Cryptology ePrint Archive: Report 2005/161

Multiple forgery attacks against Message Authentication Codes

David A. McGrew and Scott R. Fluhrer

Abstract: Some message authentication codes (MACs) are vulnerable to multiple forgery attacks, in which an attacker can gain information that allows her to succeed in forging multiple message/tag pairs. This property was first noted in MACs based on universal hashing, such as the Galois/Counter Mode (GCM) of operation for block ciphers. However, we show that CBC-MAC and HMAC also have this property, and for some parameters are more vulnerable than GCM. We present multiple-forgery attacks against these algorithms, then analyze the security against these attacks by using the expected number of forgeries. We compare the different MACs using this measure.

This document is a pre-publication draft manuscript.

Category / Keywords: secret-key cryptography / message authentication codes

Publication Info: unpublished

Date: received 31 May 2005

Contact author: mcgrew at cisco com

Available format(s): PDF | BibTeX Citation

Version: 20050604:043940 (All versions of this report)

Short URL: ia.cr/2005/161

Discussion forum: Show discussion | Start new discussion