Handbook of Applied Cryptography
Handbook of Applied Cryptography
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A Block-Cipher Mode of Operation for Parallelizable Message Authentication
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Analysis of 3gpp-MAC and two-key 3gpp-MAC
Discrete Applied Mathematics - Special issue: International workshop on coding and cryptography (WCC 2001)
Partial Key Recovery Attack Against RMAC
Journal of Cryptology
Key recovery attacks on the RMAC, TMAC, and IACBC
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Partial key recovery attacks on XCBC, TMAC and OMAC
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
On the security of iterated message authentication codes
IEEE Transactions on Information Theory
Hi-index | 0.00 |
In this paper we discuss the security of PMAC, a provably secue and parallelizable MAC scheme proposed by Black and Rogaway, and Michell's TMAC variant, proposed to improve the security of TMAC. We show how to devise forgery attacks on PMAC and compare the success rate of our forgery attacks with their security bound. We also present forgery attacks on TMAC variant and show the security of TMAC variant is not improved in the sense of the forgery attack. Furthermore, key recovery attacks on PMAC and TMAC variant are presented in various parameters. Our results imply they have no significant advantage in comparison with other well-established MAC schemes.