Skip to main content

Key recovery attacks on MACs based on properties of cryptographic APIs

Citations of this article
Mendeley users who have this article in their library.
Get full text


This paper is concerned with the design of cryptographic APIs (Application Program Interfaces), and in particular with the part of such APIs concerned with computing Message Authentication Codes (MACs). In some cases it is necessary for the cryptographic API to offer the means to ‘part-compute’ a MAC, i.e. perform the MAC calculation for a portion of a data string. In such cases it is necessary for the API to input and output ‘chaining variables’. As we show in this paper, such chaining variables need very careful handling lest they increase the possibility of MAC key compromise. In particular, chaining variables should always be output in encrypted form; moreover the encryption should operate so that re-occurrence of the same chaining variable will not be evident from the ciphertext.




Brincat, K., & Mitchell, C. J. (2001). Key recovery attacks on MACs based on properties of cryptographic APIs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2260, pp. 63–72). Springer Verlag.

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free