A high speed manipulation detection code
01 Jan 1987-pp 327-346
TL;DR: A revised 128-bit MDC algorithm is presented which overcomes the so-called Triple Birthday Attck introduced by Coppersmith and makes use of the Intel 8087/80287 Numeric Data Processor coprocessor chip for the IBM PC/XT/AT and similar microcomputers.
Abstract: Manipulation Detection Codes (MDC) are defined as a class of checksum algorithms which can detect both accidental and malicious modifications of an electronic message or document. Although the MDC result must be protected by encryption to prevent an attacker from succeeding in substituting his own Manipulation Detection Code (MDC) along with the modified text, MDC algorithms do not require the use of secret information such as a cryptographic key. Such techniques are therefore highly useful in allowing encryption and message authentication to be implemented in different protocol layers in a communication system without key management difficulties, as well as in implementing digital signature schemes. It is shown that cryptographic checksums that are intended to detect fraudulant messages should be on the order of 128 bits in length, and the ANSI X9.9-1986 Message Authentication Standard is criticized on that basis. A revised 128-bit MDC algorithm is presented which overcomes the so-called Triple Birthday Attck introduced by Coppersmith. A fast, efficient implementation is discussed which makes use of the Intel 8087/80287 Numeric Data Processor coprocessor chip for the IBM PC/XT/AT and similar microcomputers.
Citations
More filters
PARC1
TL;DR: This work shows three one-way hash functions which are secure if DES is a good random block cipher.
Abstract: One way hash functions are a major tool in cryptography. DES is the best known and most widely used encryption function in the commercial world today. Generating a one-way hash function which is secure if DES is a "good" block cipher would therefore be useful. We show three such functions which are secure if DES is a good random block cipher.
1,001 citations
01 May 1988
TL;DR: The author surveys a collection of protocols in which the level of security or authentication required by the system is actually attained, not because of a failure of the cryptoalgorithm used, but rather because of shortcomings in the design of the protocol.
Abstract: When a cryptoalgorithm is used to solve data security or authentication problems, it is implemented within the context of a protocol that specifies the appropriate procedures for data handling. The purpose of the protocol is to ensure that when the cryptosystem is applied, the level of security or authentication required by the system is actually attained. The author surveys a collection of protocols in which this goal has not been met, not because of a failure of the cryptoalgorithm used, but rather because of shortcomings in the design of the protocol. Guidelines for the development of sound protocols are extracted from an analysis of these failures. >
136 citations
PARC1
TL;DR: This work presents a candidate one-way hash function which appears to have these desirable properties; resistant to cryptographic attack, and fast when implemented in software.
Abstract: One way hash functions are an important cryptographic primitive, and can be used to solve a wide variety of problems involving authentication and integrity. It would be useful to adopt a standard one-way hash function for use in a wide variety of systems throughout the world. Such a standard one-way hash function should be easy to implement, use, and understand; resistant to cryptographic attack, and should be fast when implemented in software. We present a candidate one-way hash function which appears to have these desirable properties. Further analysis of its cryptographic security is required before it can be considered for widespread use.
132 citations
PARC1
TL;DR: A well accepted encryption function for implementation in software is presented here - on a SUN 4/260 it can encrypt at 4 to 8 megabits per second, which will effectively reduce the cost and increase the availability of cryptographic protection.
Abstract: Encryption hardware is not available on most computer systems in use today. Despite this fact, there is no well accepted encryption function designed for software implementation - - instead, hardware designs are emulated in software and the resulting performance loss is tolerated. The obvious solution is to design an encryption function for implementation in software. Such an encryption function is presented here - on a SUN 4/260 it can encrypt at 4 to 8 megabits per second. The combination of modern processor speeds and a faster algorithm make software encryption feasible in applications which previously would have required hardware. This will effectively reduce the cost and increase the availability of cryptographic protection.
118 citations
22 Aug 1993
TL;DR: Any legitimate message-icv pair generated by an attacker and injected into the communication channel will have an appropriately small chance of escaping detection unless the attacker has actually broken the stream cipher.
Abstract: A method of calculating an integrity check value (icv) with the use of a stream cipher is presented. The strength of the message integrity this provides is analysed and proven to be dependent on the unpredictability of the stream cipher used. A way of efficiently providing both integrity and encryption with the use of a single stream cipher is also explained. Note that the method of providing message integrity, used with or without encryption, is not subject to a number of attacks that succeed against many conventional integrity schemes. Specifically any legitimate message-icv pair that is copied or removed and subsequently replayed will have an appropriately small small chance of deceiving the receiver. Furthermore, any message-icv pair generated by an attacker and injected into the communication channel will have an appropriately small chance of escaping detection unless the attacker has actually broken the stream cipher. This is the case even if the attacker has any amount of chosen messages and corresponding icvs or performs any number of calculations.
70 citations