Abstract
We suggest some simple variants of the CBC MAC that let you efficiently MAC messages of arbitrary lengths. Our constructions use three keys, K1, K2, K3, to avoid unnecessary padding and MAC any message M ∈ {0,1}* using max{1, ⌈|M|/n⌉} applications of the underlying n-bit block cipher. Our favorite construction, XCBC, works like this: if |M| is a positive multiple of n then XOR the n-bit key K2 with the last block of M and compute the CBC MAC keyed with K1; otherwise, extend M’s length to the next multiple of n by appending minimal 10i padding (i ≥ 0), XOR the n-bit key K3 with the last block of the padded message, and compute the CBC MAC keyed with K1. We prove the security of this and other constructions, giving concrete bounds on an adversary’s inability to forge in terms of her inability to distinguish the block cipher from a random permutation. Our analysis exploits new ideas which simplify proofs compared to prior work.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
ANSI X9.19. American national standard — Financial institution retail message authentication. ASC X9 Secretariat-American Bankers Association, 1986.
Bellare, M., Kilian, J., AND Rogaway, P. The security of the cipher block chaining message authentication code. See http://www.cs.ucdavis.edu/rogaway. Older version appears in Advances in Cryptology-CRYPTO’ 94 (1994), vol. 839 of Lecture Notes in Computer Science, Springer-Verlag, pp. 341–358.
Berendschot, A., Den Boer, B., Boly, J., Bosselaers, A., Brandt, J., Chaum, D., Damgård, I., Dichtl, M., Fumy, W., Van der Ham, M., Jansen, C, Landrock, P., Preneel, B., Roelofsen, G., De Rooij, P., AND Vandewalle, J. Final Report of Race Integrity Primitives, vol. 1007 of Lecture Notes in Computer Science. Springer-Verlag, 1995.
Black, J., Halevi, S., Krawczyk, H., Krovetz, T., AND Rogaway, P. UMAC: Fast and secure message authentication. In Advances in Cryptology-CRYPTO’ 99 (1999), Lecture Notes in Computer Science, Springer-Verlag.
Carter, L., AND Wegman, M. Universal hash functions. J. of Computer and System Sciences, 18 (1979), 143–154.
FIPS 113. Computer data authentication. Federal Information Processing Standards Publication 113, U.S. Department of Commerce/National Bureau of Standards, National Technical Information Service, Springfield, Virginia, 1994.
Goldreich, O., Goldwasser, S., AND Micali, S. How to construct random functions. Journal of the ACM 33, 4 (1986), 210–217.
Iso/Iec 9797-1. Information technology-security techniques-data integrity mechanism using a cryptographic check function employing a block cipher algorithm. International Organization for Standards, Geneva, Switzerland, 1999. Second edition.
Kilian, J., AND Rogaway, P. How to protect DES against exhaustive key search. In Advances in Cryptology-CRYPTO’ 96 (1996), vol. 1109 of Lecture Notes in Computer Science, Springer-Verlag, pp. 252–267.
Petrank, E., AND Rackoff, C. CBC MAC for real-time data sources. Manuscript 97-10 in http://philby.ucsd.edu/cryptolib.html, 1997.
Preneel, B., AND Van Oorschot, P. On the security of two MAC algorithms. In Advances in Cryptology — EUROCRYPT’ 96 (1996), vol. 1070 of Lecture Notes in Computer Science, Springer-Verlag, pp. 19–32.
Wegman, M., AND Carter, L. New hash functions and their use in authentication and set equality. In J. of Comp. and System Sciences (1981), vol. 22, pp. 265–279.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Black, J., Rogaway, P. (2000). CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions. In: Bellare, M. (eds) Advances in Cryptology — CRYPTO 2000. CRYPTO 2000. Lecture Notes in Computer Science, vol 1880. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44598-6_12
Download citation
DOI: https://doi.org/10.1007/3-540-44598-6_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67907-3
Online ISBN: 978-3-540-44598-2
eBook Packages: Springer Book Archive