MDx-MAC and Building Fast MACs from Hash Functions
نویسندگان
چکیده
We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and envelope methods, are shown to be unsatisfactory. Motivated by the absence of a secure, fast MAC algorithm not based on encryption, a new generic construction (MDx -MAC) is proposed for transforming any secure hash function of the MD4-family into a secure MAC of equal or smaller bitlength and
منابع مشابه
A New Hash Function Based on MDx-Family and Its Application to MAC
Several fast software hash functions have been proposed since the hash function MD4 was introduced by R. Rivest in 1990. At the moment, SHA-1, RIPEMD-160, and HAVAL are known as secure dedicated hash functions in MDx-family hash functions. In this paper, we propose a new hash function based on advantages of these three hash functions, which keeps the maximum security of them and is more efficie...
متن کاملAutomated Security Proofs for Almost-Universal Hash for MAC Verification
Message authentication codes (MACs) are an essential primitive in cryptography. They are used to ensure the integrity and authenticity of a message, and can also be used as a building block for larger schemes, such as chosenciphertext secure encryption, or identity-based encryption. MACs are often built in two steps: first, the ‘front end’ of the MAC produces a short digest of the long message,...
متن کاملBlockcipher-based MACs: Beyond the Birthday Bound without Message Length
We present blockcipher-based MACs (Message Authentication Codes) that have beyond the birthday bound security without message length in the sense of PRF (Pseudo-Random Function) security. Achieving such security is important in constructing MACs using blockciphers with short block sizes (e.g., 64 bit). Luykx et al. (FSE 2016) proposed LightMAC, the first blockcipher-based MAC with such security...
متن کاملCryptanalysis of Message Authentication Codes
This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic ha...
متن کاملMessage Authentication, Revisited
Traditionally, symmetric-key message authentication codes (MACs) are easily built from pseudorandom functions (PRFs). In this work we propose a wide variety of other approaches to building efficient MACs, without going through a PRF first. In particular, unlike deterministic PRF-based MACs, where each message has a unique valid tag, we give a number of probabilistic MAC constructions from vario...
متن کامل