Comments on NIST’s RMAC Proposal
نویسنده
چکیده
In standardizing a new mode of operation the first two goals are security and efficiency. Security should be demonstrated in the reduction-based provable-security paradigm: the belief that AES (say) is a good PRP should be enough to conclude that some MAC based on it is secure. This has become the generally-accepted way of demonstrating security. One might even say that a MAC design that fails to do at least this much fails to meet the accepted professional standard for the design of a new mode of operation. Efficiency is another central goal, and for an object as simple as RMAC this is rather easy to gauge. In terms of both demonstrated security and efficiency, NIST’s algorithm does not fare well. The remainder of this note assumes familiarity with the NIST draft and adopts the notations used there.
منابع مشابه
Comparison of CBC MAC Variants and Comments on NIST’s Consultation Paper
We consider two RMACs. One is RMAC defined in NIST’s draft [5], which we write RMAC1, with parameter set IV or V, where AES is used as the underlying block cipher, and uses a nonce R. The other one is RMAC mode 2 stated in NIST’s consultation paper [6], which we write RMAC2, where AES128 is used to compute the CBC MAC tag, AES256 is used to encrypt it, and uses a nonce R. We write RMAC to mean ...
متن کاملComments on the RMAC algorithm
First, regarding the ideal cipher model used in the proof of the (published) RMAC paper: as a researcher who has used both the ideal cipher model and the standard reductionbased proof modes, I must agree that the use of the ideal cipher model is inappropriate where it really is not mandated (because the reduction-based paradigm is sufficient as has been amply demonstrated by several other resea...
متن کاملProbabilistic Reliability Management Approach and Criteria for Power System Short-term Operational Planning
This paper develops a probabilistic decision making framework for reliability management in the short-term operational planning context. We build upon our recent work, which proposed a probabilistic reliability management approach and criterion (RMAC) for the latest decision making opportunity of real-time system operation. Here, we transpose the RMAC to the preceding problem instance of short-...
متن کاملRelated-Key and Key-Collision Attacks Against RMAC
In [JJV02] Jaulmes, Joux, and Valette propose a new randomized message authentication scheme, called RMAC, which NIST is currently in the process of standardizing [NIS02]. In this work we present several attacks against RMAC. The attacks are based on a new protocollevel related-key attack against RMAC and can be considered variants of Biham’s key-collision attack [Bih02]. These attacks provide ...
متن کاملPublic Comments Received on FIPS 186-4: Digital Signature Standard
NIST’s ECC standards create (1) unnecessary losses of sim plicity, security, and speed in ECC implementations and (2) unnecessary tensions between simplicity, security, and speed in ECC implementations.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002