On the Security of Iterated Message Authentication Codes

@article{Preneel1999OnTS,
  title={On the Security of Iterated Message Authentication Codes},
  author={Bart Preneel and Paul C. van Oorschot},
  journal={IEEE Trans. Information Theory},
  year={1999},
  volume={45},
  pages={188-199}
}
The security of iterated message authentication code (MAC) algorithms is considered, and in particular those constructed from unkeyed hash functions. A new MAC forgery attack applicable to all deterministic iterated MAC algorithms is presented, which requires on the order of 2n=2 known text-MAC pairs for algorithms with n bits of internal memory, as compared to the best previous general attack which required exhaustive key search. A related key recovery attack is also given which applies to a… CONTINUE READING