New Bounds for PMAC, TMAC, and XCBC

  • Kazuhiko Minematsu
  • Toshiyasu Matsushima
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4593)


We provide new security proofs for PMAC, TMAC, and XCBC message authentication modes. The previous security bounds for these modes were σ 2/2 n , where n is the block size in bits and σ is the total number of queried message blocks. Our new bounds are ℓq 2/2 n for PMAC and ℓq 2/2 n  + ℓ4 q 2/22n for TMAC and XCBC, where q is the number of queries and ℓ is the maximum message length in n-bit blocks. This improves the previous results under most practical cases, e.g., when no message is exceptionally long compared to other messages.


  1. 1.
    Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST Special Publication 800-38B, available from
  2. 2.
    den Boer, B., Boly, J.P., Bosselaers, A., Brandt, J., Chaum, D., Damgård, I., Dichtl, M., Fumy, W., van der Ham, M., Jansen, C.J.A., Landrock, P., Preneel, B., Roelofsen, G., de Rooij, P., Vandewalle, J.: RIPE Integrity Primitives, final report of RACE Integrity Primitives Evaluation (1995)Google Scholar
  3. 3.
    Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. Journal of Computer and System Science 61(3) (2000)Google Scholar
  4. 4.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryptiont. In: FOCS ’97. Proceedings of the 38th Annual Symposium on Foundations of Computer Science, pp. 394–403 (1997)Google Scholar
  5. 5.
    Bellare, M., Pietrzak, K., Rogaway, P.: Improved Security Analyses for CBC MACs. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 527–541. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Bernstein, D.J.: Stronger Security Bounds for Wegman-Carter-Shoup Authenticators. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 164–180. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Black, J., Rogaway, P.: CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Carter, L., Wegman, M.: Universal Classes of Hash Functions. Journal of Computer and System Science 18, 143–154 (1979)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudorandomness. In: Algorithms and Combinatorics, vol. 17, Springer, Heidelberg (1998)Google Scholar
  10. 10.
    Iwata, T., Kurosawa, K.: Stronger Security Bounds for OMAC, TMAC, and XCBC. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 402–415. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)Google Scholar
  12. 12.
    Krovetz, T., Rogaway, P.: The OCB Authenticated-Encryption Algorithm. Internet Draft (2005)Google Scholar
  13. 13.
    Kurosawa, K., Iwata, T.: TMAC: Two-Key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 33–49. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Maurer, U.: Indistinguishability of Random Systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Maurer, U., Pietrzak, K.: Composition of Random Systems: When Two Weak Make One Strong. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 410–427. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Pietrzak, K.: Composition Does Not Imply Adaptive Security. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 55–65. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Pietrzak, K.: A Tight Bound for EMAC. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 168–179. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004), Google Scholar
  20. 20.
    Wegman, M., Carter, L.: New Hash Functions and Their Use in Authentication and Set Equality. Journal of Computer and System Sciences 22, 265–279 (1981)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Kazuhiko Minematsu
    • 1
    • 2
  • Toshiyasu Matsushima
    • 2
  1. 1.NEC Corporation, 1753 Shimonumabe, Nakahara-Ku, KawasakiJapan
  2. 2.Waseda University, 3-4-1 Okubo Shinjuku-ku TokyoJapan

Personalised recommendations