Abstract
We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and envelope methods, are shown to be unsatisfactory. Motivated by the absence of a secure, fast MAC algorithm not based on encryption, a new generic construction (MDx-MAC) is proposed for transforming any secure hash function of the MD4-family into a secure MAC of equal or smaller bitlength and comparable speed.
N.F.W.O. postdoctoral researcher, sponsored by the National Fund for Scientific Research (Belgium).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, J. Kilian, P. Rogaway, “The security of cipher block chaining,” Proc. Crypto’94, LNCS 839, Springer-Verlag, 1994, pp. 341–358.
M. Bellare, R. Guérin, P. Rogaway, “XOR MACs: new methods for message authentication using block ciphers,” Proc. Crypto’95 (this volume).
F. Cohen, “A cryptographic checksum for integrity protection,” Computers & Security, Vol. 6, No. 5, 1987, pp. 505–510.
I.B. Damgård, “A design principle for hash functions,” Proc. Crypto’89, LNCS 435, Springer-Verlag, 1990, pp. 416–427.
D. Davies, “A message authenticator algorithm suitable for a mainframe computer,” Proc. Crypto’84, LNCS 196, Springer-Verlag, 1985, pp. 393–400.
D. Davies, D.O. Clayden, “The message authenticator algorithm (MAA) and its implementation,” NPL Report DITC 109/88, Feb. 1988.
D. Davies, W. Price, Security for Computer Networks, 2nd ed., Wiley, 1989.
B. den Boer, A. Bosselaers, “An attack on the last two rounds of MD4,” Proc. Crypto’91, LNCS 576, Springer-Verlag, 1992, pp. 194–203.
B. den Boer, A. Bosselaers, “Collisions for the compression function of MD5,” Proc. Eurocrypt’93, LNCS 765, Springer-Verlag, 1994, pp. 293–304.
FIPS 46, Data encryption standard, NBS, U.S. Department of Commerce, Washington D.C., Jan. 1977.
FIPS 81, DES modes of operation, NBS, US Department of Commerce, Washington D.C., Dec. 1980.
FIPS 180-1, Secure hash standard, NIST, US Department of Commerce, Washington D.C., April 1995.
J.M. Galvin, K. McCloghrie, J.R. Davin, “Secure management of SNMP networks,” Integrated Network Management, II, North Holland, 1991, pp. 703–714.
ISO 8731:1987, Banking-approved algorithms for message authentication, Part 1, DEA, IS 8731-1, Part 2, Message Authentication Algorithm (MAA), IS 8731-2.
ISO/IEC 9797:1993, Information technology-Data cryptographic techniques-Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm.
T. Johansson, G. Kabatianskii, B. Smeets, “On the relation between A-codes and codes correcting independent errors,” Proc. Eurocrypt’93, LNCS 765, Springer-Verlag, 1994, pp. 1–11.
R.R. Jueneman, S.M. Matyas, C.H. Meyer, “Message authentication with Manipulation Detection Codes,” Proc. 1983 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1983, pp. 33–54.
B. Kaliski, M. Robshaw, “Message authentication with MD5,” CryptoBytes (RSA Laboratories Technical Newsletter), Vol. 1, No. 1, Spring 1995, pp. 5–8.
H. Krawczyk, “LFSR-based hashing and authentication,” Proc. Crypto’94, LNCS 839, Springer-Verlag, 1994, pp. 129–139.
J. Linn, “The Kerberos Version 5 GSS-API Mechanism,” Internet Draft, Feb. 1995.
C. Mitchell, M. Walker, “Solutions to the multidestination secure electronic mail problem,” Computers & Security, Vol. 7, No. 5, 1988, pp. 483–488.
B. Preneel, Cryptographic Hash Functions, Kluwer Academic Publishers, 1995 (to appear).
RIPE, Race Integrity Primitives Evaluation (RIPE-RACE 1040): Final Report, LNCS, Springer-Verlag, 1995 (to appear).
R.L. Rivest, “The MD4 message digest algorithm,” Proc. Crypto’90, LNCS 537, Springer-Verlag, 1991, pp. 303–311.
R.L. Rivest, “The MD5 message-digest algorithm,” Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.
G. Tsudik, “Message authentication with one-way hash functions,” ACM Computer Communications Review, Vol. 22, No. 5, 1992, pp. 29–38.
S. Vaudenay, “On the need for multipermutations: cryptanalysis of MD4 and SAFER,” Fast Software Encryption, LNCS, Springer-Verlag, 1995 (to appear).
M.N. Wegman, J.L. Carter, “New hash functions and their use in authentication and set equality,” J. Computer Sys. Sciences, Vol. 22, No. 3, 1981, pp. 265–279.
M.J. Wiener, “Efficient DES key search,” Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the rump session of Crypto’93.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Preneel, B., van Oorschot, P.C. (1995). MDx-MAC and Building Fast MACs from Hash Functions. In: Coppersmith, D. (eds) Advances in Cryptology — CRYPT0’ 95. CRYPTO 1995. Lecture Notes in Computer Science, vol 963. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44750-4_1
Download citation
DOI: https://doi.org/10.1007/3-540-44750-4_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60221-7
Online ISBN: 978-3-540-44750-4
eBook Packages: Springer Book Archive