On the unprovable security of 2-Key XCBC

Peng Wang; Dengguo Feng; Wenling Wu; Liting Zhang

doi:10.1007/978-3-540-70500-0_17

On the unprovable security of 2-Key XCBC

Peng Wang, Dengguo Feng, Wenling Wu, Liting Zhang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

There has been extensive research focusing on improving CBC-MAC to operate on variable length messages with less keys and less blockcipher invocations. After Black and Rogaway's XCBC, Moriai and Imai proposed 2-Key XCBC, which replaced the third key of XCBC with its first key. Moriai and Imai "proved" that 2-Key XCBC is secure if the underling blockcipher is a pseudorandom permutation (PRP). Our research shows that it is not the case. The security of 2-Key XCBC can not be proved under the solo assumption of PRP, even if it is a RPR-RK secure against some related-key attack. We construct a special PRP (PRP-RK) to show that the main lemma in [14] is not true and 2-Key XCBC using this PRP (PRP-RK) is totally insecure.

Original language	English
Title of host publication	Information Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings
Publisher	Springer Verlag
Pages	230-238
Number of pages	9
ISBN (Print)	3540699716, 9783540699712
DOIs	https://doi.org/10.1007/978-3-540-70500-0_17
State	Published - 2008
Externally published	Yes
Event	13th Australasian Conference on Information Security and Privacy, ACISP 2008 - Wollongong, NSW, Australia Duration: 7 Jul 2008 → 9 Jul 2008

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5107 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	13th Australasian Conference on Information Security and Privacy, ACISP 2008
Country/Territory	Australia
City	Wollongong, NSW
Period	7/07/08 → 9/07/08

Keywords

Blockcipher
Blockcipher mode of operation
Message authentication code
Provable security
Related-key attack

Access to Document

10.1007/978-3-540-70500-0_17

Cite this

Wang, P., Feng, D., Wu, W., & Zhang, L. (2008). On the unprovable security of 2-Key XCBC. In Information Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings (pp. 230-238). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5107 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-70500-0_17

@inproceedings{a4561445cef543baaf45861124dd1d14,

title = "On the unprovable security of 2-Key XCBC",

abstract = "There has been extensive research focusing on improving CBC-MAC to operate on variable length messages with less keys and less blockcipher invocations. After Black and Rogaway's XCBC, Moriai and Imai proposed 2-Key XCBC, which replaced the third key of XCBC with its first key. Moriai and Imai {"}proved{"} that 2-Key XCBC is secure if the underling blockcipher is a pseudorandom permutation (PRP). Our research shows that it is not the case. The security of 2-Key XCBC can not be proved under the solo assumption of PRP, even if it is a RPR-RK secure against some related-key attack. We construct a special PRP (PRP-RK) to show that the main lemma in [14] is not true and 2-Key XCBC using this PRP (PRP-RK) is totally insecure.",

keywords = "Blockcipher, Blockcipher mode of operation, Message authentication code, Provable security, Related-key attack",

author = "Peng Wang and Dengguo Feng and Wenling Wu and Liting Zhang",

year = "2008",

doi = "10.1007/978-3-540-70500-0_17",

language = "English",

isbn = "3540699716",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "230--238",

booktitle = "Information Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings",

address = "Germany",

note = "13th Australasian Conference on Information Security and Privacy, ACISP 2008 ; Conference date: 07-07-2008 Through 09-07-2008",

}

Wang, P, Feng, D, Wu, W & Zhang, L 2008, On the unprovable security of 2-Key XCBC. in Information Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5107 LNCS, Springer Verlag, pp. 230-238, 13th Australasian Conference on Information Security and Privacy, ACISP 2008, Wollongong, NSW, Australia, 7/07/08. https://doi.org/10.1007/978-3-540-70500-0_17

On the unprovable security of 2-Key XCBC. / Wang, Peng; Feng, Dengguo; Wu, Wenling et al.
Information Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings. Springer Verlag, 2008. p. 230-238 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5107 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the unprovable security of 2-Key XCBC

AU - Wang, Peng

AU - Feng, Dengguo

AU - Wu, Wenling

AU - Zhang, Liting

PY - 2008

Y1 - 2008

N2 - There has been extensive research focusing on improving CBC-MAC to operate on variable length messages with less keys and less blockcipher invocations. After Black and Rogaway's XCBC, Moriai and Imai proposed 2-Key XCBC, which replaced the third key of XCBC with its first key. Moriai and Imai "proved" that 2-Key XCBC is secure if the underling blockcipher is a pseudorandom permutation (PRP). Our research shows that it is not the case. The security of 2-Key XCBC can not be proved under the solo assumption of PRP, even if it is a RPR-RK secure against some related-key attack. We construct a special PRP (PRP-RK) to show that the main lemma in [14] is not true and 2-Key XCBC using this PRP (PRP-RK) is totally insecure.

AB - There has been extensive research focusing on improving CBC-MAC to operate on variable length messages with less keys and less blockcipher invocations. After Black and Rogaway's XCBC, Moriai and Imai proposed 2-Key XCBC, which replaced the third key of XCBC with its first key. Moriai and Imai "proved" that 2-Key XCBC is secure if the underling blockcipher is a pseudorandom permutation (PRP). Our research shows that it is not the case. The security of 2-Key XCBC can not be proved under the solo assumption of PRP, even if it is a RPR-RK secure against some related-key attack. We construct a special PRP (PRP-RK) to show that the main lemma in [14] is not true and 2-Key XCBC using this PRP (PRP-RK) is totally insecure.

KW - Blockcipher

KW - Blockcipher mode of operation

KW - Message authentication code

KW - Provable security

KW - Related-key attack

UR - http://www.scopus.com/inward/record.url?scp=70349863222&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-70500-0_17

DO - 10.1007/978-3-540-70500-0_17

M3 - Conference contribution

AN - SCOPUS:70349863222

SN - 3540699716

SN - 9783540699712

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 230

EP - 238

BT - Information Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings

PB - Springer Verlag

T2 - 13th Australasian Conference on Information Security and Privacy, ACISP 2008

Y2 - 7 July 2008 through 9 July 2008

ER -

Wang P, Feng D, Wu W, Zhang L. On the unprovable security of 2-Key XCBC. In Information Security and Privacy - 13th Australasian Conference, ACISP 2008, Proceedings. Springer Verlag. 2008. p. 230-238. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-70500-0_17

On the unprovable security of 2-Key XCBC

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this