Abstract
We prove a new upper bound on the advantage of any adversary for distinguishing the encrypted CBC-MAC (EMAC) based on random permutations from a random function. Our proof uses techniques recently introduced in [BPR05], which again were inspired by [DGH + 04].
The bound we prove is tight — in the sense that it matches the advantage of known attacks up to a constant factor — for a wide range of the parameters: let n denote the block-size, q the number of queries the adversary is allowed to make and ℓ an upper bound on the length (i.e. number of blocks) of the messages, then for ℓ ≤ 2n/8 and q≥ł2 the advantage is in the order of q 2/2n (and in particular independent of ℓ). This improves on the previous bound of q 2ℓΘ(1/lnln ℓ)/2n from [BPR05] and matches the trivial attack (which thus is basically optimal) where one simply asks random queries until a collision is found.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3), 362–399 (2000) Earlier version in Crypto 1994.
Bosselaers, A., Preneel, B.: RIPE 1992. LNCS, vol. 1007. Springer, Heidelberg (1995)
Mihir Bellare, Krzysztof Pietrzak, and Phillip Rogaway. Improved security analyses for CBC MACs. In Proc. Crypto ’05. Full Version on www.crypto.ethz.ch/~pietrzak/publications.html .
Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: The three-key constructions. In: Proc. Crypto 2000,
Carter, L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer and System Sciences (JCSS) 18, 143–154 (1979)
Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Proc. Crypto (2004)
Dodis, Y.: Personal Communication (2005)
Hardy, G., Wright, E.: An Introduction to the Theory of Numbers. Oxford University Press, Oxford (1980)
Maurer, U.: Indistinguishability of random systems. In: Proc. Eurocrypt (2002)
NESSIE. European project ist-1999-12324 on new european schemes for signature, integrity and encryption. http://www.cryptonessie.org
Petrank, E., Rackoff, C.: Cbc mac for real-time data sources. Journal of Computer and System Sciences, 315–338 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pietrzak, K. (2006). A Tight Bound for EMAC. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_15
Download citation
DOI: https://doi.org/10.1007/11787006_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35907-4
Online ISBN: 978-3-540-35908-1
eBook Packages: Computer ScienceComputer Science (R0)