Abstract:
. We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and envelope methods, are shown to be unsatisfactory. Motivated by the absence of a secure, fast MAC algorithm not based on encryption, a new generic construction (MDx-MAC) is proposed for transforming any secure hash function of the MD4-family into a secure MAC of equal or smaller bitlength and comparable speed. 1 Introduction Hash functions play a fundamental role in modern cryptography. One main application is their use in conjunction with digital signature schemes; another is in conventional techniques for message authentication. In the latter, it is preferable that a hash function take as a d...
Citations
|
287
|
The MD5 Message Digest Algorithm
– Rivest
- 1992
|
|
237
|
New hash functions and their use in authentication and set equality
– Wegman, Carter
- 1981
|
|
163
|
A design principle for hash functions
– DamgËšard
- 1989
|
|
131
|
The Security of Cipher Block Chaining
– Bellare, Kilian, et al.
- 1994
|
|
100
|
XOR MACs: New methods for message authentication using finite pseudorandom functions
– Bellare, Gu'erin, et al.
- 1995
|
|
90
|
Message authentication with one-way hash functions
– Tsudik
- 1992
|
|
77
|
LFSR-based Hashing and Authentication
– Krawczyk
- 1994
|
|
72
|
Security for Computer Networks
– Davies, Price
- 1984
|
|
63
|
Efficient DES key search
– Wiener
- 1994
|
|
57
|
The MD5 Message-Digest Algorithm", RFC 1321
– Rivest
- 1992
|
|
47
|
Secure hash standard
– FIPS
- 1995
|
|
42
|
Collisions for the compression function of MD5
– Boer, Bosselaers
- 1994
|
|
34
|
The state of cryptographic hash functions
– Preneel
- 1998
|
|
27
|
An Attack on the Last Two Rounds of MD4
– Boer, Bosselaers
- 1992
|
|
27
|
On the need for multipermutations: Cryptanalysis of MD4 and SAFER
– Vaudenay
- 1995
|
|
26
|
Message Authentication with MD5
– Kaliski, Robshaw
- 1995
|
|
23
|
Data Encryption Standard
– FIPS
- 1977
|
|
9
|
On the relation between A-codes and codes correcting independent errors
– Johansson, Kabatianskii, et al.
- 1994
|
|
8
|
Message Authentication with Manipulation Detection Codes
– Jueneman, Matyas, et al.
- 1983
|
|
7
|
Information technology -- Data cryptographic techniques -- Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm
– ISOIEC
- 1987
|
|
7
|
The Kerberos Version 5 GSS-API Mechanism
– Linn
- 1964
|
|
6
|
A Cryptographic Checksum for Integrity Protection
– Cohen
- 1987
|
|
6
|
A Message Authenticator Algorithm Suitable for A Mainframe Computer
– Davies
- 1985
|
|
6
|
Secure management of SNMP networks
– Galvin, McCloghrie, et al.
- 1991
|
|
5
|
Banking -- approved algorithms for message authentication, Part 1
– ISO
- 1987
|
|
4
|
Solutions to the multidestination secure electronic mail problem
– Mitchell, Walker
- 1988
|
|
3
|
The message authenticator algorithm (MAA) and its implementation
– Davies, Clayden
- 1988
|
|
1
|
modes of operation, NBS
– FIPS
- 1980
|
|
1
|
Integrity Primitives Evaluation (RIPE-RACE 1040): Final Report
– RIPE
- 1995
|
