Distinguishing and Second-Preimage Attacks on CBC-Like MACs
Conference paper
- 10 Citations
- 1.1k Downloads
Abstract
This paper first presents a new distinguishing attack on the CBC-MAC structure based on block ciphers in cipher block chaining (CBC) mode. This attack detects a CBC-like MAC from random functions. The second result of this paper is a second-preimage attack on the CBC-MAC, which is an extension of the attack of Brincat and Mitchell. The attack also covers MT-MAC, PMAC and MACs with three-key enciphered CBC mode. Instead of exhaustive search, both types of attacks are of birthday attack complexity.
Keywords
CBC MAC Distinguishing attack Second preimage attackPreview
Unable to display preview. Download preview PDF.
References
- 1.ANSI X9.9 (revised): Financial Institution Message Authentication (wholesale), American Bankers Association (1986)Google Scholar
- 2.ANSI X9.19: Financial Institution Retail Message Authentication, American Bankers Association (1986)Google Scholar
- 3.Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
- 4.Brincat, K., Mitchell, C.J.: New CBC-MAC Forgery Attacks. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 3–14. Springer, Heidelberg (2001)CrossRefGoogle Scholar
- 5.Bosselaers, A., Preneel, B. (eds.): RIPE 1992. LNCS, vol. 1007. Springer, Heidelberg (1995)Google Scholar
- 6.Black, J., Rogaway, P.: CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
- 7.Black, J., Rogaway, P.: A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)CrossRefGoogle Scholar
- 8.Coppersmith, D., Knudsen, L.R., Mitchell, C.J.: Key Recovery and Forgery Attacks on the MacDES MAC Algorithm. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 184–196. Springer, Heidelberg (2000)CrossRefGoogle Scholar
- 9.Coppersmith, D., Mitchell, C.J.: Attacks on MacDES MAC algorithm. Electronics Letters 35, 1626–1627 (1999)CrossRefGoogle Scholar
- 10.Dodis, Y., Pietrzak, K., Puniya, P.: A New Mode of Operation for Block Ciphers and Length-Preserving MACs. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 198–219. Springer, Heidelberg (2008)CrossRefGoogle Scholar
- 11.ISO/IEC 9797–1, Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher. International Organization for Standardization, Genève, Switzerland (1999)Google Scholar
- 12.Knudsen, L.R.: Chosen-text Attack on CBC-MAC. Electronic Letters 33(1) (1997)Google Scholar
- 13.Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)Google Scholar
- 14.Kurosawa, K., Iwata, T.: TMAC: Two-Key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 265–273. Springer, Heidelberg (2003)CrossRefGoogle Scholar
- 15.Minematsu, K., Tsunoo, Y.: Provably Secure MACs from Differentially-Uniform Permutations and AES-Based Implementations. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 226–241. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 16.NIST, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST Special Publication 800-38B (2005)Google Scholar
- 17.Preneel, B., Knudsen, L.R.: MacDES: MAC algorithm based on DES. Electronic Letters 33(1) (1997)Google Scholar
- 18.Preneel, B., van Oorschot, P.C.: MDx-MAC and Building Fast MACs from Hash Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)Google Scholar
- 19.Preneel, B., van Oorschot, P.C.: Key Recovery Attack on ANSI X9.19 Retail MAC. Electronic Letters 32(17) (1996)Google Scholar
- 20.Petrank, E., Rackoff, C.: CBC MAC for Real-Time Data Sources. J. Cryptology 13(3), 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
- 21.Wang, X., Wang, W., Jia, K., Wang, M.: New Distinguishing Attack on MAC using Secret-Prefix Method. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 363–374. Springer, Heidelberg (2009)Google Scholar
- 22.Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 121–133. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 23.Yuan, Z., Jia, K., Wang, W., Wang, X.: Distinguishing and Forgery Attacks on Alred and Its AES-based Instance Alpha-MAC (2008), http://eprint.iacr.org/2008/516
- 24.Yuval, G.: How to Swindle Rabin. Cryptologia 3, 187–189 (1979)CrossRefGoogle Scholar
Copyright information
© Springer-Verlag Berlin Heidelberg 2009