Article

MDx-MAC and Building Fast MACs from Hash Functions

Authors:

Paul C. van OorschotAuthors Info & Claims

CRYPTO '95: Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology

Pages 1 - 14

Published: 27 August 1995 Publication History

Abstract

We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and envelope methods, are shown to be unsatisfactory. Motivated by the absence of a secure, fast MAC algorithm not based on encryption, a new generic construction (MDx-MAC) is proposed for transforming any secure hash function of the MD4-family into a secure MAC of equal or smaller bitlength and comparable speed.

References

[1]

M. Bellare, J. Kilian, P. Rogaway, "The security of cipher block chaining," Proc. Crypto'94, LNCS 839 , Springer-Verlag, 1994, pp. 341-358.

[2]

M. Bellare, R. Guérin, P. Rogaway, "XOR MACs: new methods for message authentication using block ciphers," Proc. Crypto'95 (this volume).

[3]

F. Cohen, "A cryptographic checksum for integrity protection," Computers & Security , Vol. 6, No. 5, 1987, pp. 505-510.

[4]

I.B. Damgård, "A design principle for hash functions," Proc. Crypto'89, LNCS 435 , Springer-Verlag, 1990, pp. 416-427.

[5]

D. Davies, "A message authenticator algorithm suitable for a mainframe computer," Proc. Crypto'84, LNCS 196 , Springer-Verlag, 1985, pp. 393-400.

[6]

D. Davies, D.O. Clayden, "The message authenticator algorithm (MAA) and its implementation," NPL Report DITC 109/88 , Feb. 1988.

[7]

D. Davies, W. Price, Security for Computer Networks , 2nd ed., Wiley, 1989.

[8]

B. den Boer, A. Bosselaers, "An attack on the last two rounds of MD4," Proc. Crypto'91, LNCS 576 , Springer-Verlag, 1992, pp. 194-203.

[9]

B. den Boer, A. Bosselaers, "Collisions for the compression function of MD5," Proc. Eurocrypt'93, LNCS 765 , Springer-Verlag, 1994, pp. 293-304.

[10]

FIPS 46, Data encryption standard , NBS, U.S. Department of Commerce, Washington D.C., Jan. 1977.

[11]

FIPS 81, DES modes of operation , NBS, US Department of Commerce, Washington D.C., Dec. 1980.

[12]

FIPS 180-1, Secure hash standard , NIST, US Department of Commerce, Washington D.C., April 1995.

[13]

J.M. Galvin, K. McCloghrie, J.R. Davin, "Secure management of SNMP networks," Integrated Network Management, II , North Holland, 1991, pp. 703-714.

[14]

ISO 8731:1987, Banking - approved algorithms for message authentication, Part 1, DEA , IS 8731-1, Part 2, Message Authentication Algorithm (MAA) , IS 8731-2.

[15]

ISO/IEC 9797:1993, Information technology - Data cryptographic techniques - Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm, .

[16]

T. Johansson, G. Kabatianskii, B. Smeets, "On the relation between A-codes and codes correcting independent errors," Proc. Eurocrypt'93, LNCS 765 , Springer-Verlag, 1994, pp. 1-11.

[17]

R.R. Jueneman, S.M. Matyas, C.H. Meyer, "Message authentication with Manipulation Detection Codes," Proc. 1983 IEEE Symposium on Security and Privacy , IEEE Computer Society Press, 1983, pp. 33-54.

[18]

B. Kaliski, M. Robshaw, "Message authentication with MD5," Crypto Bytes (RSA Laboratories Technical Newsletter) , Vol. 1, No. 1, Spring 1995, pp. 5-8.

[19]

H. Krawczyk, "LFSR-based hashing and authentication," Proc. Crypto'94, LNCS 839 , Springer-Verlag, 1994, pp. 129-139.

[20]

J. Linn, "The Kerberos Version 5 GSS-API Mechanism," Internet Draft , Feb. 1995.

[21]

C. Mitchell, M. Walker, "Solutions to the multidestination secure electronic mail problem," Computers & Security , Vol. 7, No. 5, 1988, pp. 483-488.

[22]

B. Preneel, Cryptographic Hash Functions , Kluwer Academic Publishers, 1995 (to appear).

[23]

RIPE, Race Integrity Primitives Evaluation (RIPE-RACE 1040): Final Report , LNCS, Springer-Verlag, 1995 (to appear).

[24]

R.L. Rivest, "The MD4 message digest algorithm," Proc. Crypto'90, LNCS 537 , Springer-Verlag, 1991, pp. 303-311.

[25]

R.L. Rivest, "The MD5 message-digest algorithm," Request for Comments (RFC) 1321 , Internet Activities Board, Internet Privacy Task Force, April 1992.

[26]

G. Tsudik, "Message authentication with one-way hash functions," ACM Computer Communications Review , Vol. 22, No. 5, 1992, pp. 29-38.

[27]

S. Vaudenay, "On the need for multipermutations: cryptanalysis of MD4 and SAFER," Fast Software Encryption, LNCS , Springer-Verlag, 1995 (to appear).

[28]

M.N. Wegman, J.L. Carter, "New hash functions and their use in authentication and set equality," J. Computer Sys. Sciences , Vol. 22, No. 3, 1981, pp. 265-279.

