Confirmation that some hash functions are not collision free
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Structural Properties of One-way Hash Functions
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
A Known Plaintext Attack of FEAL-4 and FEAL-6
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of the Full 16-Round DES
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Differential cryptanalysis of feal and N-hash
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
A new method for known plaintext attack of FEAL cipher
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Collision free hash functions and public key signature schemes
EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
We discuss the security of Message Authentication Code (MAC) schemes from the viewpoint of differential attack, and propose an attack that is effective against DES-MAC and FEAL-MAC. The attack derives the secret authentication key in the chosen plaintext scenario. For example, DES(8-round)-MAC can be broken with 234 pairs of plaintext, while FEAL8-MAC can be broken with 222 pairs. The proposed attack is applicable to any MAC scheme, even if the 32-bits are randomly selected from among the 64-bits of ciphertext generated by a cryptosystem vulnerable to differential attack in the chosen plaintext scenario.