Showing papers on "Message authentication code published in 1983"
25 Apr 1983
TL;DR: It is shown here that the Cipher Feedback (CFEI) mode of operation of the Data Encryption Standard (DES) exhibits similar weaknesses to a proposed MDC technique involving block-by-block Exclusive-ORing, and a Quadratic Congruential Manipulation Detection Code is proposed to avoid the problems of previous schemes.
Abstract: In many applications of cryptography, assuring the authenticity of communications is as important as protecting their secrecy. A well known and secure method of providing message authentication is to compute a Message Authentication Code (MAC) by encrypting the message. If only one key is used to both encrypt and authenticate a message, however, the system is subject to several forms of cryptographic attack. Techniques have also been sought for combining secrecy and authentication in only one encryption pass, using a Manipulation Detection Code generated by noncryptographic means. Previous investigations have shown that a proposed MDC technique involving block-by-block Exclusive-ORing is not secure when used with the Cipher Block Chaining (CBC) mode of operation of the Data Encryption Standard (DES]. It is shown here that the Cipher Feedback (CFEI) mode of operation exhibits similar weaknesses. A linear addition modulo 264 MDC is analyzed, including discussion of several novel attack scenarios. A Quadratic Congruential Manipulation Detection Code is proposed to avoid the problems of previous schemes.
39 citations
TL;DR: This paper investigates two DES-based hashing methods and it is shown that neither method seems to introduce any statistical regularities in the generated checksums.
Abstract: Secrecy and authentication are two important features of a secure communication system. Public Key Cryptosystems, based, e.g., on the Rivest-Shamir-Adleman (RSA) algorithm, provide a very elegant solution to the problem of authenticity verification or true electronic signatures. Practical problems, however, mainly the lack of execution speed, prevent a straightforward application. In order to sign a long message it is much faster to first calculate a short digest or checksum and then sign the compressed message. For this checksum calculation the fast, inexpensive and extensively tested Data Encryption Standard (DES) can be used. But care must be taken that this additional processing step does not introduce any weakness into the signature scheme. This paper investigates two DES-based hashing methods. It is shown that neither method seems to introduce any statistical regularities in the generated checksums. The “Cipher/Message to Plain Feedback,” however, is not secure under a modification compensation atta...
9 citations