Security of message authentication codes in the presence of key-dependent messages | Designs, Codes and Cryptography Skip to main content
Log in

Security of message authentication codes in the presence of key-dependent messages

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

In recent years, the security of encryption and signature schemes in the presence of key-dependent plaintexts received attention, and progress in understanding such scenarios has been made. In this article we motivate and discuss a setting where an adversary can access tags of a message authentication code (MAC) on key-dependent message inputs, and we propose a way to formalize the security of MACs in the presence of key-dependent messages (KD−EUF). Like signature schemes, MACs have a verification algorithm, and hence the tagging algorithm must be stateful. We present a scheme MAC-ver which offers KD−EUF security and also yields a forward-secure scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Backes M., Pfitzmann B., Scedrov A.: Key-dependent message security under active attacks–BRSIM/UC-soundness of symbolic encryption with key cycles. In: CSF 2007: Proceedings of the 20th IEEE Computer Security Foundations Symposium, pp. 112–124. IEEE Computer Society, Washington (2007).

  2. Bellare M., Namprempre C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (eds) Advances in Cryptology—ASIACRYPT 2000, Lecture Notes in Computer Science, vol. 1976, pp. 531–545. Springer, Berlin (2000)

    Google Scholar 

  3. Bellare M., Yee B.: Forward-security in private-key cryptography. In: Joye, M. (eds) Topics in Cryptology—CT-RSA 2003, Lecture Notes in Computer Science, vol. 2612, pp. 1–18. Springer, Berlin (2003)

    Google Scholar 

  4. Bellare M., Kilian J., Rogaway P.: The security of cipher block chaining. In: Franklin M. (ed.) Advances in Cryptology—CRYPTO 1994: Proceedings of the 14th Annual International Cryptology Conference, vol. 839, pp. 341–358. Springer, Berlin (1994).

  5. Black J., Rogaway P., Shrimpton T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg K., Heys H.M. (eds.) Selected Areas in Cryptography—SAC 2003: 10th Annual International Workshop, Lecture Notes in Computer Science, vol. 2595, pp. 62–75. Springer-Verlag, Berlin (2003).

  6. Dziembowski S., Pietrzak K.: Leakage-resilient cryptography. In: FOCS 2008: Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science, pp. 293–302. IEEE Computer Society, Washington (2008).

  7. Faust S., Kiltz E., Pietrzak K., Rothblum G.: Leakage-resilient signatures. In: Micciancio D. (ed.) 7th Theory of Cryptography Conference, TCC 2010, Lecture Notes in Computer Science, vol. 5978, pp. 343–360. Springer, Berlin (2010).

  8. González Muñiz M., Steinwandt R.: Security of signature schemes in the presence of key-dependent messages. Tatra Mt. Math. Publ. 47, 15–29 (2010)

    MathSciNet  MATH  Google Scholar 

  9. Haitner I., Holenstein T.: On the (im)possibility of key dependent encryption. In: Reingold O. (ed.) Theory of Cryptography—TCC 2009: Sixth Theory of Cryptography Conference, Lecture Notes in Computer Science, vol. 5444, pp. 202–219. Springer, Berlin (2009).

  10. Halevi S., Krawczyk H.: Security under key-dependent inputs. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 466–475. ACM, New York (2007).

  11. Hofheinz D., Unruh D.: Towards key-dependent message security in the standard model. In: Smart N. (ed.) Advances in Cryptology—EUROCRYPT 2008: International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 4965, pp. 108–126. Springer, Berlin (2008).

  12. Jaulmes E., Joux A., Valette F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: a new construction. In: Daemen J., Rijmen V. (eds.) FSE 2002: Revised Papers from the 9th International Workshop on Fast Software Encryption, vol. 2365, pp. 237–251. Springer, Heidelberg (2002).

  13. Katz J., Vaikuntanathan V.: Signature schemes with bounded leakage resilience. In: Matsui M. (ed.) Advances in Cryptology—ASIACRYPT 2009, Lecture Notes in Computer Science, vol. 5912, pp. 703–720. Springer, Berlin (2009).

  14. Kim J., Biryukov A., Preneel B., Hong S.: On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract). In: Prisco R.D., Yung M. (eds.) Security and Cryptography for Networks, 5th International Conference, SCN 2006, Lecture Notes in Computer Science, vol. 4116, pp. 242–256. Springer, Berlin (2006).

  15. Menezes A., Vanstone S., Oorschot P.V.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2006)

    Google Scholar 

  16. Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: Naor M. (ed.) Theory of Cryptography—TCC 2004: First Theory of Cryptography Conference, Lecture Notes in Computer Science, vol. 2951, pp. 278–296. Springer, Berlin (2004).

  17. Preneel B., van Oorschot P.: On the security of iterated message authentication codes. IEEE Trans. Inform. Theory 45(1), 188–199 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  18. Standaert F.X., Pereira O., Yu Y., Quisquater J.J., Yung M., Oswald E.: Leakage resilient cryptography in practice. Cryptology ePrint Archive, Report 2009/341 (2009). http://www.eprint.iacr.org/. Accessed 10 July 2009.

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Rainer Steinwandt.

Additional information

This is one of several papers published together in Designs, Codes and Cryptography on the special topic: “Geometry, Combinatorial Designs & Cryptology”.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Muñiz, M.G., Steinwandt, R. Security of message authentication codes in the presence of key-dependent messages. Des. Codes Cryptogr. 64, 161–169 (2012). https://doi.org/10.1007/s10623-011-9523-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-011-9523-z

Keywords

Mathematics Subject Classification (2000)

Navigation