Skip to main content
SpringerLink
Log in

Cryptanalysis of message authentication codes

  • Invited Lecture
  • Conference paper
  • First Online:
Information Security (ISW 1997)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1396))

Included in the following conference series:

Abstract

This paper gives a survey of attacks on Message Authentication Codes (MACS). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACS. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACS described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA.

F.W.O. postdoctoral researcher, sponsored by the National Fund for Scientific Research – Flanders (Belgium).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ANSI X9.9 (revised), “Financial Institution Message Authentication (Wholesale),” American Bankers Association, April 7, 1986.

    Google Scholar 

  2. ANSI X9.19 “Financial Institution Retail Message Authentication,” American Bankers Association, August 13, 1986.

    Google Scholar 

  3. R. Atkinson, “Security architecture for the Internet Protocol,” Internet Request for Comments 1825, August 1995.

    Google Scholar 

  4. S. Bakhtiari, R. Safavi-Naini, J. Pieprzyk, “Keyed hash functions,” Cryptography: Policy and Algorithms, LNCS 1029, E. Dawson and J. Golić, Eds., Springer-Verlag, 1996, pp. 201–214.

    Google Scholar 

  5. M. Bellare, R. Canetti, H. Krawczyk, “Pseudorandom functions revisited: The cascade construction and its concrete security,” Proc. 37th Annual Symposium on the Foundations of Computer Science, IEEE, 1996, pp. 514–523. Full version via http://www-cse.ucsd.edu/users/mihir.

    Google Scholar 

  6. M. Bellare, R. Canetti, H. Krawczyk, “Keying hash functions for message authentication, ” Advances in Cryptology, Proceedings Crypto'96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 1–15. Full version: http:// www.research.ibm.com/security/.

    Google Scholar 

  7. M. Bellare, R. Guérin, P. Rogaway, “XOR MACs: new methods for message authentication using block ciphers,” Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 15–28.

    Google Scholar 

  8. M. Bellare, J. Kilian, P. Rogaway, “The security of cipher block chaining,” Advances in Cryptology, Proceedings Crypto'94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 341–358.

    Google Scholar 

  9. M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, “Minimal key lengths for symmetric ciphers to provide adequate commercial security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists,” January 1996.

    Google Scholar 

  10. F. Cohen, “A cryptographic checksum for integrity protection,” Computers & Security, Vol. 6, No. 5, 1987, pp. 505–510.

    Google Scholar 

  11. F. Cohen, “The ASP integrity toolkit. Version 3.5,” ASP Press, Pittsburgh (PA), 1991.

    Google Scholar 

  12. D. Davies, “A message authenticator algorithm suitable for a mainframe computer,” Advances in Cryptology, Proceedings Crypto'84, LNCS 196, G.R. Blakley and D. Chaum, Eds., Springer-Verlag, 1985, pp. 393–400.

    Google Scholar 

  13. D. Davies, D.O. Clayden, “The message authenticator algorithm (MAA) and its implementation,” NPL Report DITC 109/88, Feb. 1988.

    Google Scholar 

  14. D. Davies, W. Price, Security for Computer Networks, 2nd ed., Wiley, 1989.

    Google Scholar 

  15. W. Diffie, M.E. Hellman, “New directions in cryptography,” IEEE Trans. on Information Theory, Vol. IT-22, No. 6, 1976, pp. 644–654.

    Google Scholar 

  16. H. Dobbertin, A. Bosselaers, B. Preneel, “RIPEMD-160: a strengthened version of RIPEMD,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., SpringerVerlag, 1996, pp. 78–82.

    Google Scholar 

  17. FIPS 46, Data encryption standard, NBS, U.S. Department of Commerce, Washington D.C., Jan. 1977.

    Google Scholar 

  18. FIPS 180-1, Secure hash standard, NIST, US Department of Commerce, Washington D.C., April 1995.

    Google Scholar 

  19. S. Halevi, H. Krawczyk, “MMH: Software message authentication in the Gbit/second rates,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 172–189.

    Google Scholar 

  20. F. Heider, D. Kraus, M. Welschenbach, “Some preliminary remarks on the Decimal Shift and Add algorithm (DSA),” Abstracts Eurocrypt'86, May 20–22, 1986, Linköping, Sweden, p. 1.2. (Full paper available from the authors.)

    Google Scholar 

  21. Y.J. Huang, F. Cohen, “Some weak points of one fast cryptographic checksum algorithm and its improvement,” Computers & Security, Vol. 7, No. 5, 1988, pp. 503–505.

    Google Scholar 

  22. ISO 8731:1987, Banking — approved algorithms for message authentication, Part 1, DEA, Part 2, Message Authentication Algorithm (MAA).

    Google Scholar 

  23. ISO/IEC 9797:1994, Information technology — Data cryptographic techniques — Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm.

    Google Scholar 

  24. T. Johansson, “Bucket hashing with a small key size,” Advances in Cryptology, Proceedings Eurocrypt'97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 149–162.

