Key-recovery attacks on universal hash function based MAC algorithms

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5157 LNCS, Issue , 2008, Pages 144-161

  Handschuh, Helena ^a   Preneel, Bart ^b,c  

^a Spansion ^*  (France)

^b UNIVERSITY OF LEUVEN   (Belgium)

^c IBBT   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

COMBINATORIAL PROPERTIES; CRYPTOLOGY; DIVIDE-AND-CONQUER; HIGH SPEEDS; KEY BITS; KEY RECOVERY ATTACKS; KEY-RECOVERY; MAC ALGORITHMS; MESSAGE AUTHENTICATION; PARTIAL INFORMATION; PROVABLE SECURITY; SECRET KEYS; SPECIFIC STRUCTURE; UNIVERSAL FORGERY; UNIVERSAL HASH FUNCTIONS; WEAK KEY;

CRYPTOGRAPHY; ERROR ANALYSIS; FUNCTIONS; TELECOMMUNICATION NETWORKS;

SECURITY OF DATA;

EID: 51849140875     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-85174-5_9     Document Type: Conference Paper

References (37)

1. 3GPP TS 35.216, Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 2: SNOW 3G specification (March 2006)
2. Bellare, M.: New Proofs for NMAC and HMAC: Security without Collision-Resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602-619. Springer, Heidelberg (2006)
3. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1-15. Springer, Heidelberg (1996)
4. Bellare, M., Goldreich, O., Mityagin, A.: The Power of Verification Queries in Message Authentication and Authenticated Encryption. November 18 (2004), http://eprint.iacr.org/2004/309
5. Bellare, M., Kilian, J., Rogaway, P.: The Security of Cipher Block Chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994, vol. 839, pp. 341-358. Springer, Heidelberg (1994)
6. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32-49. Springer, Heidelberg (2005), http://cr.yp.to/talks/2005.02.15/slides.pdf
7. Bernstein, D.J.: Polynomial Evaluation and Message Authentication, October 22 (2007) http://cr.yp.to/papers.html#pema
8. Bierbrauer, J., Johansson, T., Kabatianskii, G., Smeets, B.: On Families of Hash Functions via Geometric Codes and Concatenation. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 331-342. Springer, Heidelberg (1994)
9. Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216-233. Springer, Heidelberg (1999)
10. Black, J., Cochran, M.: MAC Reforgeability, November 27 (2007), http://eprint.iacr.org/2006/095
11. Brassard, G.: On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Crypto 1982, pp. 79-86. Plenum Press, New York (1983)
12. Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer and System Sciences 18, 143-154 (1979)
13. den Boer, B.: A Simple and Key-Economical Unconditional Authentication Scheme. Journal of Computer Security 2, 65-71 (1993)
14. Dodis, Y., Pietrzak, K.: Improving the Security of MACs via Randomized Message Preprocessing. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 414-433. Springer, Heidelberg (2007)
15. Etzel, M., Patel, S., Ramzan, Z.: Square Hash: Fast Message Authentication via Optimized Universal Hash Functions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 234-251. Springer, Heidelberg (1999)
16. Ferguson, N.: Authentication Weaknesses in GCM (May 20, 2005), http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2. pdf
17. Halevi, S., Krawczyk, H.: MMH: Software Message Authentication in the Gbit/second Rates. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 172-189. Springer, Heidelberg (1997)
18. ISO/IEC 9797, Information Technology - Security Techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a Block Cipher, ISO/IEC (1999)
19. Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129-153. Springer, Heidelberg (2003)
20. Johansson, T.: Bucket Hashing with a Small Key Size. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 149-162. Springer, Heidelberg (1997)
21. Joux, A.: Authentication Failures in NIST Version of GCM (2006), http://csrc.nist.gov/CryptoToolkit/modes/
22. Kabatianskii, G.A., Johansson, T., Smeets, B.: On the Cardinality of Systematic A-codes via Error Correcting Codes. IEEE Trans. on Information Theory IT42(2), 566-578 (1996)
23. Kaps, J.-P., Yüksel, K., Sunar, B.: Energy Scalable Universal Hashing. IEEE Trans. on Computers 54(12), 1484-1495 (2005)
24. Knudsen, L.: Chosen-text Attack on CBC-MAC. Electronics Letters 33(1), 48-49 (1997)
25. Kohno, T., Viega, J., Whiting, D.: CWC: A High-Performance Conventional Authenticated Encryption Mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408-426. Springer, Heidelberg (2004)
26. Krawczyk, H.: LFSR-based Hashing and Authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129-139. Springer, Heidelberg (1994)
27. Krovetz, T.: UMAC: Message Authentication Code using Universal Hashing. IETF, RFC 4418 (informational) (March 2006)
28. Krovetz, T.: Message Authentication on 64-bit Architectures. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 327-341. Springer, Heidelberg (2007)
29. McGrew, D.A., Fluhrer, S.: Multiple Forgery Attacks against Message Authentication Codes, http://eprint.iacr.org/2005/161
30. McGrew, D.A., Viega, J.: The Security and Performance of the Galois/Counter Mode (GCM) of Operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343-355. Springer, Heidelberg (2004)
31. National Institute of Standards and Technology (NIST), SP 800-38D, Recommendation forBlockCipherModesofOperation:Galois/Counter Mode (GCM)and GMAC, November 2007 (earlier drafts published in May 2005, April 2006, June 2007)
32. Petrank, E., Rackoff, C.: CBC MAC for Real-time Data Sources. Journal of Cryptology 13(3), 315-338 (2000)
33. Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: A Chosen Text Attack on The Modified Cryptographic Checksum Algorithm of Cohen and Huang. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 154-163. Springer, Heidelberg (1990)
34. Preneel, B., van Oorschot, P.C.: On the Security of Iterated Message Authentication Codes. IEEE Trans. on Information Theory IT-45(1), 188-199 (1999)
35. Simmons, G.J.: A Survey of Information Authentication. In: Simmons, G.J. (ed.) Contemporary Cryptology: The Science of Information Integrity, pp. 381-419. IEEE Press, Los Alamitos (1991)
36. Stinson, D.R.: Universal Hashing and Authentication Codes. Designs, Codes, and Cryptography 4(4), 369-380 (1994)
37. Wegman, M.N., Carter, J.L.: New Hash Functions and their Use in Authentication and Set Equality. Journal of Computer and System Sciences 22(3), 265-279 (1981)