Abstract. We describe a series of new attacks on a CBC-MAC algorithm due to Knudsen and Preneel including two key recovery attacks and a forgery attack. Unlike previous attacks, these techniques will work when the MAC calculation involves prefixing the data to be MACed with a ‘length block’. These attack methods provide new (tighter) upper bounds on the level of security offered by the MacDES technique. Key words. Message Authentication Codes. Cryptanalysis. CBC-MAC.
Don Coppersmith, Lars R. Knudsen, Chris J. Mitchel