Cycling attacks on GCM, GHASH and other polynomial MACs and hashes

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7549 LNCS, Issue , 2012, Pages 216-225

  Saarinen, Markku Juhani Olavi ^a  

^a Revere Security   (United States)

Author keywords

AES GCM; Cryptanalysis; Cycling Attacks; Galois Counter Mode; Weak Keys

Indexed keywords

AES-GCM; CRYPTANALYSIS; CYCLING ATTACKS; GALOIS/COUNTER MODE; WEAK KEY;

AUTHENTICATION; POLYNOMIALS; PUBLIC KEY CRYPTOGRAPHY;

SECURITY OF DATA;

EID: 84866719036     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-34047-5_13     Document Type: Conference Paper

References (20)

1. NIST: Recommendation for block cipher modes of operation: Galois/counter mode (GCM) and GMAC. NIST Special Publication 800-38D (2007)
2. NIST: The advanced encryption standard (AES). FIPS Publication 197 (2001)
3. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1-15. Springer, Heidelberg (1996)
4. Igoe, K., Solinas, J.: AES Galois counter mode for the secure shell transport layer protocol. IETF Request for Comments 5647 (2009)
5. Law, L., Solinas, J.: Suite B cryptographic suites for IPsec. IETF Request for Comments 4869 (2007)
6. Salter, M., Rescorla, E., Housley, R.: Suite B profile for transport layer security (TLS). IETF Request for Comments 5430 (2009)
7. Wegman,M.N., Carter, J.L.: New classes and applications of hash functions. In: 20th Annual Symposium on Foundations of Computer Science. IEEE Computer Society Press, New York (1979)
8. Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22, 265-279 (1981)
9. den Boer, B.: A simple and key-economical unconditional authentication scheme. Journal of Computer Security 2, 65-71 (1993)
10. Taylor, R.: An Integrity Check Value Algorithm for Stream Ciphers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 40-48. Springer, Heidelberg (1994)
11. Bierbrauer, J., Johansson, T., Kabatianskii, G., Smeets, B.: On Families of Hash Functions via Geometric Codes and Concatenation. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 331-342. Springer, Heidelberg (1994)
12. Bernstein, D.J.: Stronger Security Bounds for Wegman-Carter-Shoup Authenticators. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 164-180. Springer, Heidelberg (2005)
13. Bernstein, D.J.: The Poly1305-AES Message-Authentication Code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32-49. Springer, Heidelberg (2005)
14. Sarkar, P.: A trade-off between collision probability and key size in universal hashing using polynomials. Designs, Codes and Cryptography 58(3), 271-278 (2011)
15. Joux, A.: Authentication failures in NIST version of GCM. NIST Comment (2006)
16. Handschuh, H., Preneel, B.: Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 144-161. Springer, Heidelberg (2008)
17. Pohlig, S., Hellman, M.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory 24(1), 106-110 (1978)
18. Ferguson, N.: Authentication weaknesses in GCM. NIST Comment (May 2005)
19. Bernstein, D.J.: Floating-point arithmetic and message authentication (1999), http://cr.yp.to/papers.html#hash127
20. McGrew, D.A., Viega, J.: The Galois/counter mode of operation (GCM). Submission to NIST (2005)