Advertisement

The Sum of CBC MACs Is a Secure PRF

  • Kan Yasuda
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5985)

Abstract

We present a new message authentication code (MAC) based on block ciphers. Our new MAC algorithm, though twice as slow as an ordinary CBC MAC, can be proven to be a pseudo-random function secure against O(22n/3) queries, under the assumption that the underlying n-bit block cipher is a secure pseudo-random permutation. Our design is quite simple, being similar to Algorithm 5 (and 6) of ISO/IEC 9797-1:1999—we just take the sum (xor) of two encrypted CBC MACs. We remark that no proof of security above the birthday bound (2 n/2) has been known for the sum of CBC MACs. The sum construction now becomes the first realization of a block-cipher-based, deterministic, stateless MAC algorithm being provably secure beyond the birthday bound of O(2 n/2) and running with practical efficiency.

Keywords

PRP PRF sum construction ISO/IEC 9797-1:1999 collision game-playing proof lazy sampling 64-bit block cipher 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ANSI. Triple Data Encryption Algorithm modes of operation. X9.52:1998 (1998)Google Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  3. 3.
    Bellare, M., Guérin, R., Rogaway, P.: XOR MACs: New methods for message authentication using finite pseudorandom functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)Google Scholar
  4. 4.
    Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Bellare, M., Pietrzak, K., Rogaway, P.: Improved security analyses for CBC MACs. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 527–545. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and secure message authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–233. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: The three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Pietrzak, K., Puniya, P.: A new mode of operation for block ciphers and length-preserving MACs. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 198–219. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Steinberger, J.P.: Message authentication codes from unpredictable block ciphers. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 267–285. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Gligor, V.D., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 92–108. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–327. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Iwata, T., Kurosawa, K.: OMAC: One-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)Google Scholar
  17. 17.
    Iwata, T., Yasuda, K.: HBS: A single-key mode of operation for deterministic authenticated encryption. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 394–415. Springer, Heidelberg (2009)Google Scholar
  18. 18.
    Jaulmes, É., Joux, A., Valette, F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: A new construction. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 237–251. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Jia, K., Wang, X., Yuan, Z., Xu, G.: Distinguishing and second-preimage attacks on CBC-like MACs. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 349–361. Springer, Heidelberg (2009)Google Scholar
  20. 20.
    Joux, A., Poupard, G., Stern, J.: New attacks against standardized MACs. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 170–181. Springer, Heidelberg (2003)Google Scholar
  21. 21.
    JTC1. ISO/IEC 9797-1:1999 Information technology—Security techniques—Message Authentication Codes (MACs)—Part 1: Mechanisms using a block cipher (1999)Google Scholar
  22. 22.
    Kurosawa, K., Iwata, T.: TMAC: Two-key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 33–49. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Lucks, S.: The sum of PRPs is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–484. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. 24.
    Minematsu, K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman, O. (ed.) Fast Software Encryption. LNCS, vol. 5665, pp. 308–326. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Nandi, M.: Fast and secure CBC-type MAC algorithms. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 375–393. Springer, Heidelberg (2009)Google Scholar
  26. 26.
    NIST. Advanced Encryption Standard (AES). FIPS 197 (2001)Google Scholar
  27. 27.
    NIST. Recommendation for block cipher modes of operation: The CMAC mode for authentication. SP 800-38B (2005)Google Scholar
  28. 28.
    NIST. Request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Federal Register Notice, November 2 (2007)Google Scholar
  29. 29.
    Patarin, J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004)Google Scholar
  30. 30.
    Petrank, E., Rackoff, C.: CBC MAC for real-time data sources. J. Cryptology 13(3), 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)Google Scholar
  32. 32.
    Satoh, A., Sugawara, T., Aoki, T.: High-speed pipelined hardware architecture for Galois Counter Mode. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 118–129. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Kan Yasuda
    • 1
  1. 1.NTT Information Sharing Platform LaboratoriesNTT CorporationTokyoJapan

Personalised recommendations