Abstract
In this paper the newly proposed RMAC system is analysed. The scheme allows a (traditional MAC) attack some control over one of two keys of the underlying block cipher and makes it possible to mount several related-key attacks on RMAC. First, an efficient attack on RMAC when used with triple-DES is presented, which rely also on other findings in the proposed draft standard. Second, a generic attack on RMAC is presented which can be used to find one of the two keys in the system faster than by an exhaustive search. Third, related-key attacks on RMAC in a multi-user setting are presented. In addition to beating the claimed security bounds in NIST's RMAC proposal, this work suggests that, as a general principle, one may wish to avoid designing modes of operation that use related keys. © International Association for Cryptologic Research 2003.
Cite
CITATION STYLE
Knudsen, L. R., & Kohno, T. (2003). Analysis of RMAC. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2887, 182–191. https://doi.org/10.1007/978-3-540-39887-5_14
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
