[Resource Topic] 1997/010: CBC MAC for Real-Time Data Sources

Welcome to the resource topic for 1997/010

Title:
CBC MAC for Real-Time Data Sources

Authors: Erez Petrank, Charles Rackoff

Abstract:

The Cipher Block Chaining (CBC) Message Authentication Code (MAC)
is an authentication method which is widely used in practice.
It is well known that the naive use of CBC MAC for variable
length messages is not secure, and a few rules of thumb for the
correct use of CBC MAC are known by folklore. The first rigorous
proof of the security of CBC MAC, when used on fixed length messages,
was given only recently by Bellare, Kilian and Rogaway. They also
suggested variants of CBC MAC that handle variable length messages
but in these variants the length of the message has to be known
in advance (i.e., before the message is processed).

We study CBC authentication of real time applications in which the
length of the message is not known until the message ends, and
furthermore, since the application is real-time, it is not possible
to start processing the authentication only after the message ends.

We first present a variant of CBC MAC, called {\em double MAC} (DMAC)
which handles messages of variable unknown lengths. Computing DMAC on
a message is virtually as simple and as efficient as computing the
standard CBC MAC on the message. We provide a rigorous proof that its
security is implied by the security of the underlying block cipher.
Next, we argue that the basic CBC MAC is secure when applied to prefix
free message space. A message space can be made prefix free by
authenticating also the (usually hidden) last character which marks
the end of the message.

ePrint: https://eprint.iacr.org/1997/010

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .