Cryptology ePrint Archive: Report 2001/074
On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit - A New Construction
Eliane Jaulmes and Antoine Joux and Frederic Valette
Abstract: In this paper, we study the security of randomized CBC-MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC-MAC using an n-bit block cipher is the same as the security of the usual encrypted CBC-MAC using a 2n-bit block cipher. Moreover, this construction adds a negligible computational overhead compared to the cost of a plain, non-randomized CBC-MAC. We give a full standard proof of our construction using one pass of a block cipher with 2n-bit keys but there also is a proof for n-bit keys block ciphers in the ideal cipher model.
Category / Keywords: cryptographic protocols / authentication codes, block ciphers
Publication Info: FSE 2002
Date: received 31 Aug 2001, last revised 28 Nov 2002
Contact author: eliane jaulmes at wanadoo fr
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation
Note: This revision includes explanations on MAC truncation. The proof has also been slightly modified, changing the use of the random oracle model for the ideal cipher model.
Version: 20021128:133419 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]