Paper 2014/183

Impact of ANSI X9.24-1:2009 Key Check Value on ISO/IEC 9797-1:2011 MACs

Tetsu Iwata and Lei Wang

Abstract

ANSI X9.24-1:2009 specifies the key check value, which is used to verify the integrity of the blockcipher key. This value is defined as the most significant bits of the ciphertext of the zero block, and is assumed to be publicly known data for verification. ISO/IEC 9797-1:2011 illustrates a total of ten CBC MACs, where one of these MACs, the basic CBC MAC, is widely known to be insecure. In this paper, we consider the remaining nine CBC MACs and derive the quantitative security impact of using the key check value. We first show attacks against five MACs by taking advantage of the knowledge of the key check value. We then prove that the analysis is tight, in a concrete security paradigm. For the remaining four MACs, we prove that the standard birthday bound still holds even with the presence of the key check value. As a result, we obtain a complete characterization of the impact of using ANSI X9.24-1 key check value with the ISO/IEC 9797-1 MACs.

Note: A preliminary version of this paper appears in the pre-proceedings of FSE 2014. This is the full version.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in FSE 2014
Keywords
ANSI X9.24-1:2009key check valueISOIEC 9797-1:2011CBC MACproof of security.
Contact author(s)
iwata @ cse nagoya-u ac jp
History
2014-03-09: received
Short URL
https://ia.cr/2014/183
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/183,
      author = {Tetsu Iwata and Lei Wang},
      title = {Impact of {ANSI} X9.24-1:2009 Key Check Value on {ISO}/{IEC} 9797-1:2011 {MACs}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/183},
      year = {2014},
      url = {https://eprint.iacr.org/2014/183}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.