3kf9: Enhancing 3GPP-MAC beyond the Birthday Bound
نویسندگان
چکیده
Among various cryptographic schemes, CBC-based MACs belong to the few ones most widely used in practice. Such MACs iterate a blockcipher EK in the so called Cipher-Block-Chaining way, i.e. Ci = EK(Mi⊕Ci−1) , offering high efficiency in practical applications. In the paper, we propose a new deterministic variant of CBC-based MACs that is provably secure beyond the birthday bound. The new MAC 3kf9 is obtained by combining f9 (3GPP-MAC) and EMAC sharing the same internal structure, and so it is almost as efficient as the original CBC MAC. 3kf9 offers O( l q 22n + lq 2n ) PRF-security when its underlying n-bit blockcipher is pseudorandom with three independent keys. This makes it more secure than traditional CBC-based MACs, especially when they are applied with lightweight blockciphers. Therefore, 3kf9 is expected to be a possible candidate MAC in resource-restricted environments.
منابع مشابه
One-key Double-Sum MAC with Beyond-Birthday Security
MACs (Message Authentication Codes) are widely adopted in communication systems to ensure data integrity and data origin authentication, e.g. CBC-MACs in the ISO standard 9797-1. However, all the current designs either suffer from birthday attacks or require long key sizes. In this paper, we focus on designing beyond-birthday-bound MAC modes with a single key, and investigate their design princ...
متن کاملBuilding Single-Key Beyond Birthday Bound Message Authentication Code
MACs (Message Authentication Codes) are widely adopted in communication systems to ensure data integrity and data origin authentication, e.g. CBC-MACs in the ISO standard 9797-1. However, all the current designs based on block cipher either suffer from birthday attacks or require long key sizes. In this paper, we focus on designing single keyed block cipher based MAC achieving beyond-birthday-b...
متن کاملLifting the Security of NI-MAC Beyond Birthday Bound
In CRYPTO 1999, J. An and M. Bellare proposed a MerkleDamg̊ard iteration based MAC construction called NI-MAC in order to avoid constant re-keying on multiblock messages in NMAC and to ease the security proof. In CRYPTO 2014, Gazi et al. revisited the proof of NI-MAC in the view of structure graph introduced by Bellare et al. in CRYPTO 2005 and gave a tight bound of order lq 2 2n , which is an i...
متن کاملOne-Key Compression Function Based MAC with Security Beyond Birthday Bound
Gaži et al. [CRYPTO 2014] analyzed the NI-MAC construction proposed by An and Bellare [CRYPTO 1999] and gave a tight birthday-bound ofO(`q/2), as an improvement over the previous bound of O(`q/2). In this paper, we design a simple extension of NI-MAC, called NI-MAC, and prove that it has security bound beyond birthday (BBB) of order O(q`/2) provided ` ≤ 2. Our construction not only lifts the se...
متن کاملTweakable Blockciphers with Beyond Birthday-Bound Security
Liskov, Rivest and Wagner formalized the tweakable blockcipher (TBC) primitive at CRYPTO’02. The typical recipe for instantiating a TBC is to start with a blockcipher, and then build up a construction that admits a tweak. Almost all such constructions enjoy provable security only to the birthday bound, and the one that does achieve security beyond the birthday bound (due to Minematsu) severely ...
متن کامل