Abstract
We study a class of MACs, which we call corruption detectable MAC, that is able to not only check the integrity of the whole message, but also detect a part of the message that is corrupted. It can be seen as an application of the classical Combinatorial Group Testing (CGT) to message authentication. However, previous work on this application has an inherent limitation in its communication cost. We present a novel approach to combine CGT and a class of linear MACs (XOR-MAC) that breaks this limit. Our proposal, \(\textsf {XOR}\text {-}\textsf {GTM} \), has a significantly smaller communication cost than any of the previous corruption detectable MACs, while keeping the same corruption detection capability. Our numerical examples for storage application show a reduction of communication by a factor of around 15 to 70 compared with previous schemes. \(\textsf {XOR}\text {-}\textsf {GTM} \) is parallelizable and is as efficient as standard MACs. We prove that \(\textsf {XOR}\text {-}\textsf {GTM} \) is provably secure under the standard cryptographic assumptions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The minimum condition is weaker (d-separable or \(\overline{d}\)-separable), however this does not guarantee an efficient detection.
- 2.
It is customary to use [n] but we want to avoid confusion, say with M[i].
References
Atallah, M.J., Frikken, K.B., Blanton, M., Cho, Y.: Private combinatorial group testing. In: AsiaCCS, pp. 312–320. ACM (2008)
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394–403. IEEE Computer Society (1997)
Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography and application to virus protection. In: STOC, pp. 45–56. ACM (1995)
Bellare, M., Guérin, R., Rogaway, P.: XOR MACs: new methods for message authentication using finite pseudorandom functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_2
Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)
Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: the three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_12
Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_25
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_30
De Bonis, A., Di Crescenzo, G.: Combinatorial group testing for corruption localizing hashing. In: Fu, B., Du, D.-Z. (eds.) COCOON 2011. LNCS, vol. 6842, pp. 579–591. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22685-4_50
Cheraghchi, M.: Noise-resilient group testing: limitations and constructions. Discrete Appl. Math. 161(1–2), 81–95 (2013)
Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_25
Di Crescenzo, G., Arce, G.: Data forensics constructions from cryptographic hashing and coding. In: Shi, Y.Q., Kim, H.-J., Perez-Gonzalez, F. (eds.) IWDW 2011. LNCS, vol. 7128, pp. 494–509. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32205-1_39
Crescenzo, G.D., Ge, R., Arce, G.R.: Design and analysis of DBMAC, an error localizing message authentication code. In: GLOBECOM, pp. 2224–2228. IEEE (2004)
Di Crescenzo, G., Jiang, S., Safavi-Naini, R.: Corruption-localizing hashing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 489–504. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_30
Crescenzo, G.D., Vakil, F.: Cryptographic hashing for virus localization. In: WORM, pp. 41–48. ACM Press (2006)
Dorfman, R.: The detection of defective members of large populations. Ann. Math. Stat. 14(4), 436–440 (1943)
Du, D., Hwang, F.: Combinatorial Group Testing and Its Applications. Applied Mathematics. World Scientific, Singapore (2000)
Dýachkov, A.G., Rykov, V.V.: A survey of superimposed code theory. Probl. Control. Inf. Theory 12(4), 229–242 (1983)
Emad, A., Milenkovic, O.: Poisson group testing: a probabilistic model for boolean compressed sensing. IEEE Trans. Signal Process. 63(16), 4396–4410 (2015)
Eppstein, D., Goodrich, M.T., Hirschberg, D.S.: Improved combinatorial group testing algorithms for real-world problem sizes. SIAM J. Comput. 36(5), 1360–1375 (2007)
Erdös, P., Frankl, P., Füredi, Z.: Families of finite sets in which no set is covered by the union of R others. Israel J. Math. 51(1), 79–89 (1985)
Goodrich, M.T., Atallah, M.J., Tamassia, R.: Indexing information for data forensics. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 206–221. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_15
Hirose, S., Shikata, J.: Non-adaptive group-testing aggregate MAC scheme. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 357–372. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_22
Inan, H.A., Kairouz, P., Özgür, A.: Sparse group testing codes for low-energy massive random access. In: Allerton, pp. 658–665. IEEE (2017)
