The difference between Pelican 2.0 and the original version is that the initial value changes from the all-zero string to another constant. The reason for this is the negative impact on security if key check values are available computed with a certain standard key check value algorithm that applies the block cipher to the zero string and takes as key check value its truncated output. The security impact of this on a number of standard MACs is studied in Cryptology ePrint Archive Report 2014/183 and the analysis carries over for Pelican.
Category / Keywords: AES, message authentication codes Date: received 21 Mar 2005, last revised 23 Apr 2014 Contact author: jda at noekeon org Available format(s): PDF | BibTeX Citation Note: See abstract Version: 20140423:150542 (All versions of this report) Short URL: ia.cr/2005/088 Discussion forum: Show discussion | Start new discussion