Cryptanalysis of Message Authentication Codes

This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA.

[1]  Hugo Krawczyk,et al.  MMH: Software Message Authentication in the Gbit/Second Rates , 1997, FSE.

[2]  Gustavus J. Simmons,et al.  Contemporary Cryptology: The Science of Information Integrity , 1994 .

[3]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[4]  Hugo Krawczyk,et al.  New Hash Functions For Message Authentication , 1995, EUROCRYPT.

[5]  Gustavus J. Simmons,et al.  A survey of information authentication , 1988, Proc. IEEE.

[6]  Fred Cohen,et al.  Some weak points of one fast cryptographic checksum algorithm and its improvement , 1988, Comput. Secur..

[7]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[8]  Bart Preneel,et al.  Key recovery attack on ANSI X9.19 retail MAC , 1996 .

[9]  Bart Preneel,et al.  Integrity Primitives for Secure Information Systems , 2005, Lecture Notes in Computer Science.

[10]  Bart Preneel,et al.  On the Security of Two MAC Algorithms , 1996, EUROCRYPT.

[11]  Joos Vandewalle,et al.  Cryptanalysis of a fast cryptographic checksum algorithm , 1990, Comput. Secur..

[12]  Fred Cohen A cryptographic checksum for integrity protection , 1987, Comput. Secur..

[13]  Mitsuru Matsui,et al.  Differential Attack on Message Authentication Codes , 1993, CRYPTO.

[14]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[15]  Donald W. Davies,et al.  A Message Authenticator Algorithm Suitable for A Mainframe Computer , 1985, CRYPTO.

[16]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[17]  Christer Lindén,et al.  Sealing electronic money in Sweden , 1982, Comput. Secur..

[18]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[19]  Perry Metzger,et al.  IP Authentication using Keyed MD5 , 1995, RFC.

[20]  Vincent Rijmen,et al.  Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds , 1993, CRYPTO.

[21]  Bart Preneel,et al.  Security analysis of the message authenticator algorithm (MAA) , 1997, Eur. Trans. Telecommun..

[22]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[23]  Bart Preneel,et al.  Integrity Primitives for Secure Information Systems: Final RIPE Report of RACE Integrity Primitives Evaluation , 1995 .

[24]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[25]  Ralph Howard,et al.  Data encryption standard , 1987 .

[26]  Phillip Rogaway Bucket Hashing and its Application to Fast Message Authentication , 1995, CRYPTO.

[27]  Thomas Johansson,et al.  Bucket Hashing with a Small Key Size , 1997, EUROCRYPT.

[28]  Lars R. Knudsen,et al.  Chosen-text attack on CBC-MAC , 1997 .

[29]  Josef Pieprzyk,et al.  Keyed Hash Functions , 1995, Cryptography: Policy and Algorithms.

[30]  Bart Preneel,et al.  MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[31]  Joos Vandewalle,et al.  Integrity primitives for secure information systems : final report of RACE Integrity Primitives Evaluation RIPE-RACE 1040 , 1995 .

[32]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[33]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[34]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[35]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[36]  Thomas Johansson,et al.  On the Relation between A-Codes and Codes Correcting Independent Errors , 1994, EUROCRYPT.

[37]  Mihir Bellare,et al.  XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.