Comments to NIST concerning AES Modes of Operations: A Suggestion for Handling Arbitrary-Length Messages with the CBC MAC
نویسندگان
چکیده
The CBC MAC is the customary way to make a message authentication code (MAC) from a block cipher. It is the subject of several standards, including [1, 5, 6]. It is well-known and well-understood. Given all this, it seems likely that the CBC MAC will be standardized as an AES mode of operation. In this note we suggest a nice version of the CBC MAC that one might select for this purpose. We recall that the CBC MAC actually comes in a number of different versions. These versions differ in details involving padding (what to do when a message is not a non-zero multiple of the block length), length-variability (how to properly authenticate messages that come in a variety of lengths), and key-search strengthening (making the mode more secure against key-search attacks). Our CBC MAC variant is described in [4], where it is called XCBC. Let us now review this MAC’s definition, as well as the definition for the basic CBC MAC.
منابع مشابه
The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This document is a submission to the IETF Internet Protocol Security (IPsec) Working Group. Comments are solicited and should be addresse...
متن کاملComb to Pipeline: Fast Software Encryption Revisited
AES-NI, or Advanced Encryption Standard New Instructions, is an extension of the x86 architecture proposed by Intel in 2008. With a pipelined implementation utilizing AES-NI, parallelizable modes such as AES-CTR become extremely efficient. However, out of the four non-trivial NIST-recommended encryption modes, three are inherently sequential: CBC, CFB, and OFB. This inhibits the advantage of us...
متن کاملOn the Security of CTR + CBC-MAC -- NIST Modes of Operation { Additional CCM Documentation
We analyze the security of the CTR + CBC-MAC (CCM) encryption mode. This mode, proposed by Doug Whiting, Russ Housley, and Niels Ferguson, combines the CTR (“counter”) encryption mode with CBC-MAC message authentication and is based on a block cipher such as AES. We present concrete lower bounds for the security of CCM in terms of the security of the underlying block cipher. The conclusion is t...
متن کاملComments to NIST concerning AES Modes of Operation: OCB Mode: Parallelizable Authenticated Encryption
This note describes a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. It does this using only djM j=ne + 2 block cipher invocations. Here M is the plaintext (an arbitrary bit string) and n is the block length. The scheme refines one recently suggested by Jutla [Ju00].
متن کاملOn Efficient Message Authentication Via Block Cipher Design Techniques
In an effort to design a MAC scheme that is built using block cipher components and runs faster than the modes of operation for message authentication, Daemen and Rijmen have proposed a generic MAC construction ALRED and a concrete ALRED instance Pelican. The Pelican MAC uses four rounds of AES as a building block to compute the authentication tag in a CBC-like manner. It is about 2.5 times fas...
متن کامل