Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology and Network Security

CANS 2013: Cryptology and Network Security pp 20–38Cite as

Revisiting MAC Forgeries, Weak Keys and Provable Security of Galois/Counter Mode of Operation

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8257))

Abstract

Galois/Counter Mode (GCM) is a block cipher mode of operation widely adopted in many practical applications and standards, such as IEEE 802.1AE and IPsec. We demonstrate that to construct successful forgeries of GCM-like polynomial-based MAC schemes, hash collisions are not necessarily required and any polynomials could be used in the attacks, which removes the restrictions of attacks previously proposed by Procter and Cid. Based on these new discoveries on forgery attacks, we show that all subsets with no less than two authentication keys are weak key classes, if the final block cipher masking is computed additively. In addition, by utilizing a special structure of GCM, we turn these forgery attacks into birthday attacks, which will significantly increase their success probabilities. Furthermore, we provide a method to fix GCM in order to avoid the security proof flaw discovered by Iwata, Ohashi and Minematsu. By applying the method, the security bounds of GCM can be improved by a factor of around 220. Lastly, we show that these forgery attacks will still succeed if GCM adopts MAC-then-Enc paradigm to protect its MAC scheme as one of the options mentioned in previous papers.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aoki, K., Yasuda, K.: The security and performance of “GCM” when short multiplications are used instead. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 225–245. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. CAESAR. Competition for Authenticated Encryption: Security, Applicability, and Robustness, http://competitions.cr.yp.to/caesar.html

  4. Dworkin, M.J.: SP 800-38D. Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. Technical report, Gaithersburg, MD, United States (2007)

    Google Scholar 

  5. Ferguson, N.: Authentication weaknesses in GCM. Comments Submitted to NIST Modes of Operation Process (2005)

    Google Scholar 

  6. Handschuh, H., Preneel, B.: Key-recovery attacks on universal hash function based MAC algorithms. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 144–161. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. IEEE 802.1AE. Media access control (MAC) security (2006), http://www.ieee802.org/1/pages/802.1ae.html

  8. Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31–49. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. Cryptology ePrint Archive, Report 2012/438 (2012), http://eprint.iacr.org/

  10. Joux, A.: Authentication failures in NIST version of GCM. NIST Comment (2006)

    Google Scholar 

  11. Katz, J., Lindell, Y.: Introduction to modern cryptography. Chapman & Hall (2008)

    Google Scholar 

  12. McGrew, D., Viega, J.: The Galois/Counter Mode of operation (GCM). Submission to NIST Modes of Operation Process (2004)

    Google Scholar 

  13. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. McGrew, D.A.: Counter mode security: Analysis and recommendations (2002), http://www.mindspring.com/~dmcgrew/ctr-security.pdf

  15. NSA. Suite B Cryptography (2005), http://www.nsa.gov/ia/programs/suiteb_cryptography/

  16. Procter, G., Cid, C.: On weak keys and forgery attacks against polynomial-based MAC schemes. In: Fast Software Encryption.LNCS. Springer (to appear, 2013)

    Google Scholar 

  17. Procter, G., Cid, C.: On weak keys and forgery attacks against polynomial-based MAC schemes. Cryptology ePrint Archive, Report 2013/144 (2013), http://eprint.iacr.org/

  18. Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 98–107. ACM, New York (2002)

    Google Scholar 

  19. Saarinen, M.-J.O.: Cycling attacks on GCM, GHASH and other polynomial MACs and hashes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 216–225. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 313–328. Springer, Heidelberg (1996)

    Google Scholar 

  21. Viega, J., McGrew, D.A.: The use of Galois/Counter Mode (GCM) in IPsec encapsulating security payload, ESP (2005), http://tools.ietf.org/html/rfc4106.html

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario, N2L 3G1, Canada

    Bo Zhu, Yin Tan & Guang Gong

Authors
  1. Bo Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yin Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guang Gong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. École Normale Supérieure and CNRS,, 45 rue d’Ulm, 75005, Paris, France

    Michel Abdalla

  2. Department of Computer Science, Purdue University, LWSN 2142J, 305 N. University Street,, 47907, West Lafayette, IN, USA

    Cristina Nita-Rotaru

  3. Institute of Computing, University of Campinas, Avenida Albert Einstein 1251, 13083-852, Campinas, SP, Brazil

    Ricardo Dahab

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Zhu, B., Tan, Y., Gong, G. (2013). Revisiting MAC Forgeries, Weak Keys and Provable Security of Galois/Counter Mode of Operation. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds) Cryptology and Network Security. CANS 2013. Lecture Notes in Computer Science, vol 8257. Springer, Cham. https://doi.org/10.1007/978-3-319-02937-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-02937-5_2

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-02936-8

  • Online ISBN: 978-3-319-02937-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation