Partial Key Recovery Attacks on XCBC, TMAC and OMAC

نویسنده

  • Chris J. Mitchell
چکیده

The security provided by the XCBC, TMAC and OMAC schemes is analysed and compared with other MAC schemes. In particular, ‘partial’ key recovery attacks against all three of these schemes are described, yielding upper bounds on the effective security level. The results imply that there is relatively little to be gained practically through the introduction of these schemes by comparison with other well-established

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Comments on “On the security of XCBC, TMAC and OMAC” by Mitchell

In August 2003, Mitchell published a note “On the security of XCBC, TMAC and OMAC” [8]. We have already pointed out that some of the claims in [8] are incorrect [7], in this note, we further point out limitations of the above note. Our main observations are: – All of the analysis in [8] are within our security bound, and therefore, it does not break the security bound of OMAC, – The birthday bo...

متن کامل

On the security of XCBC, TMAC and OMAC

The security provided by the XCBC, TMAC and OMAC schemes is analysed and compared with other MAC schemes. The results imply that there is relatively little to be gained practically through the introduction of these schemes by comparison with other well-established MAC functions. Moreover, TMAC and OMAC possess design weaknesses which enable part of the secret key to be recovered much more easil...

متن کامل

OMAC: One-Key CBC MAC

In this paper, we present One-key CBC MAC (OMAC) and prove its security for arbitrary length messages. OMAC takes only one key, K (k bits) of a block cipher E. Previously, XCBC requires three keys, (k + 2n) bits in total, and TMAC requires two keys, (k + n) bits in total, where n denotes the block length of E. The saving of the key length makes the security proof of OMAC substantially harder th...

متن کامل

Stronger Security Bounds for OMAC, TMAC, and XCBC

OMAC, TMAC and XCBC are CBC-type MAC schemes which are provably secure for arbitrary message length. In this paper, we present a more tight upper bound on Adv for each scheme, where Adv denotes the maximum success (forgery) probability of adversaries. Our bounds are expressed in terms of the total length of all queries of an adversary to the MAC generation oracle while the previous bounds are e...

متن کامل

On the Security of a MAC by Mitchell

Tetsu IWATA †a) and Kaoru KUROSAWA †b) , Members SUMMARY OMAC is a provably secure MAC scheme proposed by Iwata and Kurosawa [10]. NIST currently intends to specify OMAC as the modes recommendation. In August 2003, Mitchell published a note " On the security of XCBC, TMAC and OMAC " to propose a new variant of OMAC [16]. We call it OMAC1. In this paper, we prove that OMAC1 is less secure than t...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005