Cryptology ePrint Archive: Report 2001/027

A Block-Cipher Mode of Operation for Parallelizable Message Authentication

John Black and Phillip Rogaway

Abstract: We define and analyze a simple and fully parallelizable block-cipher mode of operation for message authentication. Parallelizability does not come at the expense of serial efficiency: in a conventional, serial environment, the algorithm's speed is within a few percent of the (inherently sequential) CBC~MAC. The new mode, PMAC, is deterministic, resembles a standard mode of operation (and not a Carter-Wegman MAC), works for strings of any bit length, employs a single block-cipher key, and uses just max{1, ceiling(|M|/n)} block-cipher calls to MAC any string M using an n-bit block cipher. We prove PMAC secure, quantifying an adversary's forgery probability in terms of the quality of the block cipher as a pseudorandom permutation.

Category / Keywords: block-cipher modes, message authentication codes, modes of operation, provable security

Publication Info: An extended abstract to appear at Eurocrypt 2002. This is the full version.

Date: received 1 Apr 2001, last revised 4 Sep 2002

Contact author: jrblack at cs colorado edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20020904:171611 (All versions of this report)

Short URL: ia.cr/2001/027

Discussion forum: Show discussion | Start new discussion