Message Authentication with Manipulation Detection Code
25 Apr 1983-pp 33-33
TL;DR: It is shown here that the Cipher Feedback (CFEI) mode of operation of the Data Encryption Standard (DES) exhibits similar weaknesses to a proposed MDC technique involving block-by-block Exclusive-ORing, and a Quadratic Congruential Manipulation Detection Code is proposed to avoid the problems of previous schemes.
Abstract: In many applications of cryptography, assuring the authenticity of communications is as important as protecting their secrecy. A well known and secure method of providing message authentication is to compute a Message Authentication Code (MAC) by encrypting the message. If only one key is used to both encrypt and authenticate a message, however, the system is subject to several forms of cryptographic attack. Techniques have also been sought for combining secrecy and authentication in only one encryption pass, using a Manipulation Detection Code generated by noncryptographic means. Previous investigations have shown that a proposed MDC technique involving block-by-block Exclusive-ORing is not secure when used with the Cipher Block Chaining (CBC) mode of operation of the Data Encryption Standard (DES]. It is shown here that the Cipher Feedback (CFEI) mode of operation exhibits similar weaknesses. A linear addition modulo 264 MDC is analyzed, including discussion of several novel attack scenarios. A Quadratic Congruential Manipulation Detection Code is proposed to avoid the problems of previous schemes.
Citations
More filters
Book•
01 Jan 1996TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.
13,597 citations
Cites methods from "Message Authentication with Manipul..."
...National Bureau of Standards, and was subsequently found by Jueneman to have deficiencies; this is included in the extensive discussion by Jueneman, Matyas, and Meyer [645] of using MDCs for integrity, along with the idea of Example 9....
[...]
TL;DR: The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed, and a brief description of the two basic approaches to communications security, link-oriented measures and end-to-end measures concludes that end- to- end measures are more appropriate in anopen- system environment.
Abstract: The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed. First the threats to security that may arise in such an environment are described, and then a set of goals for communications security measures is established. This is followed by a brief description of the two basic approaches to communications security, link-oriented measures and end-to-end measures, which concludes that end-to-end measures are more appropriate in an open-system environment. Next, relevant properties of data encryption--the fundamental technique on which all communications security mechanisms are based--are discussed. The remainder of the paper describes ho~w end-to-end measures can be used to achieve each of the security goals previously established.
368 citations
Journal Article•
TL;DR: In this paper, a generic construction (MDx-MAC) is proposed for transforming any secure hash function of the MD4-family into a secure MAC of equal or smaller bitlength and comparable speed.
Abstract: We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and envelope methods, are shown to be unsatisfactory. Motivated by the absence of a secure, fast MAC algorithm not based on encryption, a new generic construction (MDx-MAC) is proposed for transforming any secure hash function of the MD4-family into a secure MAC of equal or smaller bitlength and comparable speed.
218 citations
27 Aug 1995
TL;DR: A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search.
Abstract: We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and envelope methods, are shown to be unsatisfactory. Motivated by the absence of a secure, fast MAC algorithm not based on encryption, a new generic construction (MDx-MAC) is proposed for transforming any secure hash function of the MD4-family into a secure MAC of equal or smaller bitlength and comparable speed.
202 citations
Journal Article•
TL;DR: The eXtended Ciphertext Block Chaining (XCBC) and eXTended Electronic Codebook (XECB) encryption schemes as discussed by the authors can detect encrypted-message forgeries with high probability even when used with typical non-cryptographic Manipulation Detection Code (MDC) functions (e.g., bitwise exclusive-or and cyclic redundancy code (CRC) functions).
Abstract: We present the eXtended Ciphertext Block Chaining (XCBC) and the eXtended Electronic Codebook (XECB) encryption schemes or modes of encryption that can detect encrypted-message forgeries with high probability even when used with typical non-cryptographic Manipulation Detection Code (MDC) functions (eg, bitwise exclusive-or and cyclic redundancy code (CRC) functions) These modes detect encrypted-message forgeries at low cost in performance, power, and implementation, and preserve both message secrecy and integrity in a single pass over the message data Their performance and security scale directly with those of the underlying block cipher function We also present the XECB message authentication (XECB-MAC) modes that have all the operational properties of the XOR-MAC modes (eg, fully parallel and pipelined operation, incremental updates, and out-of-order verification), and have better performance They are intended for use either stand-alone or with encryption modes that have similar properties (eg, counter-based XOR encryption) However, the XECB-MAC modes have higher upper bounds on the probability of adversary's success in producing a forgery than the XOR-MAC modes
175 citations
References
More filters
TL;DR: A method is presented for building minimal perfect hash functions, i.e., functions which allow single probe retrieval from minimally sized tables of identifier sets, and a proof of existence for minimalperfect hash functions of a special type (reciprocal type) is given.
Abstract: A method is presented for building minimal perfect hash functions, i.e., functions which allow single probe retrieval from minimally sized tables of identifier sets. A proof of existence for minimal perfect hash functions of a special type (reciprocal type) is given. Two algorithms for determining hash functions of reciprocal type are presented and their practical limitations are discussed. Further, some application results are given and compared with those of earlier approaches for perfect hashing.
95 citations