Results 1  10
of
45
UMAC: Fast and Secure Message Authentication
, 1999
"... Abstract. We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMACSHA1), and about twice as fast as times previously reported for the universal hashfunction f ..."
Abstract

Cited by 141 (14 self)
 Add to MetaCart
Abstract. We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMACSHA1), and about twice as fast as times previously reported for the universal hashfunction family MMH. To achieve such speeds, UMAC uses a new universal hashfunction family, NH, and a design which allows effective exploitation of SIMD parallelism. The “cryptographic ” work of UMAC is done using standard primitives of the user’s choice, such as a block cipher or cryptographic hash function; no new heuristic primitives are developed here. Instead, the security of UMAC is rigorously proven, in the sense of giving exact and quantitatively strong results which demonstrate an inability to forge UMACauthenticated messages assuming an inability to break the underlying cryptographic primitive. Unlike conventional, inherently serial MACs, UMAC is parallelizable, and will have everfaster implementation speeds as machines offer up increasing amounts of parallelism. We envision UMAC as a practical algorithm for nextgeneration message authentication. 1
On Fast and Provably Secure Message Authentication Based on Universal Hashing
 In Advances in Cryptology – CRYPTO ’96
, 1996
"... There are wellknown techniques for message authentication using universal hash functions. This approach seems very promising, as it provides schemes that are both efficient and provably secure under reasonable assumptions. This paper contributes to this line of research in two ways. First, it analy ..."
Abstract

Cited by 81 (0 self)
 Add to MetaCart
(Show Context)
There are wellknown techniques for message authentication using universal hash functions. This approach seems very promising, as it provides schemes that are both efficient and provably secure under reasonable assumptions. This paper contributes to this line of research in two ways. First, it analyzes the basic construction and some variants under more realistic and practical assumptions. Second, it shows how these schemes can be efficiently implemented, and it reports on the results of empirical performance tests that demonstrate that these schemes are competitive with other commonly employed schemes whose security is less wellestablished. 1 Introduction Message Authentication. Message authentication schemes are an important security tool. As more and more data is being transmitted over networks, the need for secure, highspeed, softwarebased message authentication is becoming more acute. The setting for message authentication is the following. Two parties A and B agree on a secre...
A BlockCipher Mode of Operation for Parallelizable Message Authentication
 Advances in Cryptology  EUROCRYPT 2002. Lecture Notes in Computer Science
, 2002
"... We define and analyze a simple and fully parallelizable blockcipher mode of operation for message authentication. Parallelizability does not come at the expense of serial e#ciency: in a conventional, serial environment, the algorithm's speed is within a few percent of the (inherently sequentia ..."
Abstract

Cited by 74 (13 self)
 Add to MetaCart
(Show Context)
We define and analyze a simple and fully parallelizable blockcipher mode of operation for message authentication. Parallelizability does not come at the expense of serial e#ciency: in a conventional, serial environment, the algorithm's speed is within a few percent of the (inherently sequential) CBC MAC. The new mode, PMAC, is deterministic, resembles a standard mode of operation (and not a CarterWegman MAC), works for strings of any bit length, employs a single blockcipher key, and uses just max{1, #M /n#} blockcipher calls to MAC a string M # {0, 1} # using an nbit block cipher. We prove PMAC secure, quantifying an adversary's forgery probability in terms of the quality of the block cipher as a pseudorandom permutation. Key words: blockcipher modes, message authentication codes, modes of operation, provable security. 1
Bucket Hashing and its Application to Fast Message Authentication
, 1995
"... We introduce a new technique for constructing a family of universal hash functions. ..."
Abstract

