CryptoDB
On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit - A New Construction
| Authors: | |
|---|---|
| Download: | |
| Abstract: | In this paper, we study the security of randomized CBC-MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC-MAC using an n-bit block cipher is the same as the security of the usual encrypted CBC-MAC using a 2n-bit block cipher. Moreover, this construction adds a negligible computational overhead compared to the cost of a plain, non-randomized CBC-MAC. We give a full standard proof of our construction using one pass of a block cipher with 2n-bit keys but there also is a proof for n-bit keys block ciphers in the ideal cipher model. |
BibTeX
@misc{eprint-2001-11486,
title={On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit - A New Construction},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols / authentication codes, block ciphers},
url={http://eprint.iacr.org/2001/074},
note={FSE 2002 eliane.jaulmes@wanadoo.fr 12019 received 31 Aug 2001, last revised 28 Nov 2002},
author={Éliane Jaulmes and Antoine Joux and Frederic Valette},
year=2001
}