Abstract
Decorrelation theory has recently been proposed in order to address the security of block ciphers and other cryptographic primitives over a finite domain. We show here how to extend it to infinite domains, which can be used in the Message Authentication Code (MAC) case. In 1994, Bellare, Kilian and Rogaway proved that CBC-MAC is secure when the input length is fixed. This has been extended by Petrank and Rackoff in 1997 with a variable length.
In this paper, we prove a result similar to Petrank and Rackoff’s one by using decorrelation theory. This leads to a slightly improved result and a more compact proof.
This result is meant to be a general proving technique for security, which can be compared to the approach which was announced by Maurer at CRYPTO’99.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Data Encryption Standard. Federal Information Processing Standard Publication 46, U. S. National Bureau of Standards, 1977.
ANSI X9.9. American National Standard-Financial Institution Message Authentication (Wholesale). ASC X9 Secretariat-American Bankers Association, 1986.
ISO 8731-2. Banking-Approved Algorithms for Message Authentication-Part 2: Message Authenticator Algorithm. International Organization for Standardization, Geneva, Switzerland, 1992.
RACE Project, Lectures Notes in Computer Science 1005, Springer-Verlag, 1995..
J. H. An, M. Bellare. Constructing VIL-MACs from FIL-MACs: Message Authentication under Weakened Assumptions. In Advances in Cryptology CRYPTO’99, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 1666, pp. 252–269, Springer-Verlag, 1999.
M. Bellare, J. Kilian, P. Rogaway. The Security of Cipher Block Chaining. In Advances in Cryptology CRYPTO’94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 341–358, Springer-Verlag, 1994.
E. Biham, A. Shamir. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
I. B. Damgård. A Design Principle for Hash Functions. In Advances in Cryptology CRYPTO’89, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 435, pp. 416–427, Springer-Verlag, 1990.
M. Luby, C. Rackoff. How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing, vol. 17, pp. 373–386, 1988.
M. Matsui. The first experimental cryptanalysis of the Data Encryption Standard. In Advances in Cryptology CRYPTO’94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 1–11, Springer-Verlag, 1994.
U. M. Maurer. A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom permutation generators. In Advances in Cryptology EUROCRYPT’92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 239–255, Springer-Verlag, 1993.
U. M. Maurer. Information-Theoretic Cryptography. Invited lecture. In Advances in Cryptology CRYPTO’99, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 1666, pp. 47–64, Springer-Verlag, 1999.
R. C. Merkle. One way Hash Functions and DES. In Advances in Cryptology CRYPTO’89, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 435, pp. 416–427, Springer-Verlag, 1990.
J. Patarin. Etude des Générateurs de Permutations Basés sur le Schéma du D.E.S., Thèse de Doctorat de l’Université de Paris 6, 1991.
J. Patarin. How to Construct Pseudorandom and Super Pseudorandom Permutations from One Single Pseudorandom Function. In Advances in Cryptology EUROCRYPT’ 92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 256–266, Springer-Verlag, 1993.
E. Petrank, C. Rackoff. CBC MAC for Real-Time Data Sources. Journal of Cryptology, vol. 13, pp. 315–338, 2000.
S. Vaudenay. Provable Security for Block Ciphers by Decorrelation. Invited talk. In STACS 98, Paris, France, Lectures Notes in Computer Science 1373, pp. 249–275, Springer-Verlag, 1998. Full Paper: technical report LIENS-98-8, Ecole Normale Supérieure, 1998. (http://ftp://ftp.ens.fr/pub/reports/liens/)
S. Vaudenay. Feistel Ciphers with L 2-Decorrelation. In Selected Areas in Cryptography, Kingston, Ontario, Canada, Lectures Notes in Computer Science 1556, pp. 1–14, Springer-Verlag, 1999.
S. Vaudenay. Resistance Against General Iterated Attacks. In Advances in Cryptology EUROCRYPT’99, Prague, Czech Republic, Lectures Notes in Computer Science 1592, pp. 255–271, Springer-Verlag, 1999.
S. Vaudenay. On the Lai-Massey Scheme.
S. Vaudenay. Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness. In Selected Areas in Cryptography, Kingston, Ontario, Canada, Lectures Notes in Computer Science 1758, pp. 49–61, Springer-Verlag, 2000.
S. Vaudenay. On Provable Security for Conventional Cryptography. Invited talk. (To appear in the proceedings of ICISC’ 99, LNCS, Springer-Verlag.)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (2001). Decorrelation over Infinite Domains: The Encrypted CBC-MAC Case. In: Stinson, D.R., Tavares, S. (eds) Selected Areas in Cryptography. SAC 2000. Lecture Notes in Computer Science, vol 2012. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44983-3_14
Download citation
DOI: https://doi.org/10.1007/3-540-44983-3_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42069-9
Online ISBN: 978-3-540-44983-6
eBook Packages: Springer Book Archive