A New MAC Construction ALRED and a Specific Instance ALPHA-MAC

  • Joan Daemen
  • Vincent Rijmen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3557)


We present a new way to construct a MAC function based on a block cipher. We apply this construction to AES resulting in a MAC function that is a factor 2.5 more efficient than CBC-MAC with AES, while providing a comparable claimed security level.


Block Cipher Advance Encryption Standard Iteration Function Round Function Forgery Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    ANSI X9.19, Financial institution retail message authentication. American Bankers Association (1986)Google Scholar
  2. 2.
    Federal Information Processing Standard 180-2, Secure Hash Standard, National Institute of Standards and Technology, U.S. Department of Commerce (August 2002)Google Scholar
  3. 3.
    Federal Information Processing Standard 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce (November 2001)Google Scholar
  4. 4.
    Federal Information Processing Standard 198, The Keyed-Hash Message Authentication Code (HMAC), National Institute of Standards and Technology, U.S. Department of Commerce (March 2002)Google Scholar
  5. 5.
    ISO/IEC 9797-1, Information technology - Security Techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher, ISO (1999)Google Scholar
  6. 6.
    Performance of optimized implementations of the NESSIE primitives, version 2.0, The NESSIE Consortium (2003),
  7. 7.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  8. 8.
    Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and secure message authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–233. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Black, J.A., Rogaway, P.: CBC mACs for arbitrary-length messages:The three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    den Boer, B., Van Rompay, B., Preneel, B., Vandewalle, J.: New (Two-track-)MAC based on the two trails of RIPEMD. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 314–324. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Brincat, K., Mitchell, C.J.: New CBC-MAC forgery attacks. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 3–14. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Coppersmith, D., Mitchell, C.J.: Attacks on MacDES MAC Algorithm. Electronics Letters 35, 1626–1627 (1999)CrossRefGoogle Scholar
  13. 13.
    Coppersmith, D., Knudsen, L.R., Mitchell, C.J.: Key recovery and forgery attacks on the macDES MAC algorithm. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 184–196. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael. AES Round 1 Technical Evaluation CD-1: Documentation, National Institute of Standards and Technology (August 1998)Google Scholar
  15. 15.
    Davies, D.W.: A message authenticator algorithm suitable for a mainframe computer. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 393–400. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  16. 16.
    Iwata, T., Kurosawa, K.: OMAC: One-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Jaulmes, É., Joux, A., Valette, F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: A new construction. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 237–251. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Joux, A., Poupard, G., Stern, J.: New attacks against standardized mACs. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 170–181. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Knudsen, L.R., Preneel, B.: MacDES: a new MAC algorithm based on DES. Electronics Letters 34(9), 871–873 (1998)CrossRefGoogle Scholar
  20. 20.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)Google Scholar
  21. 21.
    Knudsen, L.R., Mitchell, C.J.: Partial key recovery attack against RMAC. Journal of Cryptology (to appear)Google Scholar
  22. 22.
    Kurosawa, K., Iwata, T.: TMAC: Two-key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 265–273. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  24. 24.
    Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast mACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)Google Scholar
  25. 25.
    Preneel, B., van Oorschot, P.C.: A key recovery attack on the ANSI X9.19 retail MAC. Electronics Letters 32, 1568–1569 (1996)CrossRefGoogle Scholar
  26. 26.
    Preneel, B., van Oorschot, P.C.: On the security of iterated Message Authentication Codes. IEEE Trans. on Information Theory IT-45(1), 188–199 (1999)CrossRefGoogle Scholar
  27. 27.
    Rivest, R.: The MD4 message digest algorithm, Network Working Group Request for Comments:1186 (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Joan Daemen
    • 1
  • Vincent Rijmen
    • 2
    • 3
  1. 1.STMicroelectronicsBelgium
  2. 2.IAIKGraz University of Technology 
  3. 3.Cryptomathic A/S 

Personalised recommendations