Sciweavers

CRYPTO
2005
Springer

Improved Security Analyses for CBC MACs

14 years 4 months ago
Improved Security Analyses for CBC MACs
We present an improved bound on the advantage of any q-query adversary at distinguishing between the CBC MAC over a random n-bit permutation and a random function outputting n bits. The result assumes that no message queried is a prefix of any other, as is the case when all messages to be MACed have the same length. We go on to give an improved analysis of the encrypted CBC MAC, where there is no restriction on queried messages. Letting be the block length of the longest query, our bounds are about q2 /2n for the basic CBC MAC and o(1) q2 /2n for the encrypted CBC MAC, improving prior bounds of 2 q2 /2n . The new bounds translate into improved guarantees on the probability of forging these MACs.
Mihir Bellare, Krzysztof Pietrzak, Phillip Rogaway
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where CRYPTO
Authors Mihir Bellare, Krzysztof Pietrzak, Phillip Rogaway
Comments (0)