On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it rec...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Ruhr-Universität Bochum
2019-06-01
|
Series: | IACR Transactions on Symmetric Cryptology |
Subjects: | |
Online Access: | https://ojs-speed.ub.rub.de/index.php/ToSC/article/view/8317 |
id |
doaj-b9c120fb81134803919856a693b6aeef |
---|---|
record_format |
Article |
spelling |
doaj-b9c120fb81134803919856a693b6aeef2021-03-02T06:07:14ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2019-06-012019210.13154/tosc.v2019.i2.146-168On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACsYaobin Shen0Lei Wang1Department of Computer Science and Engineering, Shanghai Jiao Tong University, ShanghaiDepartment of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China; University College Oxford Blockchain Research Centre; Oxford-Hainan Blockchain Research Institute ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC 9797-1 with respect to the beyond-birthday bound security. More specifically, we evaluate the XOR combiner of single-pass CBC-like MACs, which was used in previous version of ISO/IEC 9797-1. https://ojs-speed.ub.rub.de/index.php/ToSC/article/view/8317ISO/IEC 9797-1Beyond Birthday Bound SecurityXOR Combiner |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Yaobin Shen Lei Wang |
spellingShingle |
Yaobin Shen Lei Wang On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs IACR Transactions on Symmetric Cryptology ISO/IEC 9797-1 Beyond Birthday Bound Security XOR Combiner |
author_facet |
Yaobin Shen Lei Wang |
author_sort |
Yaobin Shen |
title |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
title_short |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
title_full |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
title_fullStr |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
title_full_unstemmed |
On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs |
title_sort |
on beyond-birthday-bound security: revisiting the development of iso/iec 9797-1 macs |
publisher |
Ruhr-Universität Bochum |
series |
IACR Transactions on Symmetric Cryptology |
issn |
2519-173X |
publishDate |
2019-06-01 |
description |
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC 9797-1 with respect to the beyond-birthday bound security. More specifically, we evaluate the XOR combiner of single-pass CBC-like MACs, which was used in previous version of ISO/IEC 9797-1.
|
topic |
ISO/IEC 9797-1 Beyond Birthday Bound Security XOR Combiner |
url |
https://ojs-speed.ub.rub.de/index.php/ToSC/article/view/8317 |
work_keys_str_mv |
AT yaobinshen onbeyondbirthdayboundsecurityrevisitingthedevelopmentofisoiec97971macs AT leiwang onbeyondbirthdayboundsecurityrevisitingthedevelopmentofisoiec97971macs |
_version_ |
1724242252537004032 |