Abstract
Practical MACs are typically designed by iterating applications of some fixed-input-length (FIL) primitive, namely one like a block cipher or compression function that only applies to data of a fixed length. Existing security analyses of these constructions either require a stronger security property from the FIL primitive (eg. pseudorandomness) than the unforgeability required of the final MAC, or, as in the case of HMAC, make assumptions about the iterated function itself. In this paper we consider the design of iterated MACs under the (minimal) assumption that the given FIL primitive is itself a MAC. We look at three popular transforms, namely CBC, Feistel and the Merkle-Damgård method, and ask for each whether it preserves unforgeability. We show that the answer is no in the first two cases and yes in the third. The last yields an alternative cryptographic hash function based MAC which is secure under weaker assumptions than existing ones, although at a slight increase in cost.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
References
J. An and M. Bellare, “Constructing VIL-MACs from FIL-MACs: Message authentication under weakend assumptions,” Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir.
ANSI X9.9, “American National Standard for Financial Institution Message Authentication (Wholesale),” American Bankers Association, 1981. Revised 1986.
M. Bellare, R. Canetti and H. Krawczyk, “Keying hash functions for message authentication,” Advances in Cryptology-Crypto 96 Proceedings, Lectures Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.
M. Bellare, R. Canetti and H. Krawczyk, “Pseudorandom functions revisited: the cascade construction and its concrete security,” Proceedings of the 37th Symposium on Foundations of Computer Science, IEEE, 1996.
M. Bellare, A. Desai, E. Jokipii and P. Rogaway, “A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.
M. Bellare, J. Kilian and P. Rogaway, “The security of cipher block chaining,” Advances in Cryptology-Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.
M. Bellare and P. Rogaway, “Collision-Resistant Hashing: Towards Making UOWHFs Practical,” Advances in Cryptology-Crypto 97 Proceedings, Lectures Notes in Computer Science Vol. 1294, B. Kaliski ed., Springer-Verlag, 1997.
M. Bellare, O. Goldreich and S. Goldwasser, “Incremental cryptography with application to virus protection,” Proc. 27th Annual Symposium on the Theory of Computing, ACM, 1995.
M. Bellare, R. GuÉrin and P. Rogaway, “XOR MACs: New methods for message authentication using finite pseudorandom functions,” Advances in Cryptology-Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.
L. Carter and M. Wegman, “Universal Hash Functions,” Journal of Computer and System Science, Vol. 18, 1979, pp. 143–154.
I. Damgård, “A Design Principle for Hash Functions,” Advances in Cryptology-Crypto 89 Proceedings, Lectures Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989.
O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions,”Journal of the ACM, Vol. 33, No. 4, 210–217, (1986).
S. Goldwasser and S. Micali, “Probabilistic encryption,” Journal of Computer and System Science, Vol. 28, 1984, pp. 270–299.
S. Goldwasser, S. Micali and R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal of Computing, Vol. 17, No. 2, pp. 281–308, April 1988.
M. Luby and C. Rackoff, “How to Construct Pseudorandom Permutations from Pseudorandom Functions,” SIAM Journal of Computing, Vol. 17, No. 2, pp. 373–386, April 1988.
R. Merkle, “One way hash functions and DES,” Advances in Cryptology-Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989.
R. Merkle, “A certified digital signature,” Advances in Cryptology-Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989.
M. Naor and M. Yung, “Universal one-way hash functions and their cryptographic applications,” Proceedings of the 21st Annual Symposium on Theory of Computing, ACM, 1989.
E. Petrank and C. Rackoff, CBC MAC for real time data sources. DIMACS Technical Report 97-26, 1997.
B. Preneel and P. van Oorschot, “MD-x MAC and building fast MACs from hash functions,” Advances in Cryptology-Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.
R. Rivest, “The MD5 message-digest algorithm,” IETF RFC 1321 (April 1992).
FIPS 180-1. Secure Hash Standard. Federal Information Processing Standard (FIPS), Publication 180-1, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., April 1995.
Wegman and Carter, “New hash functions and their use in authentication and set equality,” Journal of Computer and System Sciences, Vol. 22, 1981, pp. 265–279.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
An, J.H., Bellare, M. (1999). Constructing VIL-MACs from FIL-MACs: Message Authentication under Weakened Assumptions. In: Wiener, M. (eds) Advances in Cryptology — CRYPTO’ 99. CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48405-1_16
Download citation
DOI: https://doi.org/10.1007/3-540-48405-1_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66347-8
Online ISBN: 978-3-540-48405-9
eBook Packages: Springer Book Archive