Fast and Secure CBC-Type MAC Algorithms
نویسنده
چکیده
The CBC-MAC or cipher block chaining message authentication code, is a well-known method to generate message authentication codes. Unfortunately, it is not forgery-secure over an arbitrary domain. There are several secure variants of CBC-MAC, among which OMAC is a widely-used candidate. To authenticate an s-block message, OMAC costs (s+1) block cipher encryptions (one of these is a zero block encryption), and only one block cipher key is used. In this paper, we propose two secure and efficient variants of CBC-MAC: namely, GCBC1 and GCBC2. Our constructions cost only s block cipher encryptions to authenticate an s-block message, for all s ≥ 2. Moreover, GCBC2 needs only one block cipher encryption for almost all single block messages, and for all other single block messages, it costs two block cipher encryptions. We have also defined a class of generalized CBC-MAC constructions, and proved a sufficient condition for prf-security. In particular, we have provided an unified prf-security analysis of CBC-type constructions, e.g., XCBC, TMAC and our proposals GCBC1 and GCBC2.
منابع مشابه
Performance Comparison of Message Authentication Code (MAC) Algorithms for the Internet Protocol Security (IPSEC)
The cryptographic algorithms employed in Internet security must be able to handle packets which may vary in size over a large range. Most of the cryptographic hash algorithms process messages by partitioning them into large blocks. Due to this fact the messages have to be prepared by padding the required amount of zero bits to get an integer number of blocks. This process contributes a consider...
متن کاملCBC MAC for Real - Time Data
The Cipher Block Chaining (CBC) Message Authentication Code (MAC) is an authentication method which is widely used in practice. It is well known that the naive use of CBC MAC for variable length messages is not secure, and a few thumb rules for the correct use of CBC MAC are known by \folklore". The rst rigorous proof of the security of CBC MAC, when used on xed length messages, was given only ...
متن کاملThe AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This document is a submission to the IETF Internet Protocol Security (IPsec) Working Group. Comments are solicited and should be addresse...
متن کاملComments to NIST concerning AES Modes of Operations: A Suggestion for Handling Arbitrary-Length Messages with the CBC MAC
The CBC MAC is the customary way to make a message authentication code (MAC) from a block cipher. It is the subject of several standards, including [1, 5, 6]. It is well-known and well-understood. Given all this, it seems likely that the CBC MAC will be standardized as an AES mode of operation. In this note we suggest a nice version of the CBC MAC that one might select for this purpose. We reca...
متن کامل3kf9: Enhancing 3GPP-MAC beyond the Birthday Bound
Among various cryptographic schemes, CBC-based MACs belong to the few ones most widely used in practice. Such MACs iterate a blockcipher EK in the so called Cipher-Block-Chaining way, i.e. Ci = EK(Mi⊕Ci−1) , offering high efficiency in practical applications. In the paper, we propose a new deterministic variant of CBC-based MACs that is provably secure beyond the birthday bound. The new MAC 3kf...
متن کامل