MAC Attacks: the security of message authentication codes

by Bart Preneel, Katholieke Universiteit Leuven, Belgium and University of Bergen, Norway

Historically, cryptography concentrated on protecting the secrecy of information. However, for present-day applications such as electronic payments and Internet security, information integrity is often more important than secrecy. Digital signatures provide a solution to this problem, but they are unsuitable for applications that require very high speeds (for example IP level security on the Internet) or that use inexpensive processors. Such applications use so-called Message Authentication Codes (MACs). In this talk we present a survey of attacks on MACs. First we define the required security properties and we describe generic forgery and key recovery attacks. Subsequently we give an overview of the most popular MAC constructions and on attacks on these algorithms. The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA.

back to seminar homepage