A Unified Method for Improving PRF Bounds for a Class of Blockcipher Based MACs

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6147)


This paper provides a unified framework for improving PRF(pseudorandom function) advantages of several popular MACs (message authentication codes) based on a blockcipher modeled as RP (random permutation). In many known MACs, the inputs of the underlying blockcipher are defined to be some deterministic affine functions of previously computed outputs of the blockcipher. Keeping the similarity in mind, a class of ADEs (affine domain extensions) and a wide subclass of SADEs (secure ADEs) are introduced in the paper which contain following constructions \(\mathcal{C}\) = { CBC-MAC, GCBC *, OMAC, PMAC }. We prove that all SADEs have PRF advantages O(tq/2 n  + N(t,q)/2 n ) where t is the total number of blockcipher computations needed for all q queries and N(t,q) is a parameter defined in the paper. The PRF advantage of any SADE is O(t 2/2 n ) as we can show that \(N(t,q) \leq {t \choose 2}\). Moreover, N(t,q) = O(tq) for all members of \(\mathcal{C}\) and hence these MACs have improved advantages O(tq / 2 n ). Eventually, our proposed bounds for CBC-MAC and GCBC * become strictly better than previous best known bounds.


affine domain extension PRF random permutation CBC-MAC 


  1. 1.
    Bellare, M., Guérin, R., Rogaway, P.: XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)Google Scholar
  2. 2.
    Bellare, M., Pietrzak, K., Rogaway, P.: Improved Security Analysis for CBC MACs. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 527–545. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Bellare, M., Killan, J., Rogaway, P.: The security of the cipher block chanining Message Authentication Code. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bernstein, D.J.: A short proof of the unpredictability of cipher block chaining (2005), ID 24120a1f8b92722b5e1 5fbb6a86521a0
  5. 5.
    Black, J., Rogaway, P.: CBC MACs for arbitrary length messages. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Black, J., Rogaway, P.: A Block-Cipher Mode of Operations for Parallelizable Message Authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. JACM 33-4, 792–807 (1986)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Iwata, T., Kurosawa, K.: Stronger Security Bounds for OMAC, TMAC, and XCBC. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 402–415. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Jutla, C.S.: PRF Domain Extension using DAG. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 561–580. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Kurosawa, K., Iwata, T.: TMAC: Two-Key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 33–49. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Luby, M., Rackoff, C.: How to construct pseudo-random permutations from pseudo-random functions. SIAM Journal on Computing archive 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Minematsu, K., Matsushima, T.: Improved Security Bounds for PMAC, TMAC, and XCBC. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 434–451. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Nandi, M., Mandal, A.: Improved Security Analysis of PMAC. Journal of Mathematical Cryptology 2(2), 149–162 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Merkle, R.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  17. 17.
    Nandi, M.: A Unified Method for Improving PRF Bounds for a Class of Blockcipher based MACs. Cryptology eprint archive 2009/014 (2009)Google Scholar
  18. 18.
    Nandi, M.: Improved security analysis for OMAC as a pseudorandom function. Journal of Mathematical Cryptology 3(2), 133–148 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Nandi, M.: Fast and Secure CBC-Type MAC Algorithms. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 375–393. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Nandi, M.: A Simple and Unified Method of Proving Indistinguishability. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 317–334. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Patarin, J.: Etude des Générateurs de Permutations Basés sur le Schéma du D.E.S., Phd Thèsis de Doctorat de l’Université de Paris 6 (1991)Google Scholar
  22. 22.
    Petrank, E., Rackoff, C.: CBC MAC for real-time data sources. Journal of Cryptology 13(3), 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Pietrzak, K.: A Tight Bound for EMAC. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 168–179. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Sarkar, P.: Pseudo-Random Functions and Parallelizable Modes of Operations of a Block Cipher,
  25. 25.
    Vaudenay, S.: Decorrelation over infinite domains: the encrypted CBC-MAC case. Communications in Information and Systems (CIS) 1, 75–85 (2001)zbMATHMathSciNetGoogle Scholar
  26. 26.
    Vaudenay, S.: Decorrelation: A Theory for Block Cipher Security. J. Cryptology 16(4), 249–286 (2003)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.National Institute of Standards and Technology and Computer Science DepartmentThe George Washington University 

Personalised recommendations