Abstract
This paper gives a survey of attacks on Message Authentication Codes (MACS). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACS. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACS described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA.
F.W.O. postdoctoral researcher, sponsored by the National Fund for Scientific Research – Flanders (Belgium).
Preview
Unable to display preview. Download preview PDF.
References
ANSI X9.9 (revised), “Financial Institution Message Authentication (Wholesale),” American Bankers Association, April 7, 1986.
ANSI X9.19 “Financial Institution Retail Message Authentication,” American Bankers Association, August 13, 1986.
R. Atkinson, “Security architecture for the Internet Protocol,” Internet Request for Comments 1825, August 1995.
S. Bakhtiari, R. Safavi-Naini, J. Pieprzyk, “Keyed hash functions,” Cryptography: Policy and Algorithms, LNCS 1029, E. Dawson and J. Golić, Eds., Springer-Verlag, 1996, pp. 201–214.
M. Bellare, R. Canetti, H. Krawczyk, “Pseudorandom functions revisited: The cascade construction and its concrete security,” Proc. 37th Annual Symposium on the Foundations of Computer Science, IEEE, 1996, pp. 514–523. Full version via http://www-cse.ucsd.edu/users/mihir.
M. Bellare, R. Canetti, H. Krawczyk, “Keying hash functions for message authentication, ” Advances in Cryptology, Proceedings Crypto'96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 1–15. Full version: http:// www.research.ibm.com/security/.
M. Bellare, R. Guérin, P. Rogaway, “XOR MACs: new methods for message authentication using block ciphers,” Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 15–28.
M. Bellare, J. Kilian, P. Rogaway, “The security of cipher block chaining,” Advances in Cryptology, Proceedings Crypto'94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 341–358.
M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, “Minimal key lengths for symmetric ciphers to provide adequate commercial security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists,” January 1996.
F. Cohen, “A cryptographic checksum for integrity protection,” Computers & Security, Vol. 6, No. 5, 1987, pp. 505–510.
F. Cohen, “The ASP integrity toolkit. Version 3.5,” ASP Press, Pittsburgh (PA), 1991.
D. Davies, “A message authenticator algorithm suitable for a mainframe computer,” Advances in Cryptology, Proceedings Crypto'84, LNCS 196, G.R. Blakley and D. Chaum, Eds., Springer-Verlag, 1985, pp. 393–400.
D. Davies, D.O. Clayden, “The message authenticator algorithm (MAA) and its implementation,” NPL Report DITC 109/88, Feb. 1988.
D. Davies, W. Price, Security for Computer Networks, 2nd ed., Wiley, 1989.
W. Diffie, M.E. Hellman, “New directions in cryptography,” IEEE Trans. on Information Theory, Vol. IT-22, No. 6, 1976, pp. 644–654.
H. Dobbertin, A. Bosselaers, B. Preneel, “RIPEMD-160: a strengthened version of RIPEMD,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., SpringerVerlag, 1996, pp. 78–82.
FIPS 46, Data encryption standard, NBS, U.S. Department of Commerce, Washington D.C., Jan. 1977.
FIPS 180-1, Secure hash standard, NIST, US Department of Commerce, Washington D.C., April 1995.
S. Halevi, H. Krawczyk, “MMH: Software message authentication in the Gbit/second rates,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 172–189.
F. Heider, D. Kraus, M. Welschenbach, “Some preliminary remarks on the Decimal Shift and Add algorithm (DSA),” Abstracts Eurocrypt'86, May 20–22, 1986, Linköping, Sweden, p. 1.2. (Full paper available from the authors.)
Y.J. Huang, F. Cohen, “Some weak points of one fast cryptographic checksum algorithm and its improvement,” Computers & Security, Vol. 7, No. 5, 1988, pp. 503–505.
ISO 8731:1987, Banking — approved algorithms for message authentication, Part 1, DEA, Part 2, Message Authentication Algorithm (MAA).
ISO/IEC 9797:1994, Information technology — Data cryptographic techniques — Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm.
T. Johansson, “Bucket hashing with a small key size,” Advances in Cryptology, Proceedings Eurocrypt'97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 149–162.