Iwata, T., Kurosawa, K.: OMAC: one-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39887-5_11
Assmus, E.F., Key, J.D.: Designs and Their Codes. Cambridge Tracts in Mathematics, vol. 103. Cambridge University Press, Cambridge (1992)
Kamiya, N.: High-rate quasi-cyclic low-density parity-check codes derived from finite affine planes. IEEE Trans. Inf. Theory 53(4), 1444–1459 (2007)
Katz, J., Lindell, A.Y.: Aggregate message authentication codes. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 155–169. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79263-5_10
Kautz, W.H., Singleton, R.C.: Nonrandom binary superimposed codes. IEEE Trans. Inf. Theory 10(4), 363–377 (1964)
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_3
Macula, A.J.: A simple construction of d-disjunct matrices with certain constant weights. Discrete Math. 162(1–3), 311–312 (1996)
Macula, A.J., Popyack, L.J.: A group testing method for finding patterns in data. Discrete Appl. Math. 144(1–2), 149–157 (2004)
Minematsu, K.: Efficient message authentication codes with combinatorial group testing. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 185–202. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_10
Ngo, H.Q., Du, D.Z.: A survey on combinatorial group testing algorithms with applications to DNA library screening. DIMACS Ser. Discret. Math. Theor. Comput. Sci. 55, 171–182 (2000)
Ngo, H.Q., Porat, E., Rudra, A.: Efficiently decodable error-correcting list disjunct matrices and applications. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 557–568. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22006-7_47
Oprea, A., Reiter, M.K.: Space-efficient block storage integrity. In: NDSS. The Internet Society (2005)
Oprea, A., Reiter, M.K.: Integrity checking in cryptographic file systems with constant trusted storage. In: USENIX Security Symposium. USENIX Association (2007)
Porat, E., Rothschild, A.: Explicit nonadaptive combinatorial group testing schemes. IEEE Trans. Inf. Theory 57(12), 7982–7989 (2011)
Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30539-2_2
Rudra, A.: CSE 709: compressed sensing and group testing, Part I (fall 2011 seminar) (2011)
Shangguan, C., Ge, G.: New bounds on the number of tests for disjunct matrices. IEEE Trans. Inf. Theory 62(12), 7518–7521 (2016)
Smith, K.J.C.: Majority Decodable Codes Derived from Finite Geometries. Institute of Statistics Mimeo Series 561 (1967)
Thierry-Mieg, N.: A new pooling strategy for high-throughput screening: the shifted transversal design. BMC Bioinform. 7, 28 (2006)
Ubaru, S., Mazumdar, A.: Multilabel classification with group testing and codes. In: ICML. Proceedings of Machine Learning Research, vol. 70, pp. 3492–3501. PMLR (2017)
Zaverucha, G.M., Stinson, D.R.: Group testing and batch verification. In: Kurosawa, K. (ed.) ICITS 2009. LNCS, vol. 5973, pp. 140–157. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14496-7_12
Acknowledgements
The authors would like to thank Hiroyasu Kubo, Nao Shibata, and Maki Shigeri for implementation, and anonymous reviewers of ESORICS 2019 and Eurocrypt 2019 for their insightful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Discussions on Decoder Unforgeability
A Discussions on Decoder Unforgeability
As well as previous work [22, 33], we assume that only the message is corrupted for defining DUF, which is more restrictive than the standard attack model for MACs. This is because when a tag is corrupted the verifier cannot decide whether both the data and tag are corrupted, or only the tag is corrupted. This is not a specific limitation of our scheme: it holds for the trivial scheme and Min15 as well. The avoidance of tag-only corruption is practical for some use cases. In a storage integrity protection system, MACs are applied to a large storage and the tags are usually stored in a small, trusted place (e.g. a secure hardware or an isolated server).
Meanwhile, it is also possible to extend our notions to capture the tag corruption (which corresponds to false positives in the test outcomes) or approximate detection. This will require us to extend the notion of disjunctness as studied in the context of CGT [10, 34, 35, 43]. See also Sect. 3.5 of Min15.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Minematsu, K., Kamiya, N. (2019). Symmetric-Key Corruption Detection: When XOR-MACs Meet Combinatorial Group Testing. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11735. Springer, Cham. https://doi.org/10.1007/978-3-030-29959-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-29959-0_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29958-3
Online ISBN: 978-3-030-29959-0
eBook Packages: Computer ScienceComputer Science (R0)