On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it rec...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2019-06-01
|
| Series: | IACR Transactions on Symmetric Cryptology |
| Subjects: | |
| Online Access: | https://ojs-speed.ub.rub.de/index.php/ToSC/article/view/8317 |
| id |
doaj-b9c120fb81134803919856a693b6aeef |
|---|---|
| record_format |
Article |
| spelling |
doaj-b9c120fb81134803919856a693b6aeef2021-03-02T06:07:14ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2019-06-012019210.13154/tosc.v2019.i2.146-168On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACsYaobin Shen0Lei Wang1Department of Computer Science and Engineering, Shanghai Jiao Tong University, ShanghaiDepartment of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China; University College Oxford Blockchain Research Centre; Oxford-Hainan Blockchain Research Institute ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC 9797-1 with respect to the beyond-birthday bound security. More specifically, we evaluate the XOR combiner of single-pass CBC-like MACs, which was used in previous version of ISO/IEC 9797-1. https://ojs-speed.ub.rub.de/index.php/ToSC/article/view/8317ISO/IEC 9797-1Beyond Birthday Bound SecurityXOR Combiner |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Yaobin Shen Lei Wang |
| spellingShingle |
Yaobin Shen Lei Wang On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs IACR Transactions on Symmetric Cryptology ISO/IEC 9797-1 Beyond Birthday Bound Security XOR Combiner |
| author_facet |
Yaobin Shen Lei Wang |
| author_sort |
Yaobin Shen |
| title |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
| title_short |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
| title_full |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
| title_fullStr |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
| title_full_unstemmed |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
| title_sort |
on beyond-birthday-bound security: revisiting the development of iso/iec 9797-1 macs |
| publisher |
Ruhr-Universität Bochum |
| series |
IACR Transactions on Symmetric Cryptology |
| issn |
2519-173X |
| publishDate |
2019-06-01 |
| description |
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC 9797-1 with respect to the beyond-birthday bound security. More specifically, we evaluate the XOR combiner of single-pass CBC-like MACs, which was used in previous version of ISO/IEC 9797-1.
|
| topic |
ISO/IEC 9797-1 Beyond Birthday Bound Security XOR Combiner |
| url |
https://ojs-speed.ub.rub.de/index.php/ToSC/article/view/8317 |
| work_keys_str_mv |
AT yaobinshen onbeyondbirthdayboundsecurityrevisitingthedevelopmentofisoiec97971macs AT leiwang onbeyondbirthdayboundsecurityrevisitingthedevelopmentofisoiec97971macs |
| _version_ |
1724242252537004032 |