Zhang LiTing; Wu WenLing; Zhang Lei Chinese Acad Sci Inst Software State Key Lab Informat Secur Beijing 100190 Peoples R China. Zhang LiTing; Wang Peng Chinese Acad Sci Grad Univ Beijing 100049 Peoples R China.
Message authentication codes (MACs) are widely used to protect data integrity and data origin authentication in communications. In this paper, we propose a new block-cipher-based MAC algorithm, CBCR, with provable security for arbitrary-length messages. CBCR adopts rotating operations in the end of cipher-block-chaining structure, and it appends fixed-length prefixes to all messages, which implies flexible usages in practice. For example, these fixed-length prefixes can be filled with some security parameters, message redundancies, etc. We also propose CBCR0, a special case of CBCR that sets its prefix to be an all-zero block. Compared with CMAC, a recommended standard by the US National Institute of Standards and Technology (NIST), CBCR0 enjoys all the advantages that CMAC has, but requires less memory; so, in practical applications, CBCR0 behaves as well as CMAC does, and it is even more suitable for environments with limited memory resources, e. g. smart cards.
English Abstract:
Message authentication codes (MACs) are widely used to protect data integrity and data origin authentication in communications. In this paper, we propose a new block-cipher-based MAC algorithm, CBCR, with provable security for arbitrary-length messages. CBCR adopts rotating operations in the end of cipher-block-chaining structure, and it appends fixed-length prefixes to all messages, which implies flexible usages in practice. For example, these fixed-length prefixes can be filled with some security parameters, message redundancies, etc. We also propose CBCR0, a special case of CBCR that sets its prefix to be an all-zero block. Compared with CMAC, a recommended standard by the US National Institute of Standards and Technology (NIST), CBCR0 enjoys all the advantages that CMAC has, but requires less memory; so, in practical applications, CBCR0 behaves as well as CMAC does, and it is even more suitable for environments with limited memory resources, e. g. smart cards.