T. Johansson, G. Kabatianskii, B. Smeets, “On the relation between A-codes and codes correcting independent errors,” Advances in Cryptology, Proceedings Eurocrypt'93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 1–11.
B. Kaliski, M. Robshaw, “Message authentication with MD5,” CryptoBytes (RSA Laboratories Technical Newsletter), Vol. 1, No. 1, Spring 1995, pp. 5–8.
S. Kent, “Security architecture for the Internet Protocol,” Internet Draft, July 1997.
L. Knudsen, “Chosen-text attack on CBC-MAC,” Electronics Letters, Vol. 33, No. 1, 1997, pp. 48–49.
H. Krawczyk, “New hash functions for message authentication,” Advances in Cryptology,Proceedings Eurocrypt'95, LNCS 921, L.C. Guillou and J. J. Quisquater, Eds., Springer-Verlag, 1995, pp. 301–310.
C. Linden, H. Block, “Sealing electronic money in Sweden,” Computers & Security, Vol. 1, No. 3, 1982, p. 226–230.
P. Metzger, W. Simpson, “IP Authentication using Keyed MD5“, Internet Request for Comments 1828, August 1995.
K. Ohta, M. Matsui, “Differential attack on message authentication codes,” Advances in Cryptology, Proceedings Crypto'93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 200–211.
B. Preneel, “Analysis and design of cryptographic hash functions,” Doctoral Dissertation, Katholieke Universiteit Leuven, 1993.
B. Preneel, A. Bosselaers, R. Govaerts, J. Vandewalle, “Cryptanalysis of a fast cryptographic checksum algorithm,” Computers & Security, Vol. 9, No. 3, 1990, pp. 257–262.
B. Preneel, M. Nuttin, V. Rijmen, J. Buelens, “Cryptanalysis of the CFB mode of the DES with a reduced number of rounds,” Advances in Cryptology, Proceedings Crypto'93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 212–223.
B. Preneel, V. Rijmen, P.C. van Oorschot, “A security analysis of the Message Authenticator Algorithm (MAA),” European Transactions on Telecommunications, Vol. 8, No. 5, 1997, pp. 455–470.
B. Preneel, P.C. van Oorschot, “MDx-MAC and building fast MACs from hash functions,” Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 1–14.
B. Preneel, P.C. van Oorschot, “On the security of two MAC algorithms,”Advances in Cryptology, Proceedings Eurocrypt'96, LNCS 1070, U. Maurer, Ed., Springer-Verlag, 1996, pp. 19–32.
B. Preneel, P.C. van Oorschot, “A key recovery attack on the ANSI X9.19 retail MAC,” Electronics Letters, Vol. 32, No. 17, 1996, pp. 1568–1569.
B. Preneel, P.C. van Oorschot, “On the security of iterated Message Authentication Codes,” submitted.
RIPE, “Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040),” LNCS 1007, A. Bosselaers and B. Preneel, Eds., Springer-Verlag, 1995.
R.L. Rivest, “The MD4 message digest algorithm,” Advances in Cryptology, Proceedings Crypto'90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 303–311.
R.L. Rivest, “The MD5 message-digest algorithm,” Request for Comments 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.
R.L. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120–126.
P. Rogaway, “Bucket hashing and its application to fast message authentication,” Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 29–42.
G.J. Simmons, “A survey of information authentication,” in “Contemporary Cryptology: The Science of Information Integrity,” G.J. Simmons, Ed., IEEE Press, 1991, pp. 381–419.
M.N. Wegman, J.L. Carter, “New hash functions and their use in authentication and set equality,” Journal of Computer and System Sciences, Vol. 22, No. 3, 1981, pp. 265–279.
M.J. Wiener, “Efficient DES key search,” Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the rump session of Crypto'93.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Preneel, B. (1998). Cryptanalysis of message authentication codes. In: Okamoto, E., Davida, G., Mambo, M. (eds) Information Security. ISW 1997. Lecture Notes in Computer Science, vol 1396. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0030408
Download citation
DOI: https://doi.org/10.1007/BFb0030408
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64382-1
Online ISBN: 978-3-540-69767-1
eBook Packages: Springer Book Archive