Integrity Primitives for Secure Information Systems: Final Ripe Report of Race Integrity Primitives Evaluation
How to decrypt or even substitute DES-Encrypted messages in 228 steps
Information Processing Letters
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Padding oracle attacks on multiple modes of operation
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Forgery and key recovery attacks on PMAC and mitchell's TMAC variant
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Partial key recovery attacks on XCBC, TMAC and OMAC
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
| Hi-index | 0.00 |
The RMAC[6] is a variant of CBC-MAC, which resists birthday attacks and gives provably full security. The RMAC uses 2k-bit keys and the size of the RMAC is 2n, where n is the size of underlying block cipher. The TMAC[10] is the improved MAC scheme of XCBC[4] such that it requires (k + n)-bit keys while the XCBC requires (k + 2n)-bit keys. In this paper, we introduce trivial key recovery attack on the RMAC with about 2n computations, which is more realistic than the attacks in [9]. Also we give a new attack on the TMAC using about 2n/2+1 texts, which can recover an (k + n)-bit key. However this attack can not be applied to the XCBC. Furthermore we analyzed the IACBC mode[8], which gives confidentiality and message integrity.