Differential Attack on Message Authentication Codes

Authors:
Kazuo Ohta;Mitsuru Matsui
Affiliations:
-;-
Venue:
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Year:
1993

Citing 10
Cited 0

Confirmation that some hash functions are not collision free

EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Differential Cryptanalysis of DES-like Cryptosystems

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Structural Properties of One-way Hash Functions

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
A Known Plaintext Attack of FEAL-4 and FEAL-6

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of the Full 16-Round DES

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Differential cryptanalysis of feal and N-hash

EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
A new method for known plaintext attack of FEAL cipher

EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Collision free hash functions and public key signature schemes

EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

We discuss the security of Message Authentication Code (MAC) schemes from the viewpoint of differential attack, and propose an attack that is effective against DES-MAC and FEAL-MAC. The attack derives the secret authentication key in the chosen plaintext scenario. For example, DES(8-round)-MAC can be broken with 234 pairs of plaintext, while FEAL8-MAC can be broken with 222 pairs. The proposed attack is applicable to any MAC scheme, even if the 32-bits are randomly selected from among the 64-bits of ciphertext generated by a cryptosystem vulnerable to differential attack in the chosen plaintext scenario.