Cited by 56 (4 self)
 Add to MetaCart
(Show Context)
We introduce a new technique for constructing a family of universal hash functions.
MMH: Software Message Authentication in the Gbit/second Rates
, 1997
"... March, 1997 Abstract We describe a construction of almost universal hash functions suitable for very fast software implementation and applicable to the hashing of variable size data and fast cryptographic message authentication. Our construction uses fast single precision arithmetic which is increa ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
March, 1997 Abstract We describe a construction of almost universal hash functions suitable for very fast software implementation and applicable to the hashing of variable size data and fast cryptographic message authentication. Our construction uses fast single precision arithmetic which is increasingly supported by modern processors due to the growing needs for fast arithmetic posed by multimedia applications. We report on handoptimized assembly implementations on a 150 MHz PowerPC 604 and a 150 MHz PentiumPro, which achieve hashing speeds of 350 to 820 Mbit/sec, depending on the desired level of security (or collision probability), and a rate of more than 1 Gbit/sec on a 200 MHz PentiumPro. This represents a significant speedup over current software implementations of universal hashing and other message authentication techniques (e.g., MD5based). Moreover, our construction is specifically designed to take advantage of emerging microprocessor technologies (such as Intel's MMX, ...
The Poly1305AES messageauthentication code
 In Proc. FSE
, 2005
"... Abstract. Poly1305AES is a stateoftheart messageauthentication code suitable for a wide variety of applications. Poly1305AES computes a 16byte authenticator of a variablelength message, using a 16byte AES key, a 16byte additional key, and a 16byte nonce. The security of Poly1305AES is ve ..."
Abstract

Cited by 51 (13 self)
 Add to MetaCart
(Show Context)
Abstract. Poly1305AES is a stateoftheart messageauthentication code suitable for a wide variety of applications. Poly1305AES computes a 16byte authenticator of a variablelength message, using a 16byte AES key, a 16byte additional key, and a 16byte nonce. The security of Poly1305AES is very close to the security of AES; the security gap is at most 14D⌈L/16⌉/2 106 if messages have at most L bytes, the attacker sees at most 2 64 authenticated messages, and the attacker attempts D forgeries. Poly1305AES can be computed at extremely high speed: for example, fewer than 3.625(ℓ + 170) Athlon cycles for an ℓbyte message. This speed is achieved without precomputation; consequently, 1000 keys can be handled simultaneously without cache misses. Specialpurpose hardware can compute Poly1305AES at even higher speed. Poly1305AES is parallelizable, incremental, and not subject to any intellectualproperty claims.
A key recovery attack on the 802.11b wired equivalent privacy protocol (wep
 ACM Transactions on Information and System Security
, 2004
"... In this paper we present a practical key recovery attack on WEP, the linklayer security protocol for 802.11b wireless networks. The attack is based on a partial key exposure vulnerability in the RC4 stream cipher discovered by Fluhrer, Mantin, and Shamir. This paper describes how to apply this flaw ..."
Abstract

Cited by 33 (0 self)
 Add to MetaCart
(Show Context)
In this paper we present a practical key recovery attack on WEP, the linklayer security protocol for 802.11b wireless networks. The attack is based on a partial key exposure vulnerability in the RC4 stream cipher discovered by Fluhrer, Mantin, and Shamir. This paper describes how to apply this flaw to breaking WEP, our implementation of the attack, and optimizations that can be used to reduce the number of packets required for the attack. We conclude that the 802.11b WEP standard is completely insecure, and we provide recomendations on how this vulnerabilty could be mitigated and repaired.
FloatingPoint Arithmetic And Message Authentication
, 2000
"... There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same securi ..."
Abstract

Cited by 31 (9 self)
 Add to MetaCart
There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same security level  using IEEE floatingpoint arithmetic. This paper also presents a survey of the literature in a unified mathematical framework.
Software performance of universal hash functions
 In Advances in Cryptology — EUROCRYPT ’99
, 1999
"... Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood. 1
Square Hash: Fast Message Authentication via Optimized Universal Hash Functions
 In Proc. CRYPTO 99, Lecture Notes in Computer Science
, 1999
"... This paper introduces two new ideas in the construction of fast universal hash functions geared towards the task of message authentication. ..."
Abstract

Cited by 29 (6 self)
 Add to MetaCart
(Show Context)
This paper introduces two new ideas in the construction of fast universal hash functions geared towards the task of message authentication.