International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs

Authors:
Yaobin Shen , Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai
Lei Wang , Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China; University College Oxford Blockchain Research Centre; Oxford-Hainan Blockchain Research Institute
Download:
DOI: 10.13154/tosc.v2019.i2.146-168
URL: https://tosc.iacr.org/index.php/ToSC/article/view/8317
Search ePrint
Search Google
Abstract: ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC 9797-1 with respect to the beyond-birthday bound security. More specifically, we evaluate the XOR combiner of single-pass CBC-like MACs, which was used in previous version of ISO/IEC 9797-1.
BibTeX
@article{tosc-2019-29508,
  title={On Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2019, Issue 2},
  pages={146-168},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/8317},
  doi={10.13154/tosc.v2019.i2.146-168},
  author={Yaobin Shen and Lei Wang},
  year=2019
}