Probability to meet in the middle
Journal of Cryptology
Extended Models for Message Authentication
Information Security and Cryptology --- ICISC 2008
How to enhance the security of the 3GPP confidentiality and integrity algorithms
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Forgery and key recovery attacks on PMAC and mitchell's TMAC variant
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
3kf9: enhancing 3GPP-MAC beyond the birthday bound
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
Forgery and key-recovery attacks are described on the 3gpp-MAC scheme, proposed for inclusion in the 3gpp specification. Three main classes of attack are given, all of which operate whether or not truncation is applied to the MAC value. Attacks in the first class use a large number of 'chosen MACs', those in the second class use a large number of 'known MACs', and those in the third class require a large number of MAC verifications, but very few known MACs and no chosen MACs. The first class yields both forgery and key-recovery attacks, whereas the second and third classes are key-recovery attacks only. Both single-key and two-key variants of 3gpp-MAC are considered; the forgery attacks are relevant to both variants, whereas the key-recovery attacks are only relevant to the two-key variant.