Abstract
We define and analyze a simple and fully parallelizable block-cipher mode of operation for message authentication. Parallelizability does not come at the expense of serial efficiency: in a conventional, serial environment, the algorithm’s speed is within a few percent of the (inherently sequential) CBC MAC. The new mode, PMAC, is deterministic, resembles a standard mode of operation (and not a Carter-Wegman MAC), works for strings of any bit length, employs a single block-cipher key, and uses just max{1, ⌈|M|/n⌉} block-cipher calls to MAC a string M ∈ {0,1|* using an n-bit block cipher. We prove PMAC secure, quantifying an adversary’s forgery probability in terms of the quality of the block cipher as a pseudorandom permutation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. Advances in Cryptology-CRYPTO’ 96. Lecture Notes in Computer Science, vol. 1109, Springer-Verlag, pp. 1–15, 1996. Available at URL http://www-cse.ucsd.edu/users/mihir
M. Bellare, S. Goldwasser, and O. Goldreich. Incremental cryptography and applications to virus protection. Proceedings of the 27th Annual ACM Symposium on the Theory of Computing (STOC’ 95). ACM Press, pp. 45–56, 1995. Available at URL http://www.cs.ucdavis.edu/~rogaway
M. Bellare, R. Guérin AND P. Rogaway. “XOR MACs: New methods for message authentication using finite pseudorandom functions.” Advances in Cryptology-CRYPTO’ 95. Lecture Notes in Computer Science, vol. 963, Springer-Verlag, pp. 15–28, 1995. Available at URL http://www.cs.ucdavis.edu/~rogaway
M. Bellare, J. Kilian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, vol. 61, no. 3, Dec 2000. (Full version of paper from Advances in Cryptology-CRYPTO’ 94. Lecture Notes in Computer Science, vol. 839, pp. 340–358, 1994.) Available at URL www.cs.ucdavis.edu/~rogaway
M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient encryption. Advances in Cryptology-ASIACRYPT’ 00. Lecture Notes in Computer Science, vol. 1976, Springer-Verlag, 2000. Available at URL http://www.cs.ucdavis.edu/~rogaway
A. Berendschot, B. Den Boer, J.P. Boly, A. Bosselaers, J. Brandt, D. Chaum, I. Damgård, M. Dichtl, W. Fumy, M. Van der Ham, C.J.A. Jansen, P. Landrock, B. Preneel, G. Roelofsen, P. De Rooij, and J. Vandewalle. Integrity primitives for secure information systems, Final report of RACE integrity primitives evaluation (RIPE-RACE 1040). Lecture Notes in Computer Science, vol. 1007, Springer-Verlag, 1995.
D. Bernstein. Floating-point arithmetic and message authentication. Unpublished manuscript. Available at URL http://cr.yp.to/papers.html#hash127
D. Bernstein. How to stretch random functions: the security of protected counter sums. Journal of Cryptology, vol. 12, no. 3, pp. 185–192 (1999). Available at URL http://cr.yp.to/djb.html
J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. Advances in Cryptology-CRYPTO’ 99. Lecture Notes in Computer Science, Springer-Verlag, 1999. Available at URL http://www.cs.ucdavis.edu/~rogaway
J. Black and P. Rogaway. A block-cipher mode of operation for parallelizable message authentication. Full version of this paper. Available at URL http://www.cs.ucdavis.edu/~rogaway
J. Black and P. Rogaway. CBC MACs for arbitrary-length messages: The three-key constructions. Full version of paper from Advances in Cryptology-CRYPTO’ 00. Lecture Notes in Computer Science, vol. 1880, pp. 197–215, 2000. Available at URL http://www.cs.ucdavis.edu/~rogaway
G. Brassard. On computationally secure authentication tags requiring short secret shared keys. Advances in Cryptology-CRYPTO’ 82. Plenum Press, pp. 79–86, 1983.
L. Carter and M. Wegman. Universal hash functions. J. of Computer and System Sciences. vol. 18, pp. 143–154, 1979.
V. Gligor and P. Donescu. Fast encryption and authentication: XCBC encryption and XECB authentication modes. Fast Software Encryption, Lecture Notes in Computer Science, Springer-Verlag, April 2001. Available at URL http://www.eng.umd.edu/~gligor
O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, vol. 33, no. 4, pp. 210–217, 1986.
S. Halevi and H. Krawczyk. MMH: Software message authentication in the Gbit/second rates. Fast Software Encryption (FSE 4), Lecture Notes in Computer Science, vol. 1267, Springer-Verlag, pp. 172–189, 1997. Available at URL http://www.research.ibm.com/people/s/shaih
Iso/Iec 9797. Information technology-Security techniques-Data integrity mechanism using a cryptographic check function employing a block cipher algorithm. International Organization for Standards (ISO), Geneva, Switzerland, 1994 (second edition).
C. Jutla. Encryption modes with almost free message integrity. Advances in Cryptology-EUROCRYPT 2001. Lecture Notes in Computer Science, vol. 2045, B. Pfitzmann, ed., Springer-Verlag, 2001.
H. Krawczyk. LFSR-based hashing and authentication. Advances in Cryptology-CRYPTO’ 94. Lecture Notes in Computer Science, vol. 839, Springer-Verlag, pp 129–139, 1994.
H. Lipmaa. Personal communication, July 2001. Further information available at http://www.tcs.hut.fi/~helger
E. Petrank and C. Rackoff. CBC MAC for real-time data sources. Journal of Cryptology, vol. 13, no. 3, pp. 315–338, Nov 2000. Available at URL http://www.cs.technion.ac.il/~erez/publications.html. Earlier version as 1997/010 in the Cryptology ePrint archive, eprint.iacr.org
B. Preneel. Cryptographic primitives for information authentication-State of the art. State of the Art in Applied Cryptography, COSIC’ 97, LNCS 1528, B. Preneel and V. Rijmen, eds., Springer-Verlag, pp. 49–104, 1998.
M. Wegman and L. Carter. New hash functions and their use in authentication and set equality. J. of Comp. and System Sciences. vol. 22, pp. 265–279, 1981.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Black, J., Rogaway, P. (2002). A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In: Knudsen, L.R. (eds) Advances in Cryptology — EUROCRYPT 2002. EUROCRYPT 2002. Lecture Notes in Computer Science, vol 2332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46035-7_25
Download citation
DOI: https://doi.org/10.1007/3-540-46035-7_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43553-2
Online ISBN: 978-3-540-46035-0
eBook Packages: Springer Book Archive