Your search keyword '"Message authentication code"' showing total 13 results

1. Recommendation for block cipher modes of operation : the CCM mode for authentication and confidentiality

Author

Dworkin, M. J.

Subjects

Authenticated encryption, Authentication, Block cipher, Confidentiality, Cryptography, Encryption, Information security, Message authentication code, Mode of operation

Abstract

Abstract: This Recommendation defines a mode of operation, called Counter with Cipher Block Chaining-Message Authentication Code (CCM), for a symmetric key block cipher algorithm. CCM may be used to provide assurance of the confidentiality and the authenticity of computer data by combining the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm.

Published

2007

2. Guideline for implementing cryptography in the federal government

Author

Lee, Annabelle

Subjects

Cryptographic algorithm, Cryptographic hash function, Cryptographic key, Cryptographic module, Digital signature, Key establishment, Key management, Message authentication code

Abstract

Abstract: The purpose of this document is to provide guidance to Federal agencies on how to select cryptographic controls for protecting Sensitive Unclassified1 information. This document focuses on Federal standards documented in Federal Information Processing Standards Publications (FIPS PUBs) and the cryptographic modules and algorithms that are validated against these standards. However, to provide additional information, other standards organizations, (e.g., American National Standards Institute (ANSI) and International Organization for Standardization (ISO)) are briefly discussed.

Published

1999

3. Constructing Rate-1 MACs from Related-Key Unpredictable Block Ciphers: PGV Model Revisited.

Author

Zhang, Liting, Wu, Wenling, Wang, Peng, Zhang, Lei, Wu, Shuang, and Liang, Bo

Abstract

Almost all current block-cipher-based MACs reduce their security to the pseudorandomness of their underlying block ciphers, except for a few of them to the unpredictability, a strictly weaker security notion than pseudorandomness. However, the latter MACs offer relatively low efficiency. In this paper, we investigate the feasibility of constructing rate-1 MACs from related-key unpredictable block ciphers. First, we show all the existing rate-1 MACs are insecure when instantiated with a special kind of related-key unpredictable block cipher. The attacks on them inspire us to propose an assumption that all the chaining values are available to adversaries for theoretically analyzing such MACs. Under this assumption, we study the security of 64 rate-1 MACs in keyed PGV model, and find that 1) 15 MACs are meaningless; 2) 25 MACs are vulnerable to three kinds of attacks respectively and 3) 24 MACs are provably secure when their underlying block ciphers are related-key unpredictable. Furthermore, we refine these 24 provably secure rate-1 MACs in Compact PGV model by removing a useless parameter away, and find that the resulting 6 provably secure MACs are in fact equivalent to each other. In the aspect of efficiency, however, the low rate of these secure MACs does not necessarily mean they can run faster than none rate-1 one MACs, due to their large number of key schedules. [ABSTRACT FROM AUTHOR]

Published

2010

4. How to Thwart Birthday Attacks against MACs via Small Randomness.

Author

Minematsu, Kazuhiko

Abstract

The security of randomized message authentication code, MAC for short, is typically depending on the uniqueness of random initial vectors (IVs). Thus its security bound usually contains O(q2/2n), when random IV is n bits and q is the number of MACed messages. In this paper, we present how to break this birthday barrier without increasing the randomness. Our proposal is almost as efficient as the well-known Carter-Wegman MAC, uses n-bit random IVs, and provides the security bound roughly O(q3/22n). We also provide blockcipher-based instantiations of our proposal. They are almost as efficient as CBC-MAC and the security is solely based on the pseudorandomness of the blockcipher. [ABSTRACT FROM AUTHOR]

Published

2010

5. An Integrated ECC-MAC Based on RS Code.

Author

Bhaumik, Jaydeb and Chowdhury, Dipanwita Roy

Abstract

This paper presents a message authentication code (MAC) with error-correcting capabilities which can be used for wireless transmission. Also the paper introduces a new nonlinear mixing function `Nmix΄ which is cryptographically strong compared to other existing method and secured against linear, differential and other conventional cryptanalysis. This nonlinear function is used to compute proposed MAC from check symbols of Reed-Solomon (RS) code. Our MAC is shown to be secured even if a fixed pad is used in MAC generation. [ABSTRACT FROM AUTHOR]

Published

2009

6. A Double-Piped Mode of Operation for MACs, PRFs and PROs: Security beyond the Birthday Barrier.

Author

Yasuda, Kan

Abstract

We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks΄ original design so that now the new mode works with a single key and operates as a multi-property-preserving domain extension of MACs (message authentication codes), PRFs (pseudo-random functions) and PROs (pseudo-random oracles). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound, most notably, high MAC security. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to ]> query complexity. This bound contrasts sharply with the birthday bound of ]> , which has been the best MAC security accomplished by earlier constructions. [ABSTRACT FROM AUTHOR]

Published

2009

7. A Single-Key Domain Extender for Privacy-Preserving MACs and PRFs.

Author

Yasuda, Kan

Abstract

We present a CBC (cipher block chaining)-like mode of operation for MACs (message authentication codes) using a hash function. The new construction iCBC (imbalanced CBC) does not follow the Merkle-Damgård design but rather iterates the underlying compression function directly in a CBC-like manner. Many of the prior MAC constructions, including HMAC, assume PRF (pseudo-random function) properties of the underlying primitive. In contrast, our iCBC-MAC makes only a PP-MAC (privacy-preserving MAC) assumption about the compression function. Despite the fact that PP-MAC is a strictly weaker requirement than PRF, iCBC-MAC works with a single key like HMAC and runs as efficiently as HMAC. Moreover, iCBC-MAC becomes even faster than HMAC, depending on the choice of security parameters. Additionally, iCBC-MAC is multi-property-preserving in the sense that it operates as a domain extender for both PP-MACs and PRFs. [ABSTRACT FROM AUTHOR]

Published

2009

8. Security of Truncated MACs.

Author

Wang, Peng, Feng, Dengguo, Lin, Changlu, and Wu, Wenling

Abstract

In all of the MAC standard documents, the tag truncation is defined. Even if a MAC can be proved to be secure in the sense of unforgeability, the truncated MAC may suffer from sudden loss of security. We propose a new notion of robust unforgeability to address this problem, which is strictly stronger than the notion of unforgeability. We also give some generic methods to turn the unforgeable MAC into robustly unforgeable one. Furthermore we propose a notion of variationally XOR universal hash function, which is strictly weaker than the previously proposed notion of variationally universal hash function by Krovetz and Rogaway, to strengthen the security of Wegman-Carter MACs to be robustly unforgeable. [ABSTRACT FROM AUTHOR]

Published

2009

9. A One-Pass Mode of Operation for Deterministic Message Authentication– Security beyond the Birthday Barrier.

Author

Yasuda, Kan

Abstract

We present a novel mode of operation which iterates a compression function f:{0,1}n + b→{0,1}n meeting a condition b ≥ 2n. Our construction can be viewed as a way of domain extension, applicable to a fixed-input-length PRF (pseudo-random function) ]> meeting the condition b ≥ 2n, which yields an arbitrary-input-length PRF ]> . Our construction accomplishes both high security (beyond the birthday barrier) and high efficiency (one-pass), with engineering considerations of being stateless, deterministic and single-keyed. [ABSTRACT FROM AUTHOR]

Published

2008

10. On the Unprovable Security of 2-Key XCBC.

Author

Wang, Peng, Feng, Dengguo, Wu, Wenling, and Zhang, Liting

Abstract

There has been extensive research focusing on improving CBC-MAC to operate on variable length messages with less keys and less blockcipher invocations. After Black and Rogaway΄s XCBC, Moriai and Imai proposed 2-Key XCBC, which replaced the third key of XCBC with its first key. Moriai and Imai ˵proved″ that 2-Key XCBC is secure if the underling blockcipher is a pseudorandom permutation (PRP). Our research shows that it is not the case. The security of 2-Key XCBC can not be proved under the solo assumption of PRP, even if it is a RPR-RK secure against some related-key attack. We construct a special PRP (PRP-RK) to show that the main lemma in [14] is not true and 2-Key XCBC using this PRP (PRP-RK) is totally insecure. [ABSTRACT FROM AUTHOR]

Published

2008

11. ˵Sandwich″ Is Indeed Secure: How to Authenticate a Message with Just One Hashing.

Author

Yasuda, Kan

Abstract

This paper shows that the classical ˵Sandwich″ method, which prepends and appends a key to a message and then hashes the data using Merkle-Damgård iteration, does indeed provide a secure Message Authentication Code (MAC). The Sandwich construction offers a single-key MAC which can use the existing Merkle-Damgård implementation of hash functions as is, without direct access to the compression function. Hence the Sandwich approach gives us an alternative for HMAC particularly in a situation where message size is small and high performance is required, because the Sandwich scheme is more efficient than HMAC: it consumes only two blocks of ˵waste″ rather than three as in HMAC, and it calls the hash function only once, whereas HMAC requires two invocations of hash function. The security result of the Sandwich method is similar to that of HMAC; namely, we prove that the Sandwich construction yields a PRF(Pseudo-Random Functions)-based MAC, provided that the underlying compression function satisfies PRF properties. In theory, the security reduction of the Sandwich scheme is roughly equivalent to that of HMAC, but in practice the requirements on the underlying compression function look quite different. Also, the security of the Sandwich construction heavily relies on the filling and padding methods to the data, and we show several ways of optimizing them without losing a formal proof of security. [ABSTRACT FROM AUTHOR]

Published

2007

12. Efficient Implementation of Pseudorandom Functions for Electronic Seal Protection Protocols.

Author

Lee, Mun-Kyu, Min, Jung Ki, Kang, Seok Hun, Chung, Sang-Hwa, Kim, Howon, and Kim, Dong Kyue

Abstract

One of the most promising applications of active RFID tags is electronic seal, which is an electronic device to guarantee the authenticity and integrity of freight containers and also provides physical protection like a lock. There are already many commercial electronic seal products and ongoing standardization activities such as ISO-18185 drafts. While electronic seals can provide freight containers with a high level of tamper resistance, the security problem of electronic seal itself should be solved, and a feasible solution would be to use symmetric key cryptography based primitives such as block ciphers and message authentication codes (MACs). This kind of approach has already been used in many security-related standards and it requires the implementation of pseudorandom functions (PRFs) for key derivation and authentication. In this paper, we consider secure and efficient implementation of PRFs on electronic seals and interrogators. We implement block cipher based PRFs and hash based PRFs and compare them from the viewpoint of efficiency. Since practical PRFs can be directly implemented using MACs, we consider implementation of various message authentication schemes; HMAC-MD5, HMAC-SHA1, AES-CBC-MAC, AES-CMAC and AES-XCBC-MAC. For interrogators, we design FPGA modules for these MAC algorithms since an interrogator has to guarantee high throughput to communicate with many electronic seals simultaneously. According to our analysis, AES based MACs consume smaller areas and their throughputs are significantly higher than hash based ones. For electronic seals, we implement MAC algorithms as a form of software module (C and assembly codes) over a small-scale microcontroller. Our experimental results show that AES based modules show much better performance, which coincide with the results in hardware implementation. Finally, we improve the above implementations further, where we concentrate on the optimization of AES based MACs. We use several well-known techniques such as use of block RAMs in FPGA, and loop unrolling and register reallocation in assembly code. [ABSTRACT FROM AUTHOR]

Published

2007

13. OPMAC: One-Key Poly1305 MAC.

Author

Wang, Dayin, Lin, Dongdai, and Wu, Wenling

Abstract

In this paper, we present One-Key Poly1305 MAC(OPMAC) and prove its security for arbitrary length message. OPMAC is deterministic and takes only one 16-byte key. Previously, Poly1305 MAC is nonce-based and requires two 16-byte keys and a 16-byte nonce, 48-byte in total. [ABSTRACT FROM AUTHOR]

Published

2006