Abstract
This paper first presents a new distinguishing attack on the CBC-MAC structure based on block ciphers in cipher block chaining (CBC) mode. This attack detects a CBC-like MAC from random functions. The second result of this paper is a second-preimage attack on the CBC-MAC, which is an extension of the attack of Brincat and Mitchell. The attack also covers MT-MAC, PMAC and MACs with three-key enciphered CBC mode. Instead of exhaustive search, both types of attacks are of birthday attack complexity.
Keywords
Supported by the National Natural Science Foundation of China (NSFC Grant No. 60525201) and 973 Project (No.2007CB807902).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ANSI X9.9 (revised): Financial Institution Message Authentication (wholesale), American Bankers Association (1986)
ANSI X9.19: Financial Institution Retail Message Authentication, American Bankers Association (1986)
Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)
Brincat, K., Mitchell, C.J.: New CBC-MAC Forgery Attacks. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 3–14. Springer, Heidelberg (2001)
Bosselaers, A., Preneel, B. (eds.): RIPE 1992. LNCS, vol. 1007. Springer, Heidelberg (1995)
Black, J., Rogaway, P.: CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)
Black, J., Rogaway, P.: A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)
Coppersmith, D., Knudsen, L.R., Mitchell, C.J.: Key Recovery and Forgery Attacks on the MacDES MAC Algorithm. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 184–196. Springer, Heidelberg (2000)
Coppersmith, D., Mitchell, C.J.: Attacks on MacDES MAC algorithm. Electronics Letters 35, 1626–1627 (1999)
Dodis, Y., Pietrzak, K., Puniya, P.: A New Mode of Operation for Block Ciphers and Length-Preserving MACs. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 198–219. Springer, Heidelberg (2008)
ISO/IEC 9797–1, Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher. International Organization for Standardization, Genève, Switzerland (1999)
Knudsen, L.R.: Chosen-text Attack on CBC-MAC. Electronic Letters 33(1) (1997)
Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)
Kurosawa, K., Iwata, T.: TMAC: Two-Key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 265–273. Springer, Heidelberg (2003)
Minematsu, K., Tsunoo, Y.: Provably Secure MACs from Differentially-Uniform Permutations and AES-Based Implementations. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 226–241. Springer, Heidelberg (2006)
NIST, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST Special Publication 800-38B (2005)
Preneel, B., Knudsen, L.R.: MacDES: MAC algorithm based on DES. Electronic Letters 33(1) (1997)
Preneel, B., van Oorschot, P.C.: MDx-MAC and Building Fast MACs from Hash Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)
Preneel, B., van Oorschot, P.C.: Key Recovery Attack on ANSI X9.19 Retail MAC. Electronic Letters 32(17) (1996)
Petrank, E., Rackoff, C.: CBC MAC for Real-Time Data Sources. J. Cryptology 13(3), 315–338 (2000)
Wang, X., Wang, W., Jia, K., Wang, M.: New Distinguishing Attack on MAC using Secret-Prefix Method. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 363–374. Springer, Heidelberg (2009)
Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 121–133. Springer, Heidelberg (2009)
Yuan, Z., Jia, K., Wang, W., Wang, X.: Distinguishing and Forgery Attacks on Alred and Its AES-based Instance Alpha-MAC (2008), http://eprint.iacr.org/2008/516
Yuval, G.: How to Swindle Rabin. Cryptologia 3, 187–189 (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jia, K., Wang, X., Yuan, Z., Xu, G. (2009). Distinguishing and Second-Preimage Attacks on CBC-Like MACs. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds) Cryptology and Network Security. CANS 2009. Lecture Notes in Computer Science, vol 5888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10433-6_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-10433-6_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10432-9
Online ISBN: 978-3-642-10433-6
eBook Packages: Computer ScienceComputer Science (R0)