学术探索
学术期刊
新闻热点
数据分析
智能评审

Partial key recovery attack against RMAC

被引:4
作者
Knudsen, LR [1 ]
Mitchell, CJ
机构
[1] Tech Univ Denmark, Dept Math, DK-2800 Lyngby, Denmark
[2] Univ London Royal Holloway & Bedford New Coll, Egham TW20 0EX, Surrey, England
来源
JOURNAL OF CRYPTOLOGY | 2005年 / 18卷 / 04期
关键词
Message Authentication Codes; RMAC; AES; triple DES;
D O I
10.1007/s00145-004-0324-7
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In this paper new "partial" key recovery attacks against the RMAC block cipher based Message Authentication Code scheme are described. That is we describe attacks that, in some cases, recover one of the two RMAC keys much more efficiently than previously described attacks. Although all attacks, but one, are of no major threat in practice, in some cases there is reason for concern. In particular, the recovery of the second RMAC key (of k bits) may only require around 2(k/)2 block cipher operations (encryptions or decryptions). The RMAC implementation using triple DES proposed by NIST is shown to be very weak.
引用
收藏
页码:375 / 389
页数:15
相关论文
共 22 条
[1]  
[Anonymous], 2012, NIST SPEC PUBL
[2]  
[Anonymous], LNCS
[3]  
[Anonymous], 2001, FIPS PUB
[4]  
*ANSI, 1986, X919 ANSI
[5]  
BOSSELAERS A, 1995, LNCS, V1007
[6]   Attacks on MacDES MAC algorithm [J].
Coppersmith, D ;
Mitchell, CJ .
ELECTRONICS LETTERS, 1999, 35 (19) :1626-1627
[7]  
Coppersmith D, 2000, LECT NOTES COMPUT SC, V1880, P184
[8]  
*INT ORG STAND, 1999, 97971 ISOIEC
[9]  
JAULMES E, 2002, LNCS, V2365, P237
[10]  
Joux A, 2003, LECT NOTES COMPUT SC, V2887, P170
123