Paper 2005/161

Multiple forgery attacks against Message Authentication Codes

David A. McGrew and Scott R. Fluhrer

Abstract

Some message authentication codes (MACs) are vulnerable to multiple forgery attacks, in which an attacker can gain information that allows her to succeed in forging multiple message/tag pairs. This property was first noted in MACs based on universal hashing, such as the Galois/Counter Mode (GCM) of operation for block ciphers. However, we show that CBC-MAC and HMAC also have this property, and for some parameters are more vulnerable than GCM. We present multiple-forgery attacks against these algorithms, then analyze the security against these attacks by using the expected number of forgeries. We compare the different MACs using this measure. This document is a pre-publication draft manuscript.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. unpublished
Keywords
message authentication codes
Contact author(s)
mcgrew @ cisco com
History
2005-06-04: received
Short URL
https://ia.cr/2005/161
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/161,
      author = {David A.  McGrew and Scott R.  Fluhrer},
      title = {Multiple forgery attacks against Message Authentication Codes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2005/161},
      year = {2005},
      url = {https://eprint.iacr.org/2005/161}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.