    Google Scholar 

  25. T. Johansson, G. Kabatianskii, B. Smeets, “On the relation between A-codes and codes correcting independent errors,” Advances in Cryptology, Proceedings Eurocrypt'93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 1–11.

    Google Scholar 

  26. B. Kaliski, M. Robshaw, “Message authentication with MD5,” CryptoBytes (RSA Laboratories Technical Newsletter), Vol. 1, No. 1, Spring 1995, pp. 5–8.

    Google Scholar 

  27. S. Kent, “Security architecture for the Internet Protocol,” Internet Draft, July 1997.

    Google Scholar 

  28. L. Knudsen, “Chosen-text attack on CBC-MAC,” Electronics Letters, Vol. 33, No. 1, 1997, pp. 48–49.

    Google Scholar 

  29. H. Krawczyk, “New hash functions for message authentication,” Advances in Cryptology,Proceedings Eurocrypt'95, LNCS 921, L.C. Guillou and J. J. Quisquater, Eds., Springer-Verlag, 1995, pp. 301–310.

    Google Scholar 

  30. C. Linden, H. Block, “Sealing electronic money in Sweden,” Computers & Security, Vol. 1, No. 3, 1982, p. 226–230.

    Google Scholar 

  31. P. Metzger, W. Simpson, “IP Authentication using Keyed MD5“, Internet Request for Comments 1828, August 1995.

    Google Scholar 

  32. K. Ohta, M. Matsui, “Differential attack on message authentication codes,” Advances in Cryptology, Proceedings Crypto'93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 200–211.

    Google Scholar 

  33. B. Preneel, “Analysis and design of cryptographic hash functions,” Doctoral Dissertation, Katholieke Universiteit Leuven, 1993.

    Google Scholar 

  34. B. Preneel, A. Bosselaers, R. Govaerts, J. Vandewalle, “Cryptanalysis of a fast cryptographic checksum algorithm,” Computers & Security, Vol. 9, No. 3, 1990, pp. 257–262.

    Google Scholar 

  35. B. Preneel, M. Nuttin, V. Rijmen, J. Buelens, “Cryptanalysis of the CFB mode of the DES with a reduced number of rounds,” Advances in Cryptology, Proceedings Crypto'93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 212–223.

    Google Scholar 

  36. B. Preneel, V. Rijmen, P.C. van Oorschot, “A security analysis of the Message Authenticator Algorithm (MAA),” European Transactions on Telecommunications, Vol. 8, No. 5, 1997, pp. 455–470.

    Google Scholar 

  37. B. Preneel, P.C. van Oorschot, “MDx-MAC and building fast MACs from hash functions,” Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 1–14.

    Google Scholar 

  38. B. Preneel, P.C. van Oorschot, “On the security of two MAC algorithms,”Advances in Cryptology, Proceedings Eurocrypt'96, LNCS 1070, U. Maurer, Ed., Springer-Verlag, 1996, pp. 19–32.

    Google Scholar 

  39. B. Preneel, P.C. van Oorschot, “A key recovery attack on the ANSI X9.19 retail MAC,” Electronics Letters, Vol. 32, No. 17, 1996, pp. 1568–1569.

    Google Scholar 

  40. B. Preneel, P.C. van Oorschot, “On the security of iterated Message Authentication Codes,” submitted.

    Google Scholar 

  41. RIPE, “Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040),” LNCS 1007, A. Bosselaers and B. Preneel, Eds., Springer-Verlag, 1995.

    Google Scholar 

  42. R.L. Rivest, “The MD4 message digest algorithm,” Advances in Cryptology, Proceedings Crypto'90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 303–311.

    Google Scholar 

  43. R.L. Rivest, “The MD5 message-digest algorithm,” Request for Comments 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.

    Google Scholar 

  44. R.L. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120–126.

    Google Scholar 

  45. P. Rogaway, “Bucket hashing and its application to fast message authentication,” Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 29–42.

    Google Scholar 

  46. G.J. Simmons, “A survey of information authentication,” in “Contemporary Cryptology: The Science of Information Integrity,” G.J. Simmons, Ed., IEEE Press, 1991, pp. 381–419.

    Google Scholar 

  47. M.N. Wegman, J.L. Carter, “New hash functions and their use in authentication and set equality,” Journal of Computer and System Sciences, Vol. 22, No. 3, 1981, pp. 265–279.

    Google Scholar 

  48. M.J. Wiener, “Efficient DES key search,” Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the rump session of Crypto'93.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department Electrical Engineering-ESAT/COSIC, Katholieke Universiteit Leuven, K. Mercierlaan 94, B-3001, Heverlee, Belgium

    B. Preneel

Authors
  1. B. Preneel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Eiji Okamoto George Davida Masahiro Mambo

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Preneel, B. (1998). Cryptanalysis of message authentication codes. In: Okamoto, E., Davida, G., Mambo, M. (eds) Information Security. ISW 1997. Lecture Notes in Computer Science, vol 1396. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0030408

Download citation

  • DOI: https://doi.org/10.1007/BFb0030408

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64382-1

  • Online ISBN: 978-3-540-69767-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation