MAC Based on Block Ciphers: DAA and CMAC

 In this section we will firstly study Data Authentication Algorithm (DAA) and then we will move towards Cipher Based Message Authentication (CBMA). 

1. Data Authentication Algorithm (DAA) : 

One of the most widely used MAC is referred to as Data authentication algorithm. 

The algorithm is designed using the cipher block chaining mode of operation of DES as shown in Figure 1. 


Fig. 1: Data Authentication Algorithm

If necessary, the final block is padded on the right with zeros to make a 64 bit block using the DES encryption algorithm and a secret key, a data authentication code (DAC) is calculated as follows.

O1 = E(k, D1

O2 = E(K,[DXOR O1]

O= E(k, [DXOR O2]

:

On = E(K, [DXOR On-1]

. The DAC consists of either entire block On or the leftmost M bits of the block with 16<=M<=64.  

Note 1: DAA is applicable on 64 bit message when the message length is greater than 64 bits then it is difficult to use DAA and DAA has less security than upcoming CBMA.


2. Cipher-Based Message Authentication Code (CMAC)  : 

. DAA, which is now considered as obsolete. Then, CMAC, which is designed to overcome the deficiencies of DAA.

. Cipher based message authentication (CMAC) mode of operation uses with AES and triple DES.

 First, let us define the operation of CMAC when the message is an integer multiple n of the cipher block length b. 

Fig. 2: Message Length is integer multiple of block size

. For AES, b=128, and for triple DES, b = 64
. The message is divided into n blocks (M1, M2, ---, Mn)
. For AES, the key size is 128, 192, or 256 bits, for triple DES the key size is 112 or 168 bits. CMAC is calculated as follows. 

C1 = E(K,M1)

C2 = E(K, [M2 XOR C1])

C3 = E(K, [M3 XOR C2])

:

CN = E(K, [MN XOR CN-1 XOR K1])

T = MSBTlen(CN)

Here T = message authentication code, also referred to as the tag.

Tlen = bit length of T

MSBs(x) = The s leftmost bits of the bit string x. 


Fig. 3: Message Length is not integer multiple of block size

If we use K2 then the two b-bit keys are derived from the K bit encryption as follows: 

L = E(K, 0b)

K1 = L.x

K2 = L.x2 = (Lx).

Where multiplication (.) is done in the finite field GF(2b) and x, x2 are first and second order polynomials that are elements of GF(2b). Thus, the binary representation of x2 consist of b-3 zeros followed by 100. The finite field is defined w.r.t an irreducible polynomial that is lexicographically first among all such polynomials with the minimum possible number of nonzero terms.

x6 + x4 + x3 + x + 1

x128 + x7 + x2 + x + 1


*****************************************************************************************************************

Comments

Post a Comment

Popular posts from this blog

Homomorphic Encryption: A Basic Idea

Image
Homomorphic encryption has the same aim as other encryption-decryption mechanisms: maintaining confidentiality, security, privacy, etc.  In this blog, we will see homomorphic encryption and its type.  Homomorphic Encryption (HE):  It is an encryption that computes operations over encrypted data without decrypting it (or without the need for a secret key).  Mathematically speaking in a client-server architecture: client has message 'm' and function f. The task of client is to compute f(m). Due to computational expensiveness (maybe one of the reason) client sends encryption of message (say Enc(m)) and 'f' to the server. Server will compute function over encrypted message, that is, f(Enc(m)), and return the result to the client, that is, Enc(f(m)). Client will decrypt it Dec(Enc(f(m)), that is, f(m). Hence, client achieves f(m).  Let's understand HE with our daily life (Tea making process): Figure 1. Here m is message, Enc is encryption, f is function, and Eval in...
Read more

Fast Base Conversion and Its Application

Image
Fast Base Conversion (FBC) is a technique used to convert a number from one modulus space to another. For example, if we have 14 m o d     77 14 \mod 77  and want to convert it to x m o d     390 x \mod 390 , FBC is widely used. Mathematically, it can be represented as follows: Here, the above equation represents an integer x x  in modulus q q , and FBC converts this integer into the modulus space t t . The modulus q q  is the product of small coprime moduli (i.e., q = q 1 q 2 … q k q = q_1 q_2 \dots q_k ​ ), and x x  is an integer such that x ∈ [ 0 , q ) x \in [0, q) . We also note that q q  and t t  are coprime numbers. Here, we remark that it is not necessary for the above equation to produce the exact result for x x . Instead of x m o d     t x \mod t , it will provide x ′ m o d     t x' \mod t . Thus, the output of the above equation is as follows: FBC ( x , q , t )  =  x  +  A q  mod  t , where A ∈ [ 0 , k − 1 ] A \in [0,...
Read more

Brakerski-Fan-Vercauteren (BFV) Homomorphic Encryption

Image
Homomorphic encryption means computation over encrypted data without secret key.  How this is possible  ?? 😴 In this blog, we will explore the types of Homomorphic Encryption and demonstrate how computations can be performed on encrypted data without the secret key. In 2009, Gentry proposed Fully Homomorphic Encryption. In 2012, Brakerski proposed a leveled homomorphic encryption scheme that works over integer arithmetic, which later became known as the BFV scheme. BFV is an encryption scheme. Thus, as an encryption scheme, it is expected to be secure. To date, under certain conditions, it is assumed that the scheme is safe, and its security is based on the Learning With Errors (LWE) assumption.. Learning-with-error (LWE): Given a pair of a, b and the task is to recover secret key (s), such that b = a.s  + e  Here e is error mostly picked from gaussian distribution, and a, s are selected from Rq (known as ring module R) The above problem is HARD. The proof is not si...
Read more