scholarly journals Single Key Variant of PMAC_Plus

2017 ◽  
pp. 268-305 ◽  
Author(s):  
Nilanjan Datta ◽  
Avijit Dutta ◽  
Mridul Nandi ◽  
Goutam Paul ◽  
Liting Zhang
Keyword(s):  
Standard Model ◽  
Design Principle ◽  
Block Cipher ◽  
Black Box ◽  
Arbitrary Field ◽  
Message Authentication ◽  
Message Authentication Code ◽  
Authentication Code ◽  
Parallel Network ◽  
Beyond Birthday Bound

At CRYPTO 2011, Yasuda proposed the PMAC_Plus message authentication code based on an n-bit block cipher. Its design principle inherits the well known PMAC parallel network with a low additional cost. PMAC_Plus is a rate-1 construction like PMAC (i.e., one block cipher call per n-bit message block) but provides security against all adversaries (under black-box model) making queries altogether consisting of roughly upto 22n/3 blocks (strings of n-bits). Even though PMAC_Plus gives higher security than the standard birthday bound security, with currently available best bound, it provides weaker security than PMAC for certain choices of adversaries. Moreover, unlike PMAC, PMAC_Plus operates with three independent block cipher keys. In this paper, we propose 1k-PMAC_Plus, the first rate-1 single keyed block cipher based BBB (Beyond Birthday Bound) secure (in standard model) deterministic MAC construction without arbitrary field multiplications. 1k-PMAC_Plus, as the name implies, is a simple one-key variant of PMAC_Plus. In addition to the key reduction, we obtain a higher security guarantee than what was proved originally for PMAC_Plus, thus an improvement in two directions.

scholarly journals On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs

2019 ◽  
pp. 146-168
Author(s):  
Yaobin Shen ◽  
Lei Wang
Keyword(s):  
Block Cipher ◽  
Message Authentication ◽  
Message Authentication Code ◽  
Current Version ◽  
Authentication Code ◽  
Forgery Attack ◽  
International Standard ◽  
Single Pass ◽  
Previous Version ◽  
Beyond Birthday Bound

ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC 9797-1 with respect to the beyond-birthday bound security. More specifically, we evaluate the XOR combiner of single-pass CBC-like MACs, which was used in previous version of ISO/IEC 9797-1.

scholarly journals Novel Hardware Implementation of the Cipher Message Authentication Code

2008 ◽  
Vol 2008 ◽  
pp. 1-6 ◽  
Author(s):  
H. E. Michail ◽  
G. Selimis ◽  
M. Galanis ◽  
D. Schinianakis ◽  
C. E. Goutis
Keyword(s):  
Hardware Implementation ◽  
Block Cipher ◽  
Message Authentication ◽  
Message Authentication Code ◽  
Secret Key ◽  
Authentication Code ◽  
Security Scheme

A new algorithm for producing message authenticating codes (MACs) was recently proposed by NIST. The MAC protects both a message's integrity—by ensuring that a different MAC will be produced if the message has changed—as well as its authenticity because only someone who knows the secret key could have generated a valid MAC. The proposed security scheme incorporates an FIPS approved and secure block cipher algorithm and was standardized by NIST in May, 2005. In this paper is presented the first efficient hardware implementation of the CMAC standard.

Sign in / Sign up

Export Citation Format

Share Document