Cryptology ePrint Archive: Report 2005/161
Multiple forgery attacks against Message Authentication Codes
David A. McGrew and Scott R. Fluhrer
Abstract: Some message authentication codes (MACs) are vulnerable to multiple forgery attacks, in which an attacker can gain information that allows her to succeed in forging multiple message/tag pairs. This property was first noted in MACs based on universal hashing, such as the Galois/Counter Mode (GCM) of operation for block ciphers. However, we show that CBC-MAC and HMAC also have this property, and for some parameters are more vulnerable than GCM. We present multiple-forgery attacks against these algorithms, then analyze the security against these attacks by using the expected number of forgeries. We compare the different MACs using this measure.
This document is a pre-publication draft manuscript.
Category / Keywords: secret-key cryptography / message authentication codes
Publication Info: unpublished
Date: received 31 May 2005
Contact author: mcgrew at cisco com
Available format(s): PDF | BibTeX Citation
Version: 20050604:043940 (All versions of this report)
Short URL: ia.cr/2005/161
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]