TMAC: Two-Key CBC MAC
نویسندگان
چکیده
منابع مشابه
OMAC: One-Key CBC MAC
In this paper, we present One-key CBC MAC (OMAC) and prove its security for arbitrary length messages. OMAC takes only one key, K (k bits) of a block cipher E. Previously, XCBC requires three keys, (k + 2n) bits in total, and TMAC requires two keys, (k + n) bits in total, where n denotes the block length of E. The saving of the key length makes the security proof of OMAC substantially harder th...
متن کاملDistinguishing Attack and Second-Preimage Attack on the CBC-like MACs
In this paper, we first present a new distinguisher on the CBC-MAC based on a block cipher in Cipher Block Chaining (CBC) mode. It can also be used to distinguish other CBC-like MACs from random functions. The main results of this paper are on the secondpreimage attack on CBC-MAC and CBC-like MACs include TMAC, OMAC, CMAC, PC-MAC and MACs based on three-key encipher CBC mode. Instead of exhaust...
متن کاملFast and Secure CBC-Type MAC Algorithms
The CBC-MAC or cipher block chaining message authentication code, is a well-known method to generate message authentication codes. Unfortunately, it is not forgery-secure over an arbitrary domain. There are several secure variants of CBC-MAC, among which OMAC is a widely-used candidate. To authenticate an s-block message, OMAC costs (s+1) block cipher encryptions (one of these is a zero block e...
متن کاملStronger Security Bounds for OMAC, TMAC, and XCBC
OMAC, TMAC and XCBC are CBC-type MAC schemes which are provably secure for arbitrary message length. In this paper, we present a more tight upper bound on Adv for each scheme, where Adv denotes the maximum success (forgery) probability of adversaries. Our bounds are expressed in terms of the total length of all queries of an adversary to the MAC generation oracle while the previous bounds are e...
متن کاملAn improved collision probability for CBC-MAC and PMAC
In this paper we compute the coliision probability of CBC-MAC [3] for suitably chosen messages. We show that the probability is Ω(`q/N) where ` is the number of message block, N is the size of the domain and q is the total number of queries. For random oracle the probability is O(q/N). This improved collision prbability will help us to have an efficient distinguishing attack and MAC-forgery att...
متن کامل