Improved Security Analyses for CBC MACs
نویسندگان
چکیده
We present an improved bound on the advantage of any q-query adversary at distinguishing between the CBC MAC over a random n-bit permutation and a random function outputting n bits. The result assumes that no message queried is a prefix of any other, as is the case when all messages to be MACed have the same length. We go on to give an improved analysis of the encrypted CBC MAC, where there is no restriction on queried messages. Letting m be the block length of the longest query, our bounds are about mq/2 for the basic CBC MAC and mq/2 for the encrypted CBC MAC, improving prior bounds of mq/2. The new bounds translate into improved guarantees on the probability of forging these MACs.
منابع مشابه
Impact of ANSI X9.24-1: 2009 Key Check Value on ISO/IEC 9797-1: 2011 MACs
ANSI X9.24-1:2009 specifies the key check value, which is used to verify the integrity of the blockcipher key. This value is defined as the most significant bits of the ciphertext of the zero block, and is assumed to be publicly known data for verification. ISO/IEC 9797-1:2011 illustrates a total of ten CBC MACs, where one of these MACs, the basic CBC MAC, is widely known to be insecure. In thi...
متن کامل3kf9: Enhancing 3GPP-MAC beyond the Birthday Bound
Among various cryptographic schemes, CBC-based MACs belong to the few ones most widely used in practice. Such MACs iterate a blockcipher EK in the so called Cipher-Block-Chaining way, i.e. Ci = EK(Mi⊕Ci−1) , offering high efficiency in practical applications. In the paper, we propose a new deterministic variant of CBC-based MACs that is provably secure beyond the birthday bound. The new MAC 3kf...
متن کاملCryptanalysis of Message Authentication Codes
This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic ha...
متن کاملDistinguishing Attack and Second-Preimage Attack on the CBC-like MACs
In this paper, we first present a new distinguisher on the CBC-MAC based on a block cipher in Cipher Block Chaining (CBC) mode. It can also be used to distinguish other CBC-like MACs from random functions. The main results of this paper are on the secondpreimage attack on CBC-MAC and CBC-like MACs include TMAC, OMAC, CMAC, PC-MAC and MACs based on three-key encipher CBC mode. Instead of exhaust...
متن کاملTowards Secure and Practical MACs for Body Sensor Networks
Wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst body sensor network (BSN) must be secured with strong authenticity to protect personal health information. First in this paper, some practical problems with the Message Authentication Codes (MACs), which are suggested in the current security architectures for WSN, are reconsidered. The ...
متن کامل