Risks with raw-key masking – The security evaluation of 2-key XCBC

Soichi Furuya, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

There are extensive researches on how CBC-MAC can be modified in order to efficiently deal with messages of arbitrary lengths. Based on the three-key construction of XCBC by Black and Rogaway, Moriai and Imai improved the scheme and proposed an optimally efficient CBC-MAC variants with two key materials, that is called 2-key XCBC. They give a proof of the security in the same manner as 3-key XCBC. In this paper, we study 2-key XCBC, and discuss the security of 2-key XCBC used with real replacement to an ideal PRP. We show (1) a forgery based on the raw-key masking technique used in 2-key XCBC for a particular instance where Even-Mansour PRP construction is used, and (2) an attack that violates the provable security of DESX construction. Therefore, the raw-key masking technique, which is the core improvement of 2-key CBC, must be avoided unless an overall implementation is considered in detail. Moreover, we discuss 2-key XCBC with two promising real block ciphers AES and Camellia and note important security consideration concerning their uses with 2-key XCBC.

Original languageEnglish
Title of host publicationInformation and Communications Security - 4th International Conference, ICICS 2002, Proceedings
EditorsSihan Qing, Robert Deng, Feng Bao, Jianying Zhou
PublisherSpringer Verlag
Pages327-341
Number of pages15
ISBN (Print)3540001646
Publication statusPublished - Jan 1 2002
Event4th International Conference on Information and Communications Security, ICICS 2002 - Singapore, Singapore
Duration: Dec 9 2002Dec 12 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2513
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other4th International Conference on Information and Communications Security, ICICS 2002
CountrySingapore
CitySingapore
Period12/9/0212/12/02

Fingerprint

Masking
Evaluation
Provable Security
Block Ciphers
Violate
Replacement
Attack

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Furuya, S., & Sakurai, K. (2002). Risks with raw-key masking – The security evaluation of 2-key XCBC. In S. Qing, R. Deng, F. Bao, & J. Zhou (Eds.), Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings (pp. 327-341). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513). Springer Verlag.

Risks with raw-key masking – The security evaluation of 2-key XCBC. / Furuya, Soichi; Sakurai, Kouichi.

Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. ed. / Sihan Qing; Robert Deng; Feng Bao; Jianying Zhou. Springer Verlag, 2002. p. 327-341 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Furuya, S & Sakurai, K 2002, Risks with raw-key masking – The security evaluation of 2-key XCBC. in S Qing, R Deng, F Bao & J Zhou (eds), Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2513, Springer Verlag, pp. 327-341, 4th International Conference on Information and Communications Security, ICICS 2002, Singapore, Singapore, 12/9/02.
Furuya S, Sakurai K. Risks with raw-key masking – The security evaluation of 2-key XCBC. In Qing S, Deng R, Bao F, Zhou J, editors, Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. Springer Verlag. 2002. p. 327-341. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Furuya, Soichi ; Sakurai, Kouichi. / Risks with raw-key masking – The security evaluation of 2-key XCBC. Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. editor / Sihan Qing ; Robert Deng ; Feng Bao ; Jianying Zhou. Springer Verlag, 2002. pp. 327-341 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{987d8a290f5b44bb9313c7e26f4aa6cf,
title = "Risks with raw-key masking – The security evaluation of 2-key XCBC",
abstract = "There are extensive researches on how CBC-MAC can be modified in order to efficiently deal with messages of arbitrary lengths. Based on the three-key construction of XCBC by Black and Rogaway, Moriai and Imai improved the scheme and proposed an optimally efficient CBC-MAC variants with two key materials, that is called 2-key XCBC. They give a proof of the security in the same manner as 3-key XCBC. In this paper, we study 2-key XCBC, and discuss the security of 2-key XCBC used with real replacement to an ideal PRP. We show (1) a forgery based on the raw-key masking technique used in 2-key XCBC for a particular instance where Even-Mansour PRP construction is used, and (2) an attack that violates the provable security of DESX construction. Therefore, the raw-key masking technique, which is the core improvement of 2-key CBC, must be avoided unless an overall implementation is considered in detail. Moreover, we discuss 2-key XCBC with two promising real block ciphers AES and Camellia and note important security consideration concerning their uses with 2-key XCBC.",
author = "Soichi Furuya and Kouichi Sakurai",
year = "2002",
month = "1",
day = "1",
language = "English",
isbn = "3540001646",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "327--341",
editor = "Sihan Qing and Robert Deng and Feng Bao and Jianying Zhou",
booktitle = "Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings",
address = "Germany",

}

TY - GEN

T1 - Risks with raw-key masking – The security evaluation of 2-key XCBC

AU - Furuya, Soichi

AU - Sakurai, Kouichi

PY - 2002/1/1

Y1 - 2002/1/1

N2 - There are extensive researches on how CBC-MAC can be modified in order to efficiently deal with messages of arbitrary lengths. Based on the three-key construction of XCBC by Black and Rogaway, Moriai and Imai improved the scheme and proposed an optimally efficient CBC-MAC variants with two key materials, that is called 2-key XCBC. They give a proof of the security in the same manner as 3-key XCBC. In this paper, we study 2-key XCBC, and discuss the security of 2-key XCBC used with real replacement to an ideal PRP. We show (1) a forgery based on the raw-key masking technique used in 2-key XCBC for a particular instance where Even-Mansour PRP construction is used, and (2) an attack that violates the provable security of DESX construction. Therefore, the raw-key masking technique, which is the core improvement of 2-key CBC, must be avoided unless an overall implementation is considered in detail. Moreover, we discuss 2-key XCBC with two promising real block ciphers AES and Camellia and note important security consideration concerning their uses with 2-key XCBC.

AB - There are extensive researches on how CBC-MAC can be modified in order to efficiently deal with messages of arbitrary lengths. Based on the three-key construction of XCBC by Black and Rogaway, Moriai and Imai improved the scheme and proposed an optimally efficient CBC-MAC variants with two key materials, that is called 2-key XCBC. They give a proof of the security in the same manner as 3-key XCBC. In this paper, we study 2-key XCBC, and discuss the security of 2-key XCBC used with real replacement to an ideal PRP. We show (1) a forgery based on the raw-key masking technique used in 2-key XCBC for a particular instance where Even-Mansour PRP construction is used, and (2) an attack that violates the provable security of DESX construction. Therefore, the raw-key masking technique, which is the core improvement of 2-key CBC, must be avoided unless an overall implementation is considered in detail. Moreover, we discuss 2-key XCBC with two promising real block ciphers AES and Camellia and note important security consideration concerning their uses with 2-key XCBC.

UR - http://www.scopus.com/inward/record.url?scp=33646824984&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646824984&partnerID=8YFLogxK

M3 - Conference contribution

SN - 3540001646

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 327

EP - 341

BT - Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings

A2 - Qing, Sihan

A2 - Deng, Robert

A2 - Bao, Feng

A2 - Zhou, Jianying

PB - Springer Verlag

ER -