Analysis of RMAC

Lars Ramkilde Knudsen; T. Kohno

doi:10.1007/b93938

Analysis of RMAC

Lars Ramkilde Knudsen
, T. Kohno

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

In this paper the newly proposed RMAC system is analysed. The scheme allows a (traditional MAC) attack some control over one of two keys of the underlying block cipher and makes it possible to mount several related-key attacks on RMAC. First, an efficient attack on RMAC when used with triple-DES is presented, which rely also on other findings in the proposed draft standard. Second, a generic attack on RMAC is presented which can be used to find one of the two keys in the system faster than by an exhaustive search. Third, related-key attacks on RMAC in a multi-user setting are presented. In addition to beating the claimed security bounds in NISTrsquos RMAC proposal, this work suggests that, as a general principle, one may wish to avoid designing modes of operation that use related keys.

Original language	English
Title of host publication	Fast Software Encryption
Place of Publication	Berlin Heidelberg
Publisher	Springer
Publication date	2003
Edition	2887
Pages	182-191
ISBN (Print)	978-3-540-20449-7
DOIs	https://doi.org/10.1007/b93938
Publication status	Published - 2003
Event	10th International Workshop on Fast Software Encryption - Lund, Sweden Duration: 24 Feb 2003 → 26 Feb 2003 Conference number: 10 http://www.informatik.uni-trier.de/~ley/db/conf/fse/fse2003.html

Conference

Conference	10th International Workshop on Fast Software Encryption
Number	10
Country/Territory	Sweden
City	Lund
Period	24/02/2003 → 26/02/2003
Internet address	http://www.informatik.uni-trier.de/~ley/db/conf/fse/fse2003.html

Series	Lecture Notes in Computer Science
ISSN	0302-9743

Access to Document

10.1007/b93938

OpenUrl availability

Check availability in DTU Findit

Cite this

@inproceedings{e6caaa41bcae4ff99e66805daf384476,

title = "Analysis of RMAC",

abstract = "In this paper the newly proposed RMAC system is analysed. The scheme allows a (traditional MAC) attack some control over one of two keys of the underlying block cipher and makes it possible to mount several related-key attacks on RMAC. First, an efficient attack on RMAC when used with triple-DES is presented, which rely also on other findings in the proposed draft standard. Second, a generic attack on RMAC is presented which can be used to find one of the two keys in the system faster than by an exhaustive search. Third, related-key attacks on RMAC in a multi-user setting are presented. In addition to beating the claimed security bounds in NISTrsquos RMAC proposal, this work suggests that, as a general principle, one may wish to avoid designing modes of operation that use related keys.",

author = "Knudsen, \{Lars Ramkilde\} and T. Kohno",

year = "2003",

doi = "10.1007/b93938",

language = "English",

isbn = "978-3-540-20449-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "182--191",

booktitle = "Fast Software Encryption",

edition = "2887",

note = "10th International Workshop on Fast Software Encryption, FSE2003 ; Conference date: 24-02-2003 Through 26-02-2003",

url = "http://www.informatik.uni-trier.de/\textasciitilde{}ley/db/conf/fse/fse2003.html",

}

TY - GEN

T1 - Analysis of RMAC

AU - Knudsen, Lars Ramkilde

AU - Kohno, T.

N1 - Conference code: 10

PY - 2003

Y1 - 2003

N2 - In this paper the newly proposed RMAC system is analysed. The scheme allows a (traditional MAC) attack some control over one of two keys of the underlying block cipher and makes it possible to mount several related-key attacks on RMAC. First, an efficient attack on RMAC when used with triple-DES is presented, which rely also on other findings in the proposed draft standard. Second, a generic attack on RMAC is presented which can be used to find one of the two keys in the system faster than by an exhaustive search. Third, related-key attacks on RMAC in a multi-user setting are presented. In addition to beating the claimed security bounds in NISTrsquos RMAC proposal, this work suggests that, as a general principle, one may wish to avoid designing modes of operation that use related keys.

AB - In this paper the newly proposed RMAC system is analysed. The scheme allows a (traditional MAC) attack some control over one of two keys of the underlying block cipher and makes it possible to mount several related-key attacks on RMAC. First, an efficient attack on RMAC when used with triple-DES is presented, which rely also on other findings in the proposed draft standard. Second, a generic attack on RMAC is presented which can be used to find one of the two keys in the system faster than by an exhaustive search. Third, related-key attacks on RMAC in a multi-user setting are presented. In addition to beating the claimed security bounds in NISTrsquos RMAC proposal, this work suggests that, as a general principle, one may wish to avoid designing modes of operation that use related keys.

U2 - 10.1007/b93938

DO - 10.1007/b93938

M3 - Article in proceedings

SN - 978-3-540-20449-7

T3 - Lecture Notes in Computer Science

SP - 182

EP - 191

BT - Fast Software Encryption

PB - Springer

CY - Berlin Heidelberg

T2 - 10th International Workshop on Fast Software Encryption

Y2 - 24 February 2003 through 26 February 2003

ER -

Analysis of RMAC

Abstract

Conference

Access to Document

OpenUrl availability

Fingerprint

Cite this