[29]

M.J. Wiener, "Efficient DES key search," Technical Report TR-244 , School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the rump session of Crypto'93.

Cited By

Luykx APreneel BSzepieniec AYasuda K(2016)On the Influence of Message Length in PMAC's Security BoundsProceedings, Part I, of the 35th Annual International Conference on Advances in Cryptology --- EUROCRYPT 2016 - Volume 966510.5555/3081770.3081793(596-621)Online publication date: 8-May-2016
https://dl.acm.org/doi/10.5555/3081770.3081793
Dutta ANandi MPaul G(2016)One-Key Compression Function Based MAC with Security Beyond Birthday BoundProceedings, Part I, of the 21st Australasian Conference on Information Security and Privacy - Volume 972210.1007/978-3-319-40253-6_21(343-358)Online publication date: 4-Jul-2016
https://dl.acm.org/doi/10.1007/978-3-319-40253-6_21
Oswald D(2015)Side-Channel Attacks on SHA-1-Based Product Authentication ICsRevised Selected Papers of the 14th International Conference on Smart Card Research and Advanced Applications - Volume 951410.1007/978-3-319-31271-2_1(3-14)Online publication date: 4-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-31271-2_1
Show More Cited By

MDx-MAC and Building Fast MACs from Hash Functions

Recommendations

On hash functions using checksums

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum ...
Related-Key Almost Universal Hash Functions: Definitions, Constructions and Applications
FSE 2016: Revised Selected Papers of the 23rd International Conference on Fast Software Encryption - Volume 9783

Universal hash functions UHFs have been extensively used in the design of cryptographic schemes. If we consider the related-key attack RKA against these UHF-based schemes, some of them may not be secure, especially those using the key of UHF as a part ...
Improved Generic Attacks Against Hash-Based MACs and HAIFA

The security of HMAC (and more general hash-based MACs) against state-recovery and universal forgery attacks was shown to be suboptimal, following a series of results by Leurent et al. and Peyrin et al. These results have shown that such powerful ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CRYPTO '95: Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology

August 1995

465 pages

ISBN:3540602216

Editor:
Don Coppersmith

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 27 August 1995

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Luykx APreneel BSzepieniec AYasuda K(2016)On the Influence of Message Length in PMAC's Security BoundsProceedings, Part I, of the 35th Annual International Conference on Advances in Cryptology --- EUROCRYPT 2016 - Volume 966510.5555/3081770.3081793(596-621)Online publication date: 8-May-2016
https://dl.acm.org/doi/10.5555/3081770.3081793
Dutta ANandi MPaul G(2016)One-Key Compression Function Based MAC with Security Beyond Birthday BoundProceedings, Part I, of the 21st Australasian Conference on Information Security and Privacy - Volume 972210.1007/978-3-319-40253-6_21(343-358)Online publication date: 4-Jul-2016
https://dl.acm.org/doi/10.1007/978-3-319-40253-6_21
Oswald D(2015)Side-Channel Attacks on SHA-1-Based Product Authentication ICsRevised Selected Papers of the 14th International Conference on Smart Card Research and Advanced Applications - Volume 951410.1007/978-3-319-31271-2_1(3-14)Online publication date: 4-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-31271-2_1
Sasaki YWang L(2013)Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5Revised Selected Papers on Selected Areas in Cryptography -- SAC 2013 - Volume 828210.1007/978-3-662-43414-7_25(493-512)Online publication date: 14-Aug-2013
https://dl.acm.org/doi/10.1007/978-3-662-43414-7_25
Zhang LWu WSui HWang P(2012)3kf9Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security10.1007/978-3-642-34961-4_19(296-312)Online publication date: 2-Dec-2012
https://dl.acm.org/doi/10.1007/978-3-642-34961-4_19
Alomair B(2012)Authenticated encryptionProceedings of the 10th international conference on Applied Cryptography and Network Security10.1007/978-3-642-31284-7_6(84-99)Online publication date: 26-Jun-2012
https://dl.acm.org/doi/10.1007/978-3-642-31284-7_6
Sasaki Y(2012)Cryptanalyses on a merkle-damgård based MAC -- almost universal forgery and distinguishing-h attacksProceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques10.1007/978-3-642-29011-4_25(411-427)Online publication date: 15-Apr-2012
https://dl.acm.org/doi/10.1007/978-3-642-29011-4_25
Yasuda K(2011)A new variant of PMACProceedings of the 31st annual conference on Advances in cryptology10.5555/2033036.2033081(596-609)Online publication date: 14-Aug-2011
https://dl.acm.org/doi/10.5555/2033036.2033081
Dodis YSteinberger J(2011)Domain extension for MACs beyond the birthday barrierProceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology10.5555/2008684.2008710(323-342)Online publication date: 15-May-2011
https://dl.acm.org/doi/10.5555/2008684.2008710
Hartung DBusch C(2011)Biometric transaction authentication protocolProceedings of the 2011 international conference on Financial Cryptography and Data Security10.1007/978-3-642-29889-9_8(88-103)Online publication date: 28-Feb-2011
https://dl.acm.org/doi/10.1007/978-3-642-29889-9_8
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents