On the security of XCBC, TMAC and OMAC

Chris J. Mitchell

(2003)

Chris J. Mitchell (2003) On the security of XCBC, TMAC and OMAC.

Our Full Text Deposits

Full text access: Open

Full Text - 147.4 KB

Links to Copies of this Item Held Elsewhere

Mathematics Departmental Web Page

Abstract

The security provided by the XCBC, TMAC and OMAC schemes is analysed and compared with other MAC schemes. The results imply that there is relatively little to be gained practically through the introduction of these schemes by comparison with other well-established MAC functions. Moreover, TMAC and OMAC possess design weaknesses which enable part of the secret key to be recovered much more easily than would ideally be the case — design changes are suggested which alleviate this problem. Whether or not the proofs of security are retrievable for the modified designs remains an open question, although the need for change would appear to be clear.

Information about this Version

This is a Published version
This version's date is: 19/08/2003
This item is peer reviewed

Link to this Version

https://repository.royalholloway.ac.uk/items/35768eaa-2b85-ff35-374c-658edf7c99b5/1/

Item TypeMonograph (Technical Report)
TitleOn the security of XCBC, TMAC and OMAC
AuthorsChris J. Mitchell, Chris J.
DepartmentsFaculty of Science\Mathematics

Deposited by () on 14-Jul-2010 in Royal Holloway Research Online.Last modified on 10-Dec-2010

Notes

References

[1] American Bankers Association, Washington, DC, ANSI X9.19, financial
institution retail message authentication, August 1986.

[2] A. Berendschot, B. den Boer, J.-P. Boly, A. Bosselaers, J. Brandt,
D. Chaum, I. Damgard, M. Dichtl, W. Fumy, M. van der Ham, C. J. A.
Jansen, P. Landrock, B. Preneel, G. Roelofsen, P. de Rooij, and J. Vandewalle,
Integrity primitives for secure information systems, Lecture
Notes in Computer Science, vol. 1007, Springer-Verlag, Berlin, 1995.

[3] J. Black and P. Rogaway, CBC-MACs for arbitrary length messages:
The three-key constructions, Advances in Cryptology — Crypto 2000
(M. Bellare, ed.), Lecture Notes in Computer Science, vol. 1880,
Springer-Verlag, Berlin, 2000, pp. 197–215.

[4] S. Furuya and K. Sakurai, Risks with raw-key masking — The security
evaluation of 2-key XCBC, Information and Communications Security,
4th International Conference, ICICS 2002 (R. H. Deng, S. Qing,
F. Bao, and J. Zhou, eds.), Lecture Notes in Computer Science, vol.
2513, Springer-Verlag, Berlin, 2002, pp. 327–341.

[5] International Organization for Standardization, Gen`eve, Switzerland,
ISO/IEC 9797–1, Information technology — Security techniques —
Message Authentication Codes (MACs) — Part 1: Mechanisms using
a block cipher, 1999.

[6] T. Iwata and K. Kurosawa, Stronger security bounds for OMAC, TMAC
and XCBC, 2003, Department of Computer and Information Sciences,
Ibaraki University, Japan.

[7] , OMAC: One-key CBC MAC, Proceedings of FSE 2003, Lecture
Notes in Computer Science, Springer-Verlag, Berlin, to appear.

[8] K. Kurosawa and T. Iwata, TMAC: Two-key CBC MAC, Topics in
Cryptology — CT-RSA 2003 (M. Joye, ed.), Lecture Notes in Computer
Science, vol. 2612, Springer-Verlag, Berlin, 2003, pp. 33–49.

[9] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of
applied cryptography, CRC Press, Boca Raton, 1997.

[10] E. Petrank and C. Rackoff, CBC MAC for real-time data sources, Journal
of Cryptology 13 (2000), 315–338.

[11] B. Preneel and P.C. van Oorschot, A key recovery attack on the ANSI
X9.19 retail MAC, Electronics Letters 32 (1996), 1568–1569.

[12] , On the security of iterated Message Authentication Codes, IEEE
Transactions on Information Theory 45 (1999), 188–199.

[13] J. Sung, D. Hong, and S. Lee, Key recovery attacks on the RMAC,
TMAC, and IACBC, ACISP 2003 (R. Safavi-Naini and J. Seberry, eds.),
Lecture Notes in Computer Science, vol. 2727, Springer-Verlag, Berlin,
2003, pp. 265–273.

Details