Cryptography Reference
In-Depth Information
Diagram 7.4 MAC with Confidentiality
k
−−−−→
E
k
(
m
,
h
a
(
m
))
−−−−−−−−−−−→
D
k
E
←−−−−
m
m
h
a
(
m
)
h
a
(
m
)
↑
Bob
Compares
↓
h
a
(
m
)
h
a
(
m
)
m
Alice
h
m
Bob
h
a
(
m
)
a
−−−−→
Eve can also intercept the message and send it later in order to deceive (an
instance of a replay attack; see Footnote 5.1, page 197). However, this attack can
be thwarted by numbering the messages
m
1
,
m
2
,
m
3
,...
, so that Bob accepts
message
m
j
if and only if
j>k
, where
m
k
is the last message he accepted.
On page 136, we talked about the use of CBC and CFB modes of operation
for using block ciphers as MACs. One of the most popular of these MACs is
the CBC-MAC used with DES.
CBC-MAC
Background Assumptions
: Let
m
be the
n
-bit input block, and let
E
denote the DES cipher, with secret enciphering key
k
.
Algorithm Steps
1.
Blocking and Padding
: Separate
m
into 64-bit blocks
m
1
,
m
2
,
m
3
,
...
,
m
n
where, if necessary,
m
n
is padded to the right with zeros to form the
last 64-bit block.
2.
CBC Processing
: Block
B
j
for
j
=1
,
2
,...,n
is computed as follows,
where
⊕
denotes addition modulo 2:
B
j
=
E
k
(
m
j
⊕
B
j
−
1
)
,
where
B
0
denotes the 64-bit block of zeros.
3.
Final Triple Enciphering
: Using a secret key
k
=
k
, compute
E
k
(
E
−
1
k
(
B
n
)) =
B
n
.
4.
The Completed MAC
:
B
n
is the CBC-MAC.
Analysis
: The triple encryption in step 3 of the CBC-MAC ensures
that brute-force attacks are made much more di:cult, and it helps to thwart
Search WWH ::
Custom Search