On the unprovable security of 2-Key XCBC

Peng Wang, Dengguo Feng, Wenling Wu, Liting Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations


There has been extensive research focusing on improving CBC-MAC to operate on variable length messages with less keys and less blockcipher invocations. After Black and Rogaway's XCBC, Moriai and Imai proposed 2-Key XCBC, which replaced the third key of XCBC with its first key. Moriai and Imai "proved" that 2-Key XCBC is secure if the underling blockcipher is a pseudorandom permutation (PRP). Our research shows that it is not the case. The security of 2-Key XCBC can not be proved under the solo assumption of PRP, even if it is a RPR-RK secure against some related-key attack. We construct a special PRP (PRP-RK) to show that the main lemma in [14] is not true and 2-Key XCBC using this PRP (PRP-RK) is totally insecure.

Original languageEnglish
Title of host publicationInformation Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings
PublisherSpringer Verlag
Number of pages9
ISBN (Print)3540699716, 9783540699712
StatePublished - 2008
Externally publishedYes
Event13th Australasian Conference on Information Security and Privacy, ACISP 2008 - Wollongong, NSW, Australia
Duration: 7 Jul 20089 Jul 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5107 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference13th Australasian Conference on Information Security and Privacy, ACISP 2008
CityWollongong, NSW


  • Blockcipher
  • Blockcipher mode of operation
  • Message authentication code
  • Provable security
  • Related-key attack


Dive into the research topics of 'On the unprovable security of 2-Key XCBC'. Together they form a unique fingerprint.

Cite this