less secure than the original OMAC. We show a security gap between them. As a result, we obtain a negative answer to Mitchell's open question--OMAC1" is not provably secure even if the underlying block cipher is a PRP. Further, we point out limitations of discussion in [16]." />

On the Security of a MAC by Mitchell

Tetsu IWATA  Kaoru KUROSAWA  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E88-A    No.1    pp.25-32
Publication Date: 2005/01/01
Online ISSN: 
DOI: 10.1093/ietfec/e88-a.1.25
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Symmetric Key Cryptography
Keyword: 
message authentication code,  OMAC,  security proofs,  security gap,  pseudorandom permutation,  

Full Text: PDF>>
Buy this Article


Summary: 
OMAC is a provably secure MAC scheme proposed by Iwata and Kurosawa. NIST currently intends to specify OMAC as the modes recommendation. In August 2003, Mitchell published a note "On the security of XCBC, TMAC and OMAC" to propose a new variant of OMAC. We call it OMAC1". In this paper, we prove that OMAC1" is less secure than the original OMAC. We show a security gap between them. As a result, we obtain a negative answer to Mitchell's open question--OMAC1" is not provably secure even if the underlying block cipher is a PRP. Further, we point out limitations of discussion in [16].