Results 1 
1 of
1
The Security of Cipher Block Chaining
, 1994
"... The Cipher Block Chaining  Message Authentication Code (CBC MAC) specifies that a message x = x 1 \Delta \Delta \Delta xm be authenticated among parties who share a secret key a by tagging x with a prefix of f (m) a (x) def = f a (f a (\Delta \Delta \Delta f a (f a (x 1 )\Phix 2 )\Phi \Delta ..."
Abstract

Cited by 144 (26 self)
 Add to MetaCart
The Cipher Block Chaining  Message Authentication Code (CBC MAC) specifies that a message x = x 1 \Delta \Delta \Delta xm be authenticated among parties who share a secret key a by tagging x with a prefix of f (m) a (x) def = f a (f a (\Delta \Delta \Delta f a (f a (x 1 )\Phix 2 )\Phi \Delta \Delta \Delta \Phix m\Gamma1 )\Phix m ) ; where f is some underlying block cipher (eg. f = DES). This method is a pervasively used international and U.S. standard. We provide its first formal justification, showing the following general lemma: that cipher block chaining a pseudorandom function gives a pseudorandom function. Underlying our results is a technical lemma of independent interest, bounding the success probability of a computationally unbounded adversary in distinguishing between a random mlbit to lbit function and the CBC MAC of a random lbit to lbit function. Advanced Networking Laboratory, IBM T.J. Watson Research Center, PO Box 704, Yorktown Heights, NY 10598, USA. em...