Journal ArticleDOI
On the security of iterated message authentication codes
Bart Preneel,P. C. van Oorschot +1 more
Reads0
Chats0
TLDR
A new MAC forgery attack applicable to all deterministic iterated MAC algorithms is presented, which requires on the order of 2/sup n/2/ known text-MAC pairs for algorithms with n bits of internal memory, as compared to the best previous general attack which required exhaustive key search.Abstract:
The security of iterated message authentication code (MAC) algorithms is considered, and in particular, those constructed from unkeyed hash functions. A new MAC forgery attack applicable to all deterministic iterated MAC algorithms is presented, which requires on the order of 2/sup n/2/ known text-MAC pairs for algorithms with n bits of internal memory, as compared to the best previous general attack which required exhaustive key search. A related key-recovery attack is also given which applies to a large class of MAC algorithms including a strengthened version of CBC-MAC found in ANSI X9.19 and ISO/IEC 9797, and envelope MAC techniques such as "keyed MD5". The security of several related existing MACs based directly on unkeyed hash functions, including the secret prefix and secret suffix methods, is also examined.read more
Citations
More filters
Book ChapterDOI
New proofs for NMAC and HMAC: security without collision-resistance
TL;DR: It is shown that an even weaker-than-PRF condition on the compression function, namely that it is a privacy-preserving MAC, suffices to establish HMAC is a secure MAC as long as the hash function meets the very weak requirement of being computationally almost universal.
Journal ArticleDOI
New Proofs for NMAC and HMAC: Security without Collision Resistance
TL;DR: In this paper, it was shown that HMAC is a PRF under the assumption that the compression function is a P-F and the iterated hash function is weakly collision resistant.
Patent
Method and system for secure payments over a computer network
Edward J. Hogan,Carl M. Campbell +1 more
TL;DR: In this article, a method of conducting a financial transaction by a purchaser over a communications network is provided where the purchaser does not transmit his or her "real" payment card information over the network but instead secure payment application software is provided which allows for the transmission of a pseudo account number that is cryptographically processed for purposes of responding to an authorization request based on the real account number.
Journal ArticleDOI
CBC MAC for Real-Time Data Sources
Erez Petrank,Charles Rackoff +1 more
TL;DR: In this paper, the authors studied CBC authentication for real-time applications in which the length of the message is not known until the message ends, and furthermore, since the application is realtime, it is not possible to start processing the authentication until after the message end.
Book ChapterDOI
AEGIS: A Fast Authenticated Encryption Algorithm
Hongjun Wu,Bart Preneel +1 more
TL;DR: AEGIS as discussed by the authors uses five AES round functions to process a 16-byte message block one step; AES-256 uses six AES round function rounds for 256-byte messages.
References
More filters
An Introduction To Probability Theory And Its Applications
TL;DR: A First Course in Probability (8th ed.) by S. Ross is a lively text that covers the basic ideas of probability theory including those needed in statistics.
Proceedings Article
The MD5 Message-Digest Algorithm
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
HMAC: Keyed-Hashing for Message Authentication
TL;DR: This document describes HMAC, a mechanism for message authentication using cryptographic hash functions that can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key.
Book ChapterDOI
Keying Hash Functions for Message Authentication
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Journal ArticleDOI
New hash functions and their use in authentication and set equality
TL;DR: Several new classes of hash functions with certain desirable properties are exhibited, and two novel applications for hashing which make use of these functions are introduced, including a provably secure authentication technique for sending messages over insecure lines and the application of testing sets for equality.