The chain & sum primitive and its applications to MACs and stream ciphers

  • Mariusz H. Jakubowski
  • Ramarathnam Venkatesan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)


We present a new scheme called universal block chaining with sum (or chain & sum primitive (C&S) for short), and show its application to the problem of combined encryption and authentication of data. The primitive is a weak CBC-type encryption along with a summing step, and can be used as a front end to stream ciphers to encrypt pages or blocks of data (e.g., in an encrypted file system or in a video stream). Under standard assumptions, the resulting encryption scheme provably acts as a random permutation on the blocks, and has message integrity features of standard CBC encryption. The primitive also yields a very fast message authentication code (MAC), which is a multivariate polynomial evaluation hash. The multivariate feature and the summing aspect are novel parts of the design. Our tests show that the chain & sum primitive adds approximately 20 percent overhead to the fastest stream ciphers.


Hash Function Encryption Algorithm Random Permutation Collision Probability Stream Cipher 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    W. Aiello, S. Rajagopalan, R. Venkatesan, “Design and analysis of provably good random number generators,” ACM SODA-95, pp. 1–9.Google Scholar
  2. 2.
    W. Aiello, R. Venkatesan, “Foiling birthday attacks in output doubling transformations,” Advances in Cryptology-Eurocrypt 96.Google Scholar
  3. 3.
    M. Bellare, R. Canetti, H. Krawczyk, “Keying hash functions for message authentication,” Advances in Cryptology-Crypto '96.Google Scholar
  4. 4.
    M. Bellare, R. Guérin, P. Rogaway, “XOR MACs: New methods for message authentication using finite pseudorandom functions,” Advances in CryptologyCrypto '95, pp. 15–28.Google Scholar
  5. 5.
    M. Bellare, J. Kilian, P. Rogaway, “On the security of cipher block chaining,” Advances in Cryptology-Crypto '94, pp. 341–358.Google Scholar
  6. 6.
    J. Golic, “Linear Statistical Weaknesses in Alleged RC4 Keystream Generator,” Advances in Cryptology-Eurocrypt '97, pp. 226–238.Google Scholar
  7. 7.
    A. Bosselaers, R. Govaerts, J. Vandewalle, “Fast hashing on the Pentium,” Advances in Cryptology-Crypto '96.Google Scholar
  8. 8.
    G. Brassard, “On computationally secure authentication tags requiring short secret shared keys,” Advances in Cryptology-Crypto '82, pp. 79–82.Google Scholar
  9. 9.
    S. Halevi, H. Krawczyk, “MMH: Software message authentication in the Gbit/second rates,” Fast Software Encryption Workshop, 1996.Google Scholar
  10. 10.
    H. Krawczyk, “LFSR-based hashing and authentication,” Advances in Cryptology-Crypto '94, pp. 129–139.Google Scholar
  11. 11.
    H. Krawczyk, “New hash functions for message authentication,” Advances in Cryptology-Crypto '95, pp. 301–310.Google Scholar
  12. 12.
    J. Kilian, P. Rogaway, “How to protect DES against exhaustive search,” Advances in Cryptology-Crypto 96.Google Scholar
  13. 13.
    B. Preneel, P. van Oorschot, “MDx-MAC and building fast MACs from hash functions,” Advances in Cryptology-Crypto '95, pp. 1–14.Google Scholar
  14. 14.
    P. Rogaway, “Bucket hashing and its application to fast message authentication,” Advances in Cryptology-Crypto '95, pp. 29–42.Google Scholar
  15. 15.
    V. Shoup, “On fast and provably secure message authentication based on universal hashing,” Advances in CryptologyEurocrypt96. Later versions available from the author.Google Scholar
  16. 16.
    M. Wegman, L. Carter, “New hash functions and their use in authentication and set equality,” Journal of Computer and System Sciences, 22:265–279, 1981.zbMATHMathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Mariusz H. Jakubowski
    • 1
  • Ramarathnam Venkatesan
    • 2
  1. 1.Princeton UniversityUSA
  2. 2.Microsoft ResearchRedmondUSA

Personalised recommendations