Open AccessOn Beyond-Birthday-Bound Security: Revisiting the Development of ISO/IEC 9797-1 MACs
Author(s) -
Yaobin Shen,
Lei Wang
Publication year - 2019
Publication title -
iacr transaction on symmetric cryptology
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.715
H-Index - 10
ISSN - 2519-173X
DOI - 10.46586/tosc.v2019.i2.146-168
Subject(s) - concatenation (mathematics) , padding , computer science , upper and lower bounds , cbc mac , block cipher , cipher , code (set theory) , message authentication code , authentication (law) , computer security , arithmetic , cryptography , mathematics , encryption , programming language , set (abstract data type) , mathematical analysis
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC). The current version ISO/IEC 9797-1:2011 specifies six single-pass CBC-like MAC structures that are capped at the birthday bound security. For a higher security that is beyond-birthday bound, it recommends to use the concatenation combiner of two single-pass MACs. In this paper, we reveal the invalidity of the suggestion, by presenting a birthday bound forgery attack on the concatenation combiner, which is essentially based on Joux’s multi-collision. Notably, our new forgery attack for the concatenation of two MAC Algorithm 1 with padding scheme 2 only requires 3 queries. Moreover, we look for patches by revisiting the development of ISO/IEC 9797-1 with respect to the beyond-birthday bound security. More specifically, we evaluate the XOR combiner of single-pass CBC-like MACs, which was used in previous version of ISO/IEC 9797-1.