论文信息 - On the Security of a New Variant of OMAC

On the Security of a New Variant of OMAC

OMAC is a provably secure MAC scheme which NIST currently intends to specify as the modes recommendation. In August 2003, Mitchell proposed a variant of OMAC. We call it OMAC1′′. In this paper, we prove that OMAC1′′ is less secure than original OMAC. We show a security gap between them. As a result, we obtain a negative answer to Mitchell’s open question — OMAC1′′ is not provably secure even if the underlying block cipher is a PRP.

Kaoru Kurosawa | Tetsu Iwata

[1] John Black,et al. CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, CRYPTO.

[2] Kaoru Kurosawa,et al. TMAC: Two-Key CBC MAC , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3] Mihir Bellare,et al. A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[4] John Black,et al. A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[5] Kaoru Kurosawa,et al. On the Correctness of Security Proofs for the 3GPP Confidentiality and Integrity Algorithms , 2003, IMACC.

[6] Sangjin Lee,et al. Key Recovery Attacks on the RMAC, TMAC, and IACBC , 2003, ACISP.

[7] Mihir Bellare,et al. The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[8] Chris J. Mitchell,et al. On the security of XCBC, TMAC and OMAC , 2003 .

[9] Michael Luby,et al. How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.