Security analysis of the message authenticator algorithm (MAA)

نویسندگان

  • Bart Preneel
  • Vincent Rumen
  • Paul C. van Oorschot
چکیده

The security of the ISO banking standard Message Authenticator Algorithm (ISO 87312), also known as MAA, is considered. The attacks, which exploit the internal structure of the algorithm, are the first computationally feasible attacks on MAA. First a MAC forgery attack is presented that requires 2 messages of 256 Kbytes or 2 messages of 1 Kbyte; the latter circumvents the special MAA mode for long messages defined in the standard. Next a key recovery attack on MAA is described which requires 2 chosen texts consisting of a single message block. The number of off-line multiplications for this attack varies between 2 for one key in 1000 to about 2 for one key in 50. This should be compared to about 3 · 2 multiplications for an exhaustive key search. Finally it is shown that MAA has 2 keys for which it is rather easy to create a large cluster of collisions. These keys can be detected and recovered with 2 chosen texts. From these attacks follows the identification of several classes of weak keys for MAA.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Comparative Study of Eight Formal Specifications of the Message Authenticator Algorithm

TheMessage Authenticator Algorithm (MAA) is one of the first cryptographic functions for computing a Message Authentication Code. Between 1987 and 2001, the MAA was adopted in international standards (ISO 8730 and ISO 8731-2) to ensure the authenticity and integrity of banking transactions. In 1990 and 1991, three formal, yet non-executable, specifications of the MAA (in VDM, Z, and LOTOS) were...

متن کامل

Cryptanalysis of Message Authentication Codes

This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic ha...

متن کامل

A Large Term Rewrite System Modelling a Pioneering Cryptographic Algorithm

We present a term rewrite system that formallymodels theMessage Authenticator Algorithm (MAA), which was one of the first cryptographic functions for computing a Message Authentication Code and was adopted, between 1987 and 2001, in international standards (ISO 8730 and ISO 8731-2) to ensure the authenticity and integrity of banking transactions. Our term rewrite system is large (13 sorts, 18 c...

متن کامل

Analysing the EAP-TLS Handshake and the 4-Way Handshake of the 802.11i Standard

The IEEE 802.11i standard has been designed to enhance security in wireless networks. The EAP-TLS handshake aims to provide mutual authentication between supplicant and authentication server, and then derive the Pairwise Master Key (PMK). In the 4-way handshake the supplicant and the authenticator use PMK to derive a fresh pairwise transient key (PTK). The PMK is not used directly for security ...

متن کامل

Polynomial evaluation and message authentication

The cryptographic literature contains many provably secure highspeed authenticators. Some authenticators use n multiplications for length-n messages; some authenticators have the advantage of using only about n/2 multiplications. Some authenticators use n variables for length-n messages; some authenticators have the advantage of using only 1 variable. This paper, after reviewing relevant polyno...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • European Transactions on Telecommunications

دوره 8  شماره 

صفحات  -

تاریخ انتشار 1997