On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit A New Construction
In this paper, we study the security of randomized CBC-MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC-MAC using an n-bit block cipher is the same as the security of the usual encrypted CBC-MAC using a 2n-bit block cipher. Moreover, this construction adds a negligible computational overhead compared to the cost of a plain, non-randomized CBC-MAC. We give a full standard proof of our construction using one pass of a block-cipher with 2n-bit keys but there also is a proof for n-bit keys block-ciphers in the random oracle model.
KeywordsHash Function Random Permutation Block Cipher Message Authentication Code Random Oracle Model
- 1.M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In CRYPTO’96, volume 1109 of LNCS. Springer, 1996.Google Scholar
- 2.M. Bellare, O. Goldreich, and H. Krawczyk. Stateless evaluation of pseudorandom functions: Security beyond the birthday barrier. In CRYPTO’99, volume 1666 of LNCS, pages 270–287. Springer, 1999.Google Scholar
- 3.M. Bellare, R. Guerin, and P. Rogaway. XOR MACs: New methods for message authentication using finite pseudorandom functions. In CRYPTO’95, volume 963 of LNCS, pages 15–28. Springer-Verlag, 1995.Google Scholar
- 5.M. Bellare, T. Krovetz, and P. Rogaway. Luby-rackoff backwards: increasing security by making block-ciphers non-invertible. In EUROCRYPT’98, volume 1403 of LNCS, pages 266–280. Springer, 1998.Google Scholar
- 6.J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In CRYPTO’99, volume 1666 of LNCS, pages 216–233. Springer-Verlag, 1999.Google Scholar
- 8.C. Hall, D. Wagner, J. Kelsey, and B. Schneier. Building PRFs from PRPs. In CRYPTO’98, volume 1462 of LNCS, pages 370–389. Springer, 1998.Google Scholar
- 9.International Organization for Standards, Geneva, Switzerland. ISO/IEC 9797-1. Information Technology-Security Techniques-Data integrity mechanism using a cryptographic check function employing a block cipher algorithm, second edition edition, 1999.Google Scholar
- 10.É. Jaulmes, A. Joux, and F. Valette. On the security of randomized cbc-mac beyond the birthday paradox limit: A new construction. Available at http://eprint.iacr.org, 2002. Full version of this paper.
- 11.E. Petrank and C. Rackoff. CBC-MAC for real-time data sources. Technical Report 97-10, Dimacs, 1997.Google Scholar
- 12.B. Preneel and P. van Oorschot. MDx-MAC and building fast MACs from hash functions. In CRYPTO’95, volume 963 of LNCS, pages 1–14. Springer, 1995.Google Scholar
- 14.U.S. Department of Commerce/National Bureau of Standards, National Technical Information Service, Springfield, Virginia. FIPS 113. Computer Data Authentication. Federal Information Processing Standards Publication 113, 1994.Google Scholar