Handbook of Applied Cryptography
Handbook of Applied Cryptography
Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
On the security of iterated message authentication codes
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
This paper is concerned with the design of cryptographic APIs (Application Program Interfaces), and in particular with the part of such APIs concerned with computing Message Authentication Codes (MACs). In some cases it is necessary for the cryptographic API to offer the means to 'part-compute' a MAC, i.e. perform the MAC calculation for a portion of a data string. In such cases it is necessary for the API to input and output 'chaining variables'. As we show in this paper, such chaining variables need very careful handling lest they increase the possibility of MAC key compromise. In particular, chaining variables should always be output in encrypted form; moreover the encryption should operate so that re-occurrence of the same chaining variable will not be evident from the ciphertext.