Advertisement

A Block-Cipher Mode of Operation for Parallelizable Message Authentication

  • John Black
  • Phillip Rogaway
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2332)

Abstract

We define and analyze a simple and fully parallelizable block-cipher mode of operation for message authentication. Parallelizability does not come at the expense of serial efficiency: in a conventional, serial environment, the algorithm’s speed is within a few percent of the (inherently sequential) CBC MAC. The new mode, PMAC, is deterministic, resembles a standard mode of operation (and not a Carter-Wegman MAC), works for strings of any bit length, employs a single block-cipher key, and uses just max{1, ⌈|M|/n⌉} block-cipher calls to MAC a string M ∈ {0,1|* using an n-bit block cipher. We prove PMAC secure, quantifying an adversary’s forgery probability in terms of the quality of the block cipher as a pseudorandom permutation.

Keywords

Block Cipher Message Authentication Code Message Authentication Gray Code Message Block 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. Advances in Cryptology-CRYPTO’ 96. Lecture Notes in Computer Science, vol. 1109, Springer-Verlag, pp. 1–15, 1996. Available at URL http://www-cse.ucsd.edu/users/mihir CrossRefGoogle Scholar
  2. 2.
    M. Bellare, S. Goldwasser, and O. Goldreich. Incremental cryptography and applications to virus protection. Proceedings of the 27th Annual ACM Symposium on the Theory of Computing (STOC’ 95). ACM Press, pp. 45–56, 1995. Available at URL http://www.cs.ucdavis.edu/~rogaway
  3. 3.
    M. Bellare, R. Guérin AND P. Rogaway. “XOR MACs: New methods for message authentication using finite pseudorandom functions.” Advances in Cryptology-CRYPTO’ 95. Lecture Notes in Computer Science, vol. 963, Springer-Verlag, pp. 15–28, 1995. Available at URL http://www.cs.ucdavis.edu/~rogaway Google Scholar
  4. 4.
    M. Bellare, J. Kilian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, vol. 61, no. 3, Dec 2000. (Full version of paper from Advances in Cryptology-CRYPTO’ 94. Lecture Notes in Computer Science, vol. 839, pp. 340–358, 1994.) Available at URL www.cs.ucdavis.edu/~rogawayGoogle Scholar
  5. 5.
    M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient encryption. Advances in Cryptology-ASIACRYPT’ 00. Lecture Notes in Computer Science, vol. 1976, Springer-Verlag, 2000. Available at URL http://www.cs.ucdavis.edu/~rogaway Google Scholar
  6. 6.
    A. Berendschot, B. Den Boer, J.P. Boly, A. Bosselaers, J. Brandt, D. Chaum, I. Damgård, M. Dichtl, W. Fumy, M. Van der Ham, C.J.A. Jansen, P. Landrock, B. Preneel, G. Roelofsen, P. De Rooij, and J. Vandewalle. Integrity primitives for secure information systems, Final report of RACE integrity primitives evaluation (RIPE-RACE 1040). Lecture Notes in Computer Science, vol. 1007, Springer-Verlag, 1995.Google Scholar
  7. 7.
    D. Bernstein. Floating-point arithmetic and message authentication. Unpublished manuscript. Available at URL http://cr.yp.to/papers.html#hash127
  8. 8.
    D. Bernstein. How to stretch random functions: the security of protected counter sums. Journal of Cryptology, vol. 12, no. 3, pp. 185–192 (1999). Available at URL http://cr.yp.to/djb.html zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. Advances in Cryptology-CRYPTO’ 99. Lecture Notes in Computer Science, Springer-Verlag, 1999. Available at URL http://www.cs.ucdavis.edu/~rogaway Google Scholar
  10. 10.
    J. Black and P. Rogaway. A block-cipher mode of operation for parallelizable message authentication. Full version of this paper. Available at URL http://www.cs.ucdavis.edu/~rogaway
  11. 11.
    J. Black and P. Rogaway. CBC MACs for arbitrary-length messages: The three-key constructions. Full version of paper from Advances in Cryptology-CRYPTO’ 00. Lecture Notes in Computer Science, vol. 1880, pp. 197–215, 2000. Available at URL http://www.cs.ucdavis.edu/~rogaway CrossRefGoogle Scholar
  12. 12.
    G. Brassard. On computationally secure authentication tags requiring short secret shared keys. Advances in Cryptology-CRYPTO’ 82. Plenum Press, pp. 79–86, 1983.Google Scholar
  13. 13.
    L. Carter and M. Wegman. Universal hash functions. J. of Computer and System Sciences. vol. 18, pp. 143–154, 1979.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    V. Gligor and P. Donescu. Fast encryption and authentication: XCBC encryption and XECB authentication modes. Fast Software Encryption, Lecture Notes in Computer Science, Springer-Verlag, April 2001. Available at URL http://www.eng.umd.edu/~gligor Google Scholar
  15. 15.
    O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, vol. 33, no. 4, pp. 210–217, 1986.CrossRefMathSciNetGoogle Scholar
  16. 16.
    S. Halevi and H. Krawczyk. MMH: Software message authentication in the Gbit/second rates. Fast Software Encryption (FSE 4), Lecture Notes in Computer Science, vol. 1267, Springer-Verlag, pp. 172–189, 1997. Available at URL http://www.research.ibm.com/people/s/shaih Google Scholar
  17. 17.
    Iso/Iec 9797. Information technology-Security techniques-Data integrity mechanism using a cryptographic check function employing a block cipher algorithm. International Organization for Standards (ISO), Geneva, Switzerland, 1994 (second edition).Google Scholar
  18. 18.
    C. Jutla. Encryption modes with almost free message integrity. Advances in Cryptology-EUROCRYPT 2001. Lecture Notes in Computer Science, vol. 2045, B. Pfitzmann, ed., Springer-Verlag, 2001.CrossRefGoogle Scholar
  19. 19.
    H. Krawczyk. LFSR-based hashing and authentication. Advances in Cryptology-CRYPTO’ 94. Lecture Notes in Computer Science, vol. 839, Springer-Verlag, pp 129–139, 1994.Google Scholar
  20. 20.
    H. Lipmaa. Personal communication, July 2001. Further information available at http://www.tcs.hut.fi/~helger
  21. 21.
    E. Petrank and C. Rackoff. CBC MAC for real-time data sources. Journal of Cryptology, vol. 13, no. 3, pp. 315–338, Nov 2000. Available at URL http://www.cs.technion.ac.il/~erez/publications.html. Earlier version as 1997/010 in the Cryptology ePrint archive, eprint.iacr.orgzbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    B. Preneel. Cryptographic primitives for information authentication-State of the art. State of the Art in Applied Cryptography, COSIC’ 97, LNCS 1528, B. Preneel and V. Rijmen, eds., Springer-Verlag, pp. 49–104, 1998.Google Scholar
  23. 23.
    M. Wegman and L. Carter. New hash functions and their use in authentication and set equality. J. of Comp. and System Sciences. vol. 22, pp. 265–279, 1981.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • John Black
    • 1
  • Phillip Rogaway
    • 2
  1. 1.Dept. of Computer ScienceUniversity of NevadaRenoUSA
  2. 2.Dept. of Computer ScienceUniversity of CaliforniaDavisUSA

Personalised recommendations