Can a MAC be built by block ciphers?

by Emmanuel Udofia / Monday, 05 August 2024 / Published in Cybersecurity, EITC/IS/CCF Classical Cryptography Fundamentals, Applications of block ciphers, Modes of operation for block ciphers

A Message Authentication Code (MAC) can indeed be constructed using block ciphers. A MAC is a cryptographic checksum that provides integrity and authenticity assurances on a message. It ensures that the message has not been altered and that it originates from a legitimate sender who possesses the secret key. Block ciphers, which are deterministic algorithms operating on fixed-size blocks of data with a symmetric key, can be utilized to build MACs through various constructions.

Understanding Block Ciphers

Block ciphers operate on fixed-size blocks of plaintext, typically 64 or 128 bits, and transform them into ciphertext blocks of the same size using a symmetric key. Common examples of block ciphers include the Data Encryption Standard (DES), Triple DES (3DES), and the Advanced Encryption Standard (AES). Block ciphers can be used in different modes of operation to encrypt data of arbitrary length and to achieve various cryptographic goals.

MAC Construction Using Block Ciphers

Several methods exist to build a MAC using block ciphers, each leveraging the properties of the cipher to ensure message integrity and authenticity. Notable methods include CBC-MAC, HMAC, and CMAC.

CBC-MAC (Cipher Block Chaining Message Authentication Code)

CBC-MAC is one of the simplest and most straightforward methods to construct a MAC using a block cipher. It employs the Cipher Block Chaining (CBC) mode of operation, which is commonly used for encryption. In CBC mode, each plaintext block is XORed with the previous ciphertext block before being encrypted. For MAC generation, the final ciphertext block is used as the MAC.

Construction Steps:

1. Initialization: Choose a symmetric key $K$ and an initial vector (IV), typically set to zero.
2. Block-wise Processing: For a message $M$ divided into blocks $M_1, M_2, \ldots, M_n$ :
– $C_0 = IV$
– For $i = 1$ to $n$ :
– $C_i = E_K(C_{i-1} \oplus M_i)$
3. MAC Generation: The MAC is the final ciphertext block $C_n$ .

Example:

Consider a message $M$ divided into three blocks $M_1, M_2, M_3$ . Using a block cipher $E$ with key $K$ :

– $C_0 = IV$
– $C_1 = E_K(C_0 \oplus M_1)$
– $C_2 = E_K(C_1 \oplus M_2)$
– $C_3 = E_K(C_2 \oplus M_3)$

The MAC is $C_3$ .

Security Considerations:

While CBC-MAC is secure for fixed-length messages, it is vulnerable to certain attacks when used with variable-length messages. To mitigate this, variations such as Length-Prefix CBC-MAC or CMAC are used.

CMAC (Cipher-based Message Authentication Code)

CMAC is an improvement over CBC-MAC and addresses its vulnerabilities. It is standardized in NIST SP 800-38B and is secure for messages of arbitrary length.

Construction Steps:

1. Key Derivation: Derive two sub-keys $K_1$ and $K_2$ from the main key $K$ using the block cipher.
2. Padding: If the message length is not a multiple of the block size, pad the final block.
3. Block-wise Processing: For a message $M$ divided into blocks $M_1, M_2, \ldots, M_{n-1}, M_n$ :
– $C_0 = IV$
– For $i = 1$ to $n-1$ :
– $C_i = E_K(C_{i-1} \oplus M_i)$
– For the final block $M_n$ :
– If $M_n$ is complete, $T = M_n \oplus K_1$
– If $M_n$ is padded, $T = M_n \oplus K_2$
– $C_n = E_K(C_{n-1} \oplus T)$
4. MAC Generation: The MAC is $C_n$ .

Example:

Consider a message $M$ divided into three blocks $M_1, M_2, M_3$ . Using a block cipher $E$ with key $K$ :

– Derive $K_1$ and $K_2$ .
– $C_0 = IV$
– $C_1 = E_K(C_0 \oplus M_1)$
– $C_2 = E_K(C_1 \oplus M_2)$
– For $M_3$ :
– If complete, $T = M_3 \oplus K_1$
– If padded, $T = M_3 \oplus K_2$
– $C_3 = E_K(C_2 \oplus T)$

The MAC is $C_3$ .

HMAC (Hash-based Message Authentication Code)

Although HMAC primarily uses hash functions, it can be built using block ciphers by employing the Davies-Meyer construction, which turns a block cipher into a hash function. HMAC is widely used due to its simplicity and strong security guarantees.

Construction Steps:

1. Key Preparation: If the key $K$ is longer than the block size, hash it to obtain a key of the appropriate length. If shorter, pad it with zeros.
2. Inner Hash: Compute the hash of the inner padded key concatenated with the message.
3. Outer Hash: Compute the hash of the outer padded key concatenated with the result of the inner hash.
4. MAC Generation: The MAC is the result of the outer hash.

Example:

Consider a message $M$ and a key $K$ with block size $b$ :

– If $K$ is longer than $b$ , $K = H(K)$ .
– If $K$ is shorter than $b$ , pad $K$ with zeros.
– Compute $K_{ipad} = K \oplus \text{0x36} \cdots \text{0x36}$ .
– Compute $K_{opad} = K \oplus \text{0x5C} \cdots \text{0x5C}$ .
– Inner hash: $H_{inner} = H(K_