论文信息 - Differential Attack on Message Authentication Codes

Differential Attack on Message Authentication Codes

We discuss the security of Message Authentication Code (MAC) schemes from the viewpoint of differential attack, and propose an attack that is effective against DES-MAC and FEAL-MAC. The attack derives the secret authentication key in the chosen plaintext scenario. For example, DES(8-round)-MAC can be broken with 234 pairs of plaintext, while FEAL8-MAC can be broken with 222 pairs. The proposed attack is applicable to any MAC scheme, even if the 32-bits are randomly selected from among the 64-bits of ciphertext generated by a cryptosystem vulnerable to differential attack in the chosen plaintext scenario.

Mitsuru Matsui | Kazuo Ohta | K. Ohta | M. Matsui

[1] A. Shimizu,et al. Fast data encipherment algorithm FEAL-8 , 1978 .

[2] Eli Biham,et al. Differential Cryptanalysis of Feal and N-Hash , 1991, EUROCRYPT.

[3] Ivan Damgård,et al. Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[4] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[5] Kazuo Ohta,et al. Confirmation that Some Hash Functions Are Not Collision Free , 1991, EUROCRYPT.

[6] Ralph Howard,et al. Data encryption standard , 1987 .

[7] Eli Biham,et al. Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[8] Eli Biham,et al. Differential Cryptanalysis of the Full 16-Round DES , 1992, CRYPTO.

[9] Henri Gilbert,et al. A Known Plaintext Attack of FEAL-4 and FEAL-6 , 1991, CRYPTO.

[10] Eli Biham,et al. Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer , 1991, CRYPTO.

[11] D. Chaum,et al. Di(cid:11)erential Cryptanalysis of the full 16-round DES , 1977 .

[12] Mitsuru Matsui,et al. A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[13] Hideki Imai,et al. Structural Properties of One-way Hash Functions , 1990, CRYPTO.