Cryptology ePrint Archive: Report 2014/183

Impact of ANSI X9.24-1:2009 Key Check Value on ISO/IEC 9797-1:2011 MACs

Tetsu Iwata and Lei Wang

Abstract: ANSI X9.24-1:2009 specifies the key check value, which is used to verify the integrity of the blockcipher key. This value is defined as the most significant bits of the ciphertext of the zero block, and is assumed to be publicly known data for verification. ISO/IEC 9797-1:2011 illustrates a total of ten CBC MACs, where one of these MACs, the basic CBC MAC, is widely known to be insecure. In this paper, we consider the remaining nine CBC MACs and derive the quantitative security impact of using the key check value. We first show attacks against five MACs by taking advantage of the knowledge of the key check value. We then prove that the analysis is tight, in a concrete security paradigm. For the remaining four MACs, we prove that the standard birthday bound still holds even with the presence of the key check value. As a result, we obtain a complete characterization of the impact of using ANSI X9.24-1 key check value with the ISO/IEC 9797-1 MACs.

Category / Keywords: secret-key cryptography / ANSI X9.24-1:2009, key check value, ISO/IEC 9797-1:2011, CBC MAC, proof of security.

Original Publication (with major differences): IACR-FSE-2014

Date: received 8 Mar 2014

Contact author: iwata at cse nagoya-u ac jp

Available format(s): PDF | BibTeX Citation

Note: A preliminary version of this paper appears in the pre-proceedings of FSE 2014. This is the full version.

Version: 20140309:201636 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]