Analysis of RMAC

  • Lars R. Knudsen
  • Tadayoshi Kohno
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2887)


In this paper the newly proposed RMAC system is analysed. The scheme allows a (traditional MAC) attack some control over one of two keys of the underlying block cipher and makes it possible to mount several related-key attacks on RMAC. First, an efficient attack on RMAC when used with triple-DES is presented, which rely also on other findings in the proposed draft standard. Second, a generic attack on RMAC is presented which can be used to find one of the two keys in the system faster than by an exhaustive search. Third, related-key attacks on RMAC in a multi-user setting are presented. In addition to beating the claimed security bounds in NIST’s RMAC proposal, this work suggests that, as a general principle, one may wish to avoid designing modes of operation that use related keys.


Exhaustive Search Block Cipher Generic Attack Decryption Operation Block Cipher Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Biham, E.: How to decrypt or even substitute DES-encrypted messages in 228 steps. Information Processing Letters 84 (2002)Google Scholar
  2. 2.
    Jaulmes, E., Joux, A., Valette, F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: A new construction. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, p. 237. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, GDES, GOST, SAFER, and triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Knudsen, L.R., Preneel, B.: MacDES: a new MAC algorithm based on DES. Electronics Letters 34(9), 871–873 (1998)CrossRefGoogle Scholar
  5. 5.
    Mitchell, C.: Private communicationGoogle Scholar
  6. 6.
    NIST. DRAFT Recommendation for Block Cipher Modes of Operation: the RMAC Authentication Mode. NIST Special Publication 800-38B. October 18 (2002)Google Scholar
  7. 7.
    Rivest, R., Shamir, A.: Payword and Micromint: Two simple micropayment schemes. Cryptobytes 2(1), 7–11 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Lars R. Knudsen
    • 1
  • Tadayoshi Kohno
    • 2
  1. 1.Department of MathematicsTechnical University of Denmark 
  2. 2.Department of Computer Science and EngineeringUniversity of California at San Diego 

Personalised recommendations