Article

UMAC: Fast and Secure Message Authentication

Authors:

Ted Krovetz, and

Phillip RogawayAuthors Info & Claims

CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology

August 1999

Pages 216 - 233

Published: 15 August 1999 Publication History

Abstract

We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMAC-SHA1), and about twice as fast as times previously reported for the universal hash-function family MMH. To achieve such speeds, UMAC uses a new universal hash-function family, NH, and a design which allows effective exploitation of SIMD parallelism. The "cryptographic" work of UMAC is done using standard primitives of the user's choice, such as a block cipher or cryptographic hash function; no new heuristic primitives are developed here. Instead, the security of UMAC is rigorously proven, in the sense of giving exact and quantitatively strong results which demonstrate an inability to forge UMAC-authenticated messages assuming an inability to break the underlying cryptographic primitive. Unlike conventional, inherently serial MACs, UMAC is parallelizable, and will have ever-faster implementation speeds as machines offer up increasing amounts of parallelism. We envision UMAC as a practical algorithm for next-generation message authentication.

References

[1]

AFANASSIEV, V., GEHRMANN, C., AND SMEETS, B. Fast message authentication using efficient polynomial evaluation. In Proceedings of the 4th Workshop on Fast Software Encryption (1997), vol. 1267, Springer-Verlag, pp. 190-204.

[2]

ANSI X9.9. American national standard -- Financial institution message authentication (wholesale). ASC X9 Secretariat - American Bankers Association, 1986.

[3]

BELLARE, M., CANETTI, R., AND KRAWCZYK, H. Keying hash functions for message authentication. In Advances in Cryptology - CRYPTO '96 (1996), vol. 1109 of Lecture Notes in Computer Science, Springer-Verlag, pp. 1-15.

[4]

BELLARE, M., CANETTI, R., AND KRAWCZYK, H. Pseudorandom functions revisited: The cascade construction. In 37th Annual Symposium on Foundations of Computer Science (1996), IEEE Computer Society, pp. 514-523.

[5]

BELLARE, M., KILIAN, J., AND ROGAWAY, P. The security of cipher block chaining. In Advances in Cryptology - CRYPTO '94 (1994), vol. 839 of Lecture Notes in Computer Science, Springer-Verlag, pp. 341-358.

[6]

BERNSTEIN, D. Guaranteed message authentication faster than MD5. Unpublished manuscript, 1999.

[7]

BLACK, J., HALEVI, S., HEVIA, A., KRAWCZYK, H., KROVETZ, T., AND ROGAWAY, P. UMAC -- Message authentication code using universal hashing. Unpublished specification, www.cs.ucdavis.edu/~rogaway/umac, 1999.

[8]

BLACK, J., HALEVI, S., KRAWCZYK, H., KROVETZ, T., AND ROGAWAY, P. UMAC: Fast and secure message authentication. In Advances in Cryptology - CRYPTO '99 (1999), Lecture Notes in Computer Science, Springer-Verlag. Full version of this paper, available at www.cs.ucdavis.edu/~rogaway/umac.

[9]

BRASSARD G. On computationally secure authentication tags requiring short secret shared keys. In Advances in Cryptology - CRYPTO '82 (1983), Springer-Verlag, pp. 79-86.

[10]

CARTER, L., AND WEGMAN, M. Universal hash functions. J. of Computer and System Sciences, 18 (1979), 143-154.

[11]

FIPS 180-1. Secure hash standard. NIST, US Dept. of Commerce, 1995.

[12]

H. KRWCZYK, M. B., AND CANETTI, R. HMAC: Keyed hashing for message authentication. IETF RFC-2104, 1997.

[13]

HALEVI, S., AND KRAWCZYK, H. MMH: Software message authentication in the Gbit/second rates. In Proceedings of the 4th Workshop on Fast Software Encryption (1997), vol. 1267, Springer-Verlag, pp. 172-189.

[14]

JOHANSSON, T. Bucket hashing with small key size. In Advances in Cryptology - EUROCRYPT '97 (1997), Lecture Notes in Computer Science, Springer-Verlag.

[15]

KALISKI, B., AND ROBSHAW, M. Message authentication with MD5, 1995. Technical newsletter of RSA Laboratories.

[16]

KRAWCZYK, H. LFSR-based hashing and authentication. In Advances in Cryptology - CRYPTO '94 (1994), vol. 839 of Lecture Notes in Computer Science, Springer-Verlag, pp. 129-139.

[17]

KROVETZ, T. UMAC reference code (in ANSI C with Pentium assembly). Available from www.cs.ucdavis.edu/~rogaway/umac, 1999.

[18]

MANSOUR, Y., NISSAN, N., AND TIWARI, P. The computational complexity of universal hashing. In Proceedings of the Twenty Second Annual ACM Symposium on Theory of Computing (1990), ACM Press, pp. 235-243.

[19]

NEVELSTEEN, W., AND PRENEEL, B. Software performance of universal hash functions. In Advances in Cryptology -- EUROCRYPT '99 (1999), vol. 1592 of Lecture Notes in Computer Science, Springer-Verlag, pp. 24-41.

[20]

PATEL, S., AND RAMZAN, Z. Square hash: Fast message authentication via optimized universal hash functions. In Advances in Cryptology -- CRYPTO '99 (1999), Lecture Notes in Computer Science, Springer-Verlag.

[21]

PETRANK, E., AND RACKOFF, C. CBC MAC for real-time data sources. Manuscript 97-10 in http://philby.ucsd.edu/cryptolib.html, 1997.

[22]

PRENEEL, B., AND VAN OORSCHOT, P. MDx-MAC and building fast MACs from hash functions. In Advances in Cryptology -- CRYPTO '95 (1995), vol. 963 of Lecture Notes in Computer Science, Springer-Verlag, pp. 1-14.

[23]

PRENEEL, B., AND VAN OORSCHOT, P. On the security of two MAC algorithms. In Advances in Cryptology -- EUROCRYPT '96 (1996), vol. 1070 of Lecture Notes in Computer Science, Springer-Verlag, pp. 19-32.

[24]

RIVEST, R., ROBSHAW, M., SIDNEY, R., AND YIN Y. The RC6 block cipher. Available from http://theory.lcs.mit.edu/~rivest/publications.html, 1998.

[25]

ROGAWAY, P. Bucket hashing and its application to fast message authentication. In Advances in Cryptology - CRYPTO '95 (1995), vol. 963 of Lecture Notes in Computer Science, Springer-Verlag, pp. 313-328.

[26]

SHOUP, V. On fast and provably secure message authentication based on universal hashing. In Advances in Cryptology - CRYPTO '96 (1996), vol. 1109 of Lecture Notes in Computer Science, Springer-Verlag, pp. 74-85.

[27]

TSUDIK, G. Message authentication with one-way hash functions. In Proceedings of Infocom '92 (1992), IEEE Press.

[28]

WEGMAN, M., AND CARTER, L. New hash functions and their use in authentication and set equality. In J. of Comp. and System Sciences (1981), vol. 22, pp. 265-279.

Cited By

Jha ANandi M(2018)On rate-1 and beyond-the-birthday bound secure online ciphers using tweakable block ciphersCryptography and Communications10.1007/s12095-017-0275-010:5(731-753)Online publication date: 1-Sep-2018
https://dl.acm.org/doi/10.1007/s12095-017-0275-0
Imamura KMinematsu KIwata T(2018)Integrity analysis of authenticated encryption based on stream ciphersInternational Journal of Information Security10.1007/s10207-017-0378-917:5(493-511)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10207-017-0378-9
Ivanchykhin DIgnatchenko SLemire D(2017)Regular and almost universal hashingSoftware—Practice & Experience10.1002/spe.246147:10(1299-1323)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1002/spe.2461
Show More Cited By

Index Terms

UMAC: Fast and Secure Message Authentication

Index terms have been assigned to the content through auto-classification.

Recommendations

RFC 4418: UMAC: Message Authentication Code using Universal Hashing
Read More
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Read More
Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology

August 1999

638 pages

ISBN:3540663479

Editor:
Michael J. Wiener

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 15 August 1999

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

76
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Jha ANandi M(2018)On rate-1 and beyond-the-birthday bound secure online ciphers using tweakable block ciphersCryptography and Communications10.1007/s12095-017-0275-010:5(731-753)Online publication date: 1-Sep-2018
https://dl.acm.org/doi/10.1007/s12095-017-0275-0
Imamura KMinematsu KIwata T(2018)Integrity analysis of authenticated encryption based on stream ciphersInternational Journal of Information Security10.1007/s10207-017-0378-917:5(493-511)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10207-017-0378-9
Ivanchykhin DIgnatchenko SLemire D(2017)Regular and almost universal hashingSoftware—Practice & Experience10.1002/spe.246147:10(1299-1323)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1002/spe.2461
Dubrova ENäslund MSelander GNorrman KYan ZWang H(2016)Error-Correcting Message Authentication for 5GProceedings of the 9th EAI International Conference on Mobile Multimedia Communications10.5555/3021385.3021414(149-158)Online publication date: 18-Jun-2016
https://dl.acm.org/doi/10.5555/3021385.3021414
Amir MNagar DBaghela V(2016)Secure DSR Routing Protocol Based on Homomorphic Digital SignatureProceedings of the International Conference on Advances in Information Communication Technology & Computing10.1145/2979779.2979863(1-5)Online publication date: 12-Aug-2016
https://dl.acm.org/doi/10.1145/2979779.2979863
Fiore DFournet CGhosh EKohlweiss MOhrimenko OParno BWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Hash First, Argue LaterProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978368(1304-1316)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978368
Garay JKolesnikov VMclellan R(2016)MAC Precomputation with Applications to Secure MemoryACM Transactions on Privacy and Security10.1145/294378019:2(1-21)Online publication date: 17-Sep-2016
https://dl.acm.org/doi/10.1145/2943780
Biham ECarmeli YShamir A(2016)Bug AttacksJournal of Cryptology10.1007/s00145-015-9209-129:4(775-805)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1007/s00145-015-9209-1
Cogliati BSeurin Y(2016)EWCDMProceedings, Part I, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 981410.1007/978-3-662-53018-4_5(121-149)Online publication date: 14-Aug-2016
https://dl.acm.org/doi/10.1007/978-3-662-53018-4_5
Wang PLi YZhang LZheng K(2016)Related-Key Almost Universal Hash FunctionsRevised Selected Papers of the 23rd International Conference on Fast Software Encryption - Volume 978310.1007/978-3-662-52993-5_26(514-532)Online publication date: 20-Mar-2016
https://dl.acm.org/doi/10.1007/978-3-662-52993-5_26
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents