Cryptanalysis of Message Authentication Codes
نویسنده
چکیده
This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA.
منابع مشابه
A MAC Forgery Attack on SOBER-128
SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security...
متن کاملAnalysis and design of block cipher constructions
This thesis is dedicated to symmetric cryptographic algorithms. The major focus of the work is on block ciphers themselves as well as on hash functions and message authentication codes based on block ciphers. Three main approaches to the cryptanalysis of symmetric cryptographic algorithms are pursued. First, several block cipher constructions are analyzed mathematically using statistical crypta...
متن کاملCryptographic Primitives for Information Authentication - State of the Art
This paper describes the state of the art for cryptographic primitives that are used for protecting the authenticity of information: cryptographic hash functions and digital signature schemes; the first class can be divided into Manipulation Detection Codes (MDCs, also known as one-way and collision resistant hash functions) and Message Authentication Codes (or MACs). The theoretical background...
متن کاملOn the Security of Iterated Message Authentication Codes
The security of iterated message authentication code (MAC) algorithms is considered, and in particular those constructed from unkeyed hash functions. A new MAC forgery attack applicable to all deterministic iterated MAC algorithms is presented, which requires on the order of 2n=2 known text-MAC pairs for algorithms with n bits of internal memory, as compared to the best previous general attack ...
متن کاملDifferential Attack on Message Authentication Codes
We discuss the security of Message Authentication Code (MAC) schemes from the viewpoint of differential attack, and propose an attack that is effective against DES-MAC and FEAL-MAC. The attack derives the secret authentication key in the chosen plaintext scenario. For example, DES(8-round)-MAC can be broken with 2 pairs of plaintext, while FEAL8-MAC can be broken with 2 pairs. The proposed atta...
متن کامل