Cryptology ePrint Archive: Report 2001/074

On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit - A New Construction

Eliane Jaulmes and Antoine Joux and Frederic Valette

Abstract: In this paper, we study the security of randomized CBC-MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC-MAC using an n-bit block cipher is the same as the security of the usual encrypted CBC-MAC using a 2n-bit block cipher. Moreover, this construction adds a negligible computational overhead compared to the cost of a plain, non-randomized CBC-MAC. We give a full standard proof of our construction using one pass of a block cipher with 2n-bit keys but there also is a proof for n-bit keys block ciphers in the ideal cipher model.

Category / Keywords: cryptographic protocols / authentication codes, block ciphers

Publication Info: FSE 2002

Date: received 31 Aug 2001, last revised 28 Nov 2002

Contact author: eliane jaulmes at wanadoo fr

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Note: This revision includes explanations on MAC truncation. The proof has also been slightly modified, changing the use of the random oracle model for the ideal cipher model.

Version: 20021128:133419 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]