Abstract
There are extensive researches on how CBC-MAC can be modified in order to efficiently deal with messages of arbitrary lengths. Based on the three-key construction of XCBC by Black and Rogaway, Moriai and Imai improved the scheme and proposed an optimally efficient CBC-MAC variants with two key materials, that is called 2-key XCBC. They give a proof of the security in the same manner as 3-key XCBC. In this paper, we study 2-key XCBC, and discuss the security of 2-key XCBC used with real replacement to an ideal PRP. We show (1) a forgery based on the raw-key masking technique used in 2-key XCBC for a particular instance where Even-Mansour PRP construction is used, and (2) an attack that violates the provable security of DESX construction. Therefore, the raw-key masking technique, which is the core improvement of 2-key CBC, must be avoided unless an overall implementation is considered in detail. Moreover, we discuss 2-key XCBC with two promising real block ciphers AES and Camellia and note important security consideration concerning their uses with 2-key XCBC.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
K. Aoki, T. Ichikawa, M. Kanda, M. Matsui, S. Moriai, J. Nakajima, T. Tokita, “Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms —Design and Analysis,” In Selected Areas in Cryptography, 7th Annual International Workshop, SAC 2000, Proceedings, LNCS 2012, Springer-Verlag, 2001.
M. Bellare, A. Desai, E. Jokipii, P. Rogaway, “A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.
M. Bellare, J. Kilian, P. Rogaway, “The Security of Cipher Block Chaining,” Advances in Cryptology,-CRYPTO’94, LNCS Vol. 839, Springer-Verlag, 1994.
L. Brown, J. Pieprzyk, J. Seberry, “LOKI-A Cryptographic Primitive for Authentication and Secrecy Applications,” Advances in Cryptology-AUSCRYPT’ 90, Springer-Verlag, Lecture Notes in Computer Science Vol. 453, 1990.
J. Black, P. Rogaway, “CBC MACs for arbitrary-length messages: The three-key constructions,” Advances in Cryptology,-CRYPTO2000, LNCS 1880, Springer-Verlag, 2000.
J. Black, P. Rogaway, “A Block-Cipher Mode of Operation for Parallelizable Message Authentication,” Advances in Cryptology,-EUROCRYPT 2002, LNCS Vol. 2332, Springer-Verlag, 2002.
A. Biryukov, D. Wagner, “Advanced Slide attacks,” Advances in Cryptology,-EUROCRYPT 2000, LNCS Vol. 1807, Springer-Verlag, 2000.
J. Daemen, “Limitations of the Even-Mansour construction,” Advances in Cryptology-ASIACRYPT’91, LNCS, Vol. 739, Springer-Verlag, 1993.
J. Daemen, V. Rijmen, AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999, available at http://www.nist.gov/CryptoToolkit.
S. Even, Y. Mansour, “A construction of a cipher from a single pseudorandom permutation,” J of Cryptology, 10(3) 151–161, Summer 1997.
National Institute of Standards and Technology, Federal Information Processing Standards Publication 46-3, Data Encryption Standard (DES).
National Institute of Standards and Technology, Federal Information Processing Standards Publication 81, DES Modes of Operation (DES), 1980.
National Institute of Standards and Technology, Federal Information Processing Standards Publication 197, Advanced Encryption Standard (AES).
O. Goldreich and S. Goldwasser and S. Micali, “How to Construct Random Functions,” Journal of the ACM, 33(4), 1986, 792–807.
E. Jaulmes, A. Joux, F. Valette, “On the security of randomized CBC-MAC beyond the birthday paradox limit: a new construction,” in the Preproceedings of the Fast Software Encryption 2002, Leuven, Belgium, 2002.
L.R. Knudsen, “Cryptanalysis of LOKI,” Advances in Cryptology-ASIACRYPT’ 91, Springer-Verlag, 1993, pp. 22–35.
J. Kilian, P. Rogaway, “How to protect DES against exhaustive search (an analysis of DESX),” Advances in Cryptology-CRYPTO’96, Lecture Notes in Computer Science, Vol. 1190, Springer-Verlag, 1996.
K. Kurosawa, T. Iwata, “TMAC, Two-Key CBC MAC,” ePrint archive: eport 2002/092, available at http://eprint.iacr.org/2002/092/.
M Luby, C. Rackoff, “How to Construct Pseudorandom Permutations from Pseudorandom Functions,” SIAM J. Comput., Vol. 17, No. 2, April 1988.
C.J. Mitchell, “The security of two-key DESX,” COSIC Seminar, Katholieke Universiteit Leuven, 15th March 2002, Leuven, Belgium.
S. Moriai, H. Imai, “2-Key XCBC: The CBC-MAC for Arbitrary Length Messages by the Two-key Construction,” a talk at the Recent Results session of Fast Software Encryption 2002, Leuven, 2002.
S. Moriai, H. Imai, “2-Key XCBC: The CBC MAC for Arbitrary-Length Messages by the Two-Key Construction,” In the Proc. of SCIS2002, The 2002 Symposium on Cryptography and Information Security, The Institute of Electronics, Information and Communication Engineers, 2002 (in Japanese).
RACE. A. Berendschot, B. den Boer, J. Boly, A. Bosselaers, J. Brandt, D. Chaum, I. Damgaard, M. Dichtl, W. Fumy, M. van der Ham, C. Jansen, P. Landrock, B. Preneel, G. Roelofsen, P. de Rooij, J. Vandewalle, Final Report of Race Integrity Primitives, Lecture Notes in Computer Science, Vol. 1007, Springer-Verlag, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Furuya, S., Sakurai, K. (2002). Risks with Raw-Key Masking — The Security Evaluation of 2-Key XCBC . In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_28
Download citation
DOI: https://doi.org/10.1007/3-540-36159-6_28
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00164-5
Online ISBN: 978-3-540-36159-6
eBook Packages: Springer Book Archive