Springer-Verlag, 1993.CrossRefGoogle Scholar
  16. 16.
    E. Petrank, C. Rackoff. CBC MAC for Real-Time Data Sources. Journal of Cryptology, vol. 13, pp. 315–338, 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    S. Vaudenay. Provable Security for Block Ciphers by Decorrelation. Invited talk. In STACS 98, Paris, France, Lectures Notes in Computer Science 1373, pp. 249–275, Springer-Verlag, 1998. Full Paper: technical report LIENS-98-8, Ecole Normale Supérieure, 1998. (http://ftp://ftp.ens.fr/pub/reports/liens/)CrossRefGoogle Scholar
  18. 18.
    S. Vaudenay. Feistel Ciphers with L 2-Decorrelation. In Selected Areas in Cryptography, Kingston, Ontario, Canada, Lectures Notes in Computer Science 1556, pp. 1–14, Springer-Verlag, 1999.CrossRefGoogle Scholar
  19. 19.
    S. Vaudenay. Resistance Against General Iterated Attacks. In Advances in Cryptology EUROCRYPT’99, Prague, Czech Republic, Lectures Notes in Computer Science 1592, pp. 255–271, Springer-Verlag, 1999.Google Scholar
  20. 20.
    S. Vaudenay. On the Lai-Massey Scheme.Google Scholar
  21. 21.
    S. Vaudenay. Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness. In Selected Areas in Cryptography, Kingston, Ontario, Canada, Lectures Notes in Computer Science 1758, pp. 49–61, Springer-Verlag, 2000.CrossRefGoogle Scholar
  22. 22.
    S. Vaudenay. On Provable Security for Conventional Cryptography. Invited talk. (To appear in the proceedings of ICISC’ 99, LNCS, Springer-Verlag.)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Serge Vaudenay
    • 1
  1. 1.Swiss Federal Institute of Technology (EPFL)France

Personalised recommendations