• Tetsu Iwata
  • Kaoru Kurosawa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2887)


In this paper, we present One-key CBC MAC (OMAC) and prove its security for arbitrary length messages. OMAC takes only one key, K (k bits) of a block cipher E. Previously, XCBC requires three keys, (k+2n) bits in total, and TMAC requires two keys, (k+n) bits in total, where n denotes the block length of E.

The saving of the key length makes the security proof of OMAC substantially harder than those of XCBC and TMAC.


CBC MAC block cipher provable security 


  1. 1.
    Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. In: CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  2. 2.
    Berendschot, A., den Boer, B., Boly, J.P., Bosselaers, A., Brandt, J., Chaum, D., Damgård, I., Dichtl, M., Fumy, W., van der Ham, M., Jansen, C.J.A., Landrock, P., Preneel, B., Roelofsen, G., de Rooij, P., Vandewalle, J.: Final Report of RACE Integrity Primitives. LNCS, vol. 1007. Springer, Heidelberg (1995)Google Scholar
  3. 3.
    Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: The three key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Black, J., Rogaway, P.: Comments to NIST concerning AES modes of operations: A suggestion for handling arbitrary-length messages with the CBC MAC. In: Second Modes of Operation Workshop, Available at
  5. 5.
    Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    FIPS 113. Computer data authentication. Federal Information Processing Standards Publication 113, U. S. Department of Commerce / National Bureau of Standards, National Technical Information Service, Springfield, Virginia (1994)Google Scholar
  7. 7.
    ISO/IEC 9797-1. Information technology — security techniques — data integrity mechanism using a cryptographic check function employing a block cipher algorithm. International Organization for Standards, Geneva, Switzerland, 2nd edn. (1999)Google Scholar
  8. 8.
    Jaulmes, É., Joux, A., Valette, F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: A new construction. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 237–251. Springer, Heidelberg (2002), Full version is available at Cryptology ePrint Archive, Report 2001/074 CrossRefGoogle Scholar
  9. 9.
    Kurosawa, K., Iwata, T.: TMAC: Two-Key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 33–49. Springer, Heidelberg (2003), See also Cryptology ePrint Archive, Report 2002/092, CrossRefGoogle Scholar
  10. 10.
    Lidl, R., Niederreiter, H.: Introduction to finite fields and their applications, revised edn. Cambridge University Press, Cambridge (1994)Google Scholar
  11. 11.
    Petrank, E., Rackoff, C.: CBC MAC for real-time data sources. J.Cryptology 13(3), 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Rogaway, P.: Bucket hashing and its application to fast message authentication. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 29–42. Springer, Heidelberg (1995)Google Scholar
  13. 13.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of ACM Conference on Computer and Communications Security, ACM CCS 2001. ACM, New York (2001)Google Scholar
  14. 14.
    Vaudenay, S.: Decorrelation over infinite domains: The encrypted CBC-MAC case. Communications in Information and Systems (CIS) 1, 75–85 (2001); Earlier version in Selected Areas in Cryptography, Stinson, D.R., Tavares, S. (eds.): SAC 2000. LNCS, vol. 2012, pp. 57–71. Springer, Heidelberg (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Tetsu Iwata
    • 1
  • Kaoru Kurosawa
    • 1
  1. 1.Department of Computer and Information SciencesIbaraki UniversityHitachi, IbarakiJapan

Personalised recommendations