Mitchell, C. J. and Knudsen, L. R. (2003) Analysis of 3gpp-MAC and two-key 3gpp-MAC. Discrete Applied Mathematics, 128 (1).
Full text access: Open
Forgery and key-recovery attacks are described on the 3gpp-MAC scheme, proposed for inclusion in the 3gpp specification. Three main classes of attack are given, all of which operate whether or not truncation is applied to the MAC value. Attacks in the first class use a large number of ‘chosen MACs’, those in the second class use a large number of ‘known MACs’, and those in the third class require a large number of MAC verifications, but very few known MACs and no chosen MACs. The first class yields both forgery and key-recovery attacks, whereas the second and third classes are key-recovery attacks only. Both single-key and two-key variants of 3gpp-MAC are considered; the forgery attacks are relevant to both variants, whereas the key-recovery attacks are only relevant to the two-key variant.
This is a Published version This version's date is: 05/2003 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/3041da53-805c-d319-b860-357471a66aa3/1/
Deposited by () on 23-Dec-2009 in Royal Holloway Research Online.Last modified on 23-Dec-2009
This is the Preprint version of the paper submitted to Elsevier Science to appear in 'Discrete Applied Mathematics', 128(1), May 2003. Copyright 2003 Elsevier Science B.V., Amsterdam.
1. International Organization for Standardization, Genève, Switzerland, ISO/IEC 9797-1, Information technologyâSecurity techniquesâMessage Authentication Codes (MACs)âPart 1: Mechanisms using a block cipher, 1999 2. L.R. Knudsen and B. Preneel, Mac DES: MAC algorithm based on DES. Electron. Lett. 34 (1998), pp. 871â873 3. K. Nishimura and M. Sibuya, Probability to meet in the middle. J. Cryptol. 2 (1990), pp. 13â22 4. B. Preneel and P.C. van Oorschot, A key-recovery attack on the ANSI X9.19 retail MAC. Electron. Lett. 32 (1996), pp. 1568â1569