Add to ORKGISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC...
International audienceIn this work, we propose a construction of 2-round tweakable substitution perm...
Abstract. In this paper, we study the security of randomized CBC– MACs and propose a new constructio...
Abstract. The security of randomized message authentication code, MAC for short, is typically depend...
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC)...
In this work, we study the security of several recent MAC constructions with provable security beyon...
Abstract. MACs (Message Authentication Codes) are widely adopted in communication systems to ensure ...
An universal forgery attack means that for any given message $M$, an adversary without the key can f...
At CRYPTO\u2718, Datta et al. proposed nPolyMAC and proved the security up to 2^{2n/3} authenticatio...
We present blockcipher-based MACs (Message Authentication Codes) that have beyond the birthday bound...
Abstract. ANSI X9.24-1:2009 specifies the key check value, which is used to verify the integrity of ...
Ga{\v z}i et al. [CRYPTO 2014] analyzed the NI-MAC construction proposed by An and Bellare [CRYPTO 1...
International audienceAuthenticated encryption (AE) schemes are widely used to secure communications...
OMAC --- a single-keyed variant of CBC-MAC by Iwata and Kurosawa --- is a widely used and standardiz...
We systematically study the security of twelve Beyond-Birthday-Bound Message Authentication Codes (B...
OMAC -- a single-keyed variant of CBC-MAC by Iwata and Kurosawa -- is a widely used and standardize...
International audienceIn this work, we propose a construction of 2-round tweakable substitution perm...
Abstract. In this paper, we study the security of randomized CBC– MACs and propose a new constructio...
Abstract. The security of randomized message authentication code, MAC for short, is typically depend...
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC)...
In this work, we study the security of several recent MAC constructions with provable security beyon...
Abstract. MACs (Message Authentication Codes) are widely adopted in communication systems to ensure ...
An universal forgery attack means that for any given message $M$, an adversary without the key can f...
At CRYPTO\u2718, Datta et al. proposed nPolyMAC and proved the security up to 2^{2n/3} authenticatio...
We present blockcipher-based MACs (Message Authentication Codes) that have beyond the birthday bound...
Abstract. ANSI X9.24-1:2009 specifies the key check value, which is used to verify the integrity of ...
Ga{\v z}i et al. [CRYPTO 2014] analyzed the NI-MAC construction proposed by An and Bellare [CRYPTO 1...
International audienceAuthenticated encryption (AE) schemes are widely used to secure communications...
OMAC --- a single-keyed variant of CBC-MAC by Iwata and Kurosawa --- is a widely used and standardiz...
We systematically study the security of twelve Beyond-Birthday-Bound Message Authentication Codes (B...
OMAC -- a single-keyed variant of CBC-MAC by Iwata and Kurosawa -- is a widely used and standardize...
International audienceIn this work, we propose a construction of 2-round tweakable substitution perm...
Abstract. In this paper, we study the security of randomized CBC– MACs and propose a new constructio...
Abstract. The security of randomized message authentication code, MAC for short, is typically depend...