论文信息 - On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction

On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction

In this paper, we study the security of randomized CBC-MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC-MAC using an n-bit block cipher is the same as the security of the usual encrypted CBC-MAC using a 2n-bit block cipher. Moreover, this construction adds a negligible computational overhead compared to the cost of a plain, non-randomized CBC-MAC. We give a full standard proof of our construction using one pass of a block-cipher with 2n-bit keys but there also is a proof for n-bit keys block-ciphers in the random oracle model.

[1] Mihir Bellare,et al. The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[2] Bruce Schneier,et al. Building PRFs from PRPs , 1998, CRYPTO.

[3] Larry Carter,et al. New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[4] Hugo Krawczyk,et al. Stateless Evaluation of Pseudorandom Functions: Security beyond the Birthday Barrier , 1999, CRYPTO.

[5] Hugo Krawczyk,et al. Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[6] Mihir Bellare,et al. XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.

[7] John Black,et al. CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, Journal of Cryptology.

[8] Mihir Bellare,et al. Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[9] Bart Preneel,et al. MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[10] Mihir Bellare,et al. The Security of Cipher Block Chaining , 1994, CRYPTO.

[11] Michael Semanko. L-collision Attacks against Randomized MACs , 2000, CRYPTO.

[12] Hugo Krawczyk,et al. UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.