Abstract
While standard message authentication codes (MACs) guarantee authenticity of messages, they do not, in general, guarantee the anonymity of the sender and the recipient. For example it may be easy for an observer to determine whether or not two authenticated messages were sent by the same party even without any information about the secret key used. However preserving any uncertainty an attacker may have about the identities of honest parties engaged in authenticated communication is an important goal of many cryptographic applications. For example this is stated as an explicit goal of modern cellphone authentication protocols [rGPP12] and RFID based authentication systems [Vau10].
In this work we introduce and construct a new fundamental cryptographic primitive called key indistinguishable (KI) MACs. These can be used to realize many of the most important higher-level applications requiring some form of anonymity and authenticity [AHM + 14a]. We show that much (though not all) of the modular MAC construction framework of [DKPW12] gives rise to several variants of KI MACs. On the one hand, we show that KI MACs can be built from hash proof systems and certain weak PRFs allowing us to base security on assumptions such as DDH, CDH and LWE. Next we show that the two direct constructions from the LPN assumption of [DKPW12] are KI, resulting in particularly efficient constructions based on structured assumptions. On the other hand, we also give a very simple and efficient construction based on a PRF which allows us to base KI MACs on some ideal primitives such as an ideal compression function (using HMAC) or block-cipher (using say CBC-MAC). In particular, by using our PRF construction, many real-world implementations of MACs can be easily and cheaply modified to obtain a KI MAC. Finally we show that the transformations of [DKPW12] for increasing the domain size of a MAC as well as for strengthening the type of unforgeability it provides also preserve (or even strengthen) the type of KI enjoyed by the MAC. All together these results provide a wide range of assumptions and construction paths for building various flavors of this new primitive.
The unabridged version of this paper appears in[AHM + 14b].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alwen, J., Hirt, M., Maurer, U., Patra, A., Raykov, P.: Anonymous authentication with shared secrets. Cryptology ePrint Archive, Report 2014/073 (2014), http://eprint.iacr.org/
Alwen, J., Hirt, M., Maurer, U., Patra, A., Raykov, P.: Key-indistinguishable message authentication codes. Cryptology ePrint Archive, Report 2014/107 (2014), http://eprint.iacr.org/
Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M., Golde, N., Redon, K., Borgaonkar, R.: New privacy issues in mobile telephony: fix and verification. In: ACM Conference on Computer and Communications Security, pp. 205–216. ACM (2012)
Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M.: Formal analysis of umts privacy, CoRR abs/1109.2066 (2011)
Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: The cascade construction and its concrete security. In: FOCS, pp. 514–523 (1996)
Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006)
Burmester, M., Le, T.V., de Medeiros, B., Tsudik, G.: Universally composable RFID identification and authentication protocols. ACM Trans. Inf. Syst. Secur. 12(4) (2009)
Burmester, M., Munilla, J.: Lightweight RFID authentication with forward and backward security. ACM Trans. Inf. Syst. Secur. 14(1), 11 (2011)
Bellare, M., Pietrzak, K., Rogaway, P.: Improved security analyses for CBC mACs. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 527–545. Springer, Heidelberg (2005)
Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012)
Dodis, Y., Kiltz, E., Pietrzak, K., Wichs, D.: Message authentication, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 355–374. Springer, Heidelberg (2012)
Deng, R.H., Li, Y., Yung, M., Zhao, Y.: A zero-knowledge based framework for RFID privacy. Journal of Computer Security 19(6), 1109–1146 (2011)
Dodis, Y., Steinberger, J.: Message authentication codes from unpredictable block ciphers. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 267–285. Springer, Heidelberg (2009)
Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)
Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011)
Iwata, T., Kurosawa, K.: Omac: One-key cbc mac. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)
Kohlweiss, M., Maurer, U., Onete, C., Tackmann, B., Venturi, D.: Anonymity-preserving public-key encryption: A constructive approach. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 19–39. Springer, Heidelberg (2013)
Kiltz, E., Pietrzak, K., Cash, D., Jain, A., Venturi, D.: Efficient authentication from hard learning problems. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 7–26. Springer, Heidelberg (2011)
Lee, M.-F., Smart, N.P., Warinschi, B., Watson, G.: Anonymity guarantees of the umts/lte authentication and connection protocol. Cryptology ePrint Archive, Report 2013/027 (2013), http://eprint.iacr.org/
National Institute of Standards and Technology, U.S. Department of Commerce, M Dworkin. Recommendation for block cipher modes of operation: the CMAC mode for authentication. NIST Special Publication 800-38B
Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: FOCS, pp. 458–467 (1997)
Pietrzak, K.: Subspace LWE. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 548–563. Springer, Heidelberg (2012)
3rd Generation Partnership Project. Ts 33.102 - 3g security; Security architecture v11.5.0 (2012)
Tsay, J.-K., Mjølsnes, S.F.: A vulnerability in the umts and lte authentication and key agreement protocols. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 65–76. Springer, Heidelberg (2012)
Vaudenay, S.: Privacy models for RFID schemes. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 65–65. Springer, Heidelberg (2010)
Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Alwen, J., Hirt, M., Maurer, U., Patra, A., Raykov, P. (2014). Key-Indistinguishable Message Authentication Codes. In: Abdalla, M., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2014. Lecture Notes in Computer Science, vol 8642. Springer, Cham. https://doi.org/10.1007/978-3-319-10879-7_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-10879-7_27
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10878-0
Online ISBN: 978-3-319-10879-7
eBook Packages: Computer ScienceComputer Science (R0)