## Practical and Secure Message Authentication (1995)

Venue: | In Series of Annual Workshop on Selected Areas in Cryptography (SAC |

Citations: | 6 - 3 self |

### BibTeX

@INPROCEEDINGS{Safavi-Naini95practicaland,

author = {Bakhtiari Safavi-Naini and S. Bakhtiari and R. Safavi-naini and J. Pieprzyk},

title = {Practical and Secure Message Authentication},

booktitle = {In Series of Annual Workshop on Selected Areas in Cryptography (SAC},

year = {1995},

pages = {55--68}

}

### OpenURL

### Abstract

Use of encryption algorithms in message authentication is replaced by secure hash functions which are often faster than encryption algorithms. Tsudik [14] has proposed three methods on message authentication which are only based on one-way hash functions and use some keys to make them secure. In this paper, we give a set of practical methods, each of which uses a fast collision free hash function (such as MD5) and provides secure message authentication. The idea of the proposed methods is almost similar to that of Tsudik's, but we are able to reduce the key length eight times compared to the Tsudik's constructions, while maintaining the same security. In our methods, the secret key is added using exclusive-or or assign operators (instead of concatenation) to make them faster. We also have proved that our methods belong to the Secure Keyed One-Way Hash Function (SKOWHF) group, if the underlying hash function is secure. 1 Introduction In today's communication, existence of a fast method...

### Citations

875 |
The MD5 message-digest algorithm
- Rivest
- 1992
(Show Context)
Citation Context ...ed three methods on message authentication which are based on one-way hash functions and some secret keys. He has named the methods as Secret Prefix, Secret Suffix, and Envelope Method, and used MD4 (=-=[11]-=-) as the hashing function. In this paper we modify Tsudik's methods by reducing the key length from 512 to 128 bits. This reduction not only increases the speed of the process, but also makes easier t... |

128 |
Analysis and design of cryptographic hash functions
- Preneel
- 1993
(Show Context)
Citation Context ...ange some bits and find the corresponding parity bits; the authenticity does not depend on a secret key. Sometimes in the literature, secure authentication is called Message Authentication Code (MAC) =-=[10]-=-, or Secured Keyed One-Way Hash Functions (SKOWHF) [3]. Support for this project was provided in part by the Australian Research Council under the reference number A49530480. 1 Encryption algorithms, ... |

111 | Message authentication with one-way hash functions
- Tsudik
- 1992
(Show Context)
Citation Context ...gong, NSW 2522, Australia August 4, 1995 Abstract Use of encryption algorithms in message authentication is replaced by secure hash functions which are often faster than encryption algorithms. Tsudik =-=[14]-=- has proposed three methods on message authentication which are only based on one-way hash functions and use some keys to make them secure. In this paper, we give a set of practical methods, each of w... |

55 | HAVAL | a one-way hashing algorithm with variable length output
- Zheng, Pieprzyk, et al.
- 1993
(Show Context)
Citation Context ...ions depending on the different demands. MD4 can be used when a faster implementation is needed. Note that, MD4 is less complicated than MD5 and seems to be less secure than MD5 (refer to [4]). HAVAL =-=[15]-=-, is another hash function that can be used when a more secure keyed hash function is demanded. The interesting point with HAVAL is its ability to manipulate the message digests with different sizes. ... |

46 |
Cryptography: An Introduction to Computer Security
- Seberry, Pieprzyk
- 1989
(Show Context)
Citation Context ...ret key between each two parties (eg, on a wide computer network with many users). In this case, existence of an arbiter becomes useful. To find more about the basic key distribution schemes refer to =-=[13]-=-. 1.2 MD5 Summary MD5 is a hashing algorithm that maps an arbitrary length message to a 128-bit message digest (hash value). It is build to be fast on machines with 32-bit registers. MD5 always pads s... |

42 | An attack on the last two rounds of MD4
- Boer, Bosselaers
- 1992
(Show Context)
Citation Context ...r hash functions depending on the different demands. MD4 can be used when a faster implementation is needed. Note that, MD4 is less complicated than MD5 and seems to be less secure than MD5 (refer to =-=[4]-=-). HAVAL [15], is another hash function that can be used when a more secure keyed hash function is demanded. The interesting point with HAVAL is its ability to manipulate the message digests with diff... |

39 | Cryptographic Hash Functions: A Survey - Bakhtiari, Safavi-Naini, et al. - 1995 |

36 | A high-speed des implementation for network applications
- Eberle
- 1992
(Show Context)
Citation Context ...st the related possible attacks. The length of the key assures that Exhaustive Key Search (or Brute Force Attack) does not work on the methods (for fast implementation of this kind of attack refer to =-=[6]-=-). Therefore, we examine Pseudo Attack, Padding Attack, and Birthday Attack. 5.1 Pseudo Attack We have called this attack Pseudo Attack, since the cryptanalyst tries to find a pseudo key c K with f(M;... |

20 |
Sadeghiyan B. Design of Hashing Algorithms
- Pieprzyk
- 1993
(Show Context)
Citation Context ...sage (which hopefully differ from the real one) instead. This attack is one of the most powerful attacks on the hash functions with uniform message digest distribution and short message digest length =-=[9, 10]-=-. In [9, Section 3.2], the authors have recommended that the length of the hash value should be around 128 bits to avoid this attack. Therefore, our methods are safe against this attack. 4 Furthermore... |

3 |
Collisions for the Compression Function of MD5
- Boer, Bosselaers
- 1994
(Show Context)
Citation Context ...MD5 in particular) can be defined as finding two different initial vectors that under a message give a same message digest. The first pseudo collision for MD5 has been found by Boer and Bosselaers in =-=[5]-=-. Their attack cannot give a pseudo collision when one of the initial vectors is fixed, because, they start from a middle point and go forward and backward to find two initial vectors that are mapped ... |

3 |
On "Pseudocollisions
- Robshaw
- 1993
(Show Context)
Citation Context ...ed to one message digest. This implies that the found initial vectors, message, and message digest look like random numbers. Therefore, their attacks are not applicable to our methods. (Also refer to =-=[7]-=-.) In Method 6, the enemy cannot find a pseudo value for K 0 AB , because, it is processed separately under an exclusive-or operation. That is, if X \Phi K 0 AB = MD, where X is the intermediate value... |

2 | A Fast Keyed Hash Function (KHF - Bakhtiari, Safavi-Naini, et al. - 1995 |

1 |
Collisionful Hash Functions. Technical Report (included in) SRI-CSL-94-08, SRI International LaboIf length of the message M is less than 448, four bits of the key will be revealed. This is because, addition modulo 2 is like XOR operation on the least sign
- Secure
- 1993
(Show Context)
Citation Context ...the authenticity does not depend on a secret key. Sometimes in the literature, secure authentication is called Message Authentication Code (MAC) [10], or Secured Keyed One-Way Hash Functions (SKOWHF) =-=[3]-=-. Support for this project was provided in part by the Australian Research Council under the reference number A49530480. 1 Encryption algorithms, such as DES ([8]), are usually used in different appli... |