Key Recovery Attacks on the RMAC, TMAC, and IACBC

Sung, Jaechul; Hong, Deukjo; Lee, Sangjin

doi:10.1007/3-540-45067-X_23

Jaechul Sung⁵,
Deukjo Hong⁶ &
Sangjin Lee⁶

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2727))

Included in the following conference series:

Australasian Conference on Information Security and Privacy

4624 Accesses
5 Citations

Abstract

The RMAC[6] is a variant of CBC-MAC, which resists birthday attacks and gives provably full security. The RMAC uses 2k-bit keys and the size of the RMAC is 2n, where n is the size of underlying block cipher. The TMAC[10] is the improved MAC scheme of XCBC[4] such that it requires (k +n)-bit keys while the XCBC requires (k +2n)-bit keys. In this paper, we introduce trivial key recovery attack on the RMAC with about 2ⁿ computations, which is more realistic than the attacks in [9]. Also we give a new attack on the TMAC using about 2^n/2+1 texts, which can recover an (k + n)-bit key. However this attack can not be applied to the XCBC. Furthermore we analyzed the IACBC mode[8], which gives confidentiality and message integrity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

M. Bellare, J. Kilian, and P. Rogaway, The Security of the Cipher Block Chaining Message Authentication Code, Advanced in Cryptology — CRYPTO’94, LNCS 839, pp. 341–358, Springer-Verlag, 1994.
Google Scholar
A. Berendschot, B. den Boer, J. P. Boly, A. Bosselaers, J. Brandt, D. Chaum, I. Damgård, M. Dichtl, W. Fumy, M. van der Ham, C. J. A. Jansen, P. Landrock, B. Preneel, G. Roelofsen, P. de Rooij, and J. Vandewalle, Integrity Primitives for Secure Information System, Final Report of RACE integrity primitives evaluation (RIPE-RACE 1040), RIPE Integrity Primitives, LNCS 1007, pp. 226, Springer-Verlag, 1995.
Google Scholar
E. Biham, How to Decrypt or Even Substitute DES-encrypted message in 2²⁸ steps, Information Proceeding Letters, vol. 84, Issue 3, 117–124, Elsevier Science, 15 November, 2002.
Google Scholar
J. Black and P. Rogaway, CBC-MACs for Arbitray-Length Messages: The Three Key Constructions, Advanced in Cryptology — CRYPTO 2000, LNCS 1880, pp. 197–215, Springer-Verlag, 2000.
Chapter Google Scholar
ISO/IEC 9797-1 Information technology — Security techniques — Message Authentication Codes (MACs) — Part I: Mechanisms using a block cipher, International Organization for Standardization, Geneve, Swizerland, 1999.
Google Scholar
É. Jaulmes, A. Joux, and F. Valette, On the Security of Randomized CBC-MAC beyond the Birthday Limit: A New Construction, Fast Software Encryption 2002, LNCS 2365, pp. 237–251, Springer-Verlag, 2002.
Chapter Google Scholar
A. Joux, G. Martinet, and F. Vallete, Blockwise-Adaptive Attackers — Revisiting the (In)Security of Some Provably Secure Encryption Modes: CBC, GEM, IACBC, Advances in Cryptology — CRYPTO 2002, LNCS 2442, pp. 17–30, Springer-Verlag, 2002.
Chapter Google Scholar
C. S. Jutla, Encryption Modes with Almost Free Message Integrity, Advances in Cryptology — EUROCRYPT 2001, LNCS 2045, pp. 529–544, Springer-Verlag, 2001.
Chapter Google Scholar
T. Kohno, Key-Collision Attacks against RMAC, The preliminary version published on eprint, October 21, 2002. Available at http://eprint.iacr.org/2002/159/.
Google Scholar
K. Kurosawa and T. Iwata, TMAC: Two-Key CBC MAC, Topics in Cryptology-CT-RSA 2003(The Cryptographers Track at the RSA Conference 2003), LNCS 2612, pp. 33–49, Springer-Verlag, 2003. Also available at http://csrc.nist.gov/encryption/modes.
Chapter Google Scholar
National Bureau of Standards, DES modes of operation, FIPS-Pub.46, National Bureau of Standards, U.S. Department of Commerce, Washington D.C., December 1980.
Google Scholar
National Institute of Standards and Technology, AES Mode of Operation Development Effort, Available at http://csrc.nist.gov/encryption/modes.
Google Scholar
E. Petrank and C. Rackofff, CBC-MAC for Real Time Data Sources, Journal of Cryptology, vol. 13, no.3, pp. 315–318, 2000.
Article MATH MathSciNet Google Scholar

Download references

Author information

Authors and Affiliations

Cryptographic Technology Team, Korea Information Security Agency(KISA), 78, Karag-Dong, Songpa-Gu, Seoul, Korea
Jaechul Sung
Center for Information Security Technologies(CIST), Korea University, Anam-Dong 5-ga, Sungbuk-Gu, Seoul, Korea
Deukjo Hong & Sangjin Lee

Authors

Jaechul Sung
View author publications
You can also search for this author in PubMed Google Scholar
Deukjo Hong
View author publications
You can also search for this author in PubMed Google Scholar
Sangjin Lee
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Technology and Computer Science, University of Wollongong, Wollongong, NSW, 2522, Australia
Rei Safavi-Naini & Jennifer Seberry &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Sung, J., Hong, D., Lee, S. (2003). Key Recovery Attacks on the RMAC, TMAC, and IACBC. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_23

Download citation

DOI: https://doi.org/10.1007/3-540-45067-X_23
Published: 18 June 2003
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40515-3
Online ISBN: 978-3-540-45067-2
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics