Improved security analysis for OMAC as a pseudorandom function

Abstract This paper shows that the advantage of any q-query adversary (which makes at most q queries) for distinguishing OMAC from a uniform random function is roughly Lq 2/2 n . Here L is the number of blocks of the longest query and n is the output size of the uniform random function. The so far best bound is roughly σ2/2 n = O(L 2 q 2/2 n ) and hence our new bound is an improved bound. Our improved security analysis also works for OMAC1 and CMAC which has been recommended by NIST as a candidate of blockcipher based MAC.

[1]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[2]  Kaoru Kurosawa,et al.  OMAC: One-Key CBC MAC , 2003, IACR Cryptol. ePrint Arch..

[3]  Toshiyasu Matsushima,et al.  New Bounds for PMAC, TMAC, and XCBC , 2007, FSE.

[4]  John Black,et al.  CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, Journal of Cryptology.

[5]  Mridul Nandi,et al.  A Simple and Unified Method of Proving Indistinguishability , 2006, INDOCRYPT.

[6]  Mridul Nandi,et al.  Improved security analysis of PMAC , 2007, J. Math. Cryptol..

[7]  Mark Joye Topics in Cryptology -- CT-RSA 2003: The Cryptographers' Track at the RSA Conference 2003, San Francisco, CA, USA April 13-17, 2003, Proceedings , 2003 .

[8]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.

[9]  Mihir Bellare,et al.  The EAX Mode of Operation , 2004, FSE.

[10]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[11]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[12]  D. Bernstein A short proof of the unpredictability of cipher block chaining , .

[13]  John Black,et al.  CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, CRYPTO.

[14]  Charanjit S. Jutla PRF Domain Extension Using DAGs , 2005, IACR Cryptol. ePrint Arch..

[15]  Shai Halevi,et al.  Invertible Universal Hashing and the TET Encryption Mode , 2007, CRYPTO.

[16]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[17]  Seokhie Hong,et al.  Fast Software Encryption, 17th International Workshop, FSE 2010, Seoul, Korea, February 7-10, 2010, Revised Selected Papers , 2010, FSE.

[18]  Kaoru Kurosawa,et al.  Stronger Security Bounds for OMAC, TMAC, and XCBC , 2003, INDOCRYPT.

[19]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[20]  Kaoru Kurosawa,et al.  TMAC: Two-Key CBC MAC , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[21]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[22]  Mihir Bellare,et al.  Improved Security Analyses for CBC MACs , 2005, CRYPTO.