Paper 2007/292

Improved security analysis of OMAC

Mridul Nandi


We present an improved security analysis of OMAC, the construction is widely used as a candidate of MAC or Pseudo Random Function (or PRF). In this direction, the first result was given in Crypto-05 where an improved security analysis of CBC (for fixed length or for arbitrary length prefix-free messages) had provided. Followed by this work, improved bounds for XCBC, TMAC and PMAC were found. The improved bounds are of the form $\mathrm{O}(\frac{Lq^2}{2^n})$ where the original bounds are $\mathrm{O}(\frac{\sigma^2}{2^n})$ which is roughly $\mathrm{O}(\frac{L^2q^2}{2^n})$. Here, a distinguisher can make at most $q$ queries having at most $\sigma$ many blocks with $L$ as the maximum block size. The original bound for OMAC was roughly $\frac{5L^2q^2}{2^n}$ shown in FSE-03 and the next improved bound was $\frac{4\sigma^2}{2^n}$ shown in Indocrypt-03. In this paper we have provided an improved bound (a similar form as provided for others) for OMAC and the bound we show is roughly $\frac{4q\sigma}{2^n} = \mathrm{O}(\frac{Lq^2}{2^n})$.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
mridul nandi @ gmail com
2007-08-07: received
Short URL
Creative Commons Attribution


      author = {Mridul Nandi},
      title = {Improved security analysis of {OMAC}},
      howpublished = {Cryptology ePrint Archive, Paper 2007/292},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.