Distinguishing and Second-Preimage Attacks on CBC-Like MACs

Authors:
Keting Jia;Xiaoyun Wang;Zheng Yuan;Guangwu Xu
Affiliations:
Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China 250100;Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China 250100 and Institute for Advanced Study, Tsinghua University, Beijing, C ...;Institute for Advanced Study, Tsinghua University, Beijing, China 100084 and Beijing Electronic Science and Technology Institute, Beijing, China 100070;Institute for Advanced Study, Tsinghua University, Beijing, China 100084 and Department of Electrical Engineering and Computer Science, University of Wisconsin-Milwaukee, USA
Venue:
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Year:
2009

Citing 11
Cited 3

New CBC-MAC Forgery Attacks

ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Key Recovery and Forgery Attacks on the MacDES MAC Algorithm

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
MDx-MAC and Building Fast MACs from Hash Functions

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
A Block-Cipher Mode of Operation for Parallelizable Message Authentication

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
New Distinguishing Attack on MAC Using Secret-Prefix Method

Fast Software Encryption
TMAC: two-key CBC MAC

CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
A new mode of operation for block ciphers and length-preserving MACs

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Provably secure MACs from differentially-uniform permutations and AES-Based implementations

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption

The sum of CBC MACs is a secure PRF

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Cryptanalyses on a merkle-damgård based MAC -- almost universal forgery and distinguishing-h attacks

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
A new security model to prevent denial-of-service attacks and violation of availability in wireless networks

International Journal of Communication Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper first presents a new distinguishing attack on the CBC-MAC structure based on block ciphers in cipher block chaining (CBC) mode. This attack detects a CBC-like MAC from random functions. The second result of this paper is a second-preimage attack on the CBC-MAC, which is an extension of the attack of Brincat and Mitchell. The attack also covers MT-MAC, PMAC and MACs with three-key enciphered CBC mode. Instead of exhaustive search, both types of attacks are of birthday attack complexity.