New Birthday Attacks on Some MACs Based on Block Ciphers
نویسندگان
چکیده
This paper develops several new techniques of cryptanalyzing MACs based on block ciphers, and is divided into two parts. The first part presents new distinguishers of the MAC construction Alred and its specific instance Alpha-MAC based on AES. For the Alred construction, we first describe a general distinguishing attack which leads to a forgery attack directly with the complexity of the birthday attack. A 2round collision differential path of Alpha-MAC is adopted to construct a new distinguisher with about 2 chosen messages and 2 queries. One of the most important results is to use this new distinguisher to recover the internal state, which is an equivalent subkey of Alpha-MAC. Moreover, our distinguisher on Alred construction can be applied to the MACs based on CBC and CFB encryption modes. The second part describes the first impossible differential attack on MACs-Pelican, MT-MAC-AES and PC-MAC-AES. Using the birthday attack, enough message pairs that produce the inner near-collision with some specific differences are detected, then the impossible differential attack on 4-round AES to the above mentioned MACs is performed. For Pelican, our attack recovers its internal state, which is an equivalent subkey. For MT-MAC-AES, the attack turns out to be a subkey recovery attack directly. The complexity of the two attacks is 2 chosen messages and 2 queries. For PC-MAC-AES, we recover its 256-bit key with 2 chosen messages and 2 queries.
منابع مشابه
New Attacks against Standardized MACs
In this paper, we revisit the security of several message authentication code (MAC) algorithms based on block ciphers, when instantiated with 64-bit block ciphers such as DES. We essentially focus on algorithms that were proposed in the norm ISO/IEC 9797–1. We consider both forgery attacks and key recovery attacks. Our results improve upon the previously known attacks and show that all algorith...
متن کاملBeyond-Birthday-Bound Security Based on Tweakable Block Cipher
This paper studies how to build a 2n-bit block cipher which is hard to distinguish from a truly random permutation against attacks with q ≈ 2 queries, i.e., birthday attacks. Unlike previous approaches using pseudorandom functions, we present a simple and efficient proposal using a tweakable block cipher as an internal module. Our proposal is provably secure against birthday attacks, if underly...
متن کاملConstructing Rate-1 MACs from Related-Key Unpredictable Block Ciphers: PGV Model Revisited
Almost all current block-cipher-based MACs reduce their security to the pseudorandomness of their underlying block ciphers, except for a few of them to the unpredictability, a strictly weaker security notion than pseudorandomness. However, the latter MACs offer relatively low efficiency. In this paper, we investigate the feasibility of constructing rate-1 MACs from related-key unpredictable blo...
متن کاملOne-key Double-Sum MAC with Beyond-Birthday Security
MACs (Message Authentication Codes) are widely adopted in communication systems to ensure data integrity and data origin authentication, e.g. CBC-MACs in the ISO standard 9797-1. However, all the current designs either suffer from birthday attacks or require long key sizes. In this paper, we focus on designing beyond-birthday-bound MAC modes with a single key, and investigate their design princ...
متن کاملOn the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction
In this paper, we study the security of randomized CBC– MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC– MAC using an n–bit block cipher is the same as the security ...
متن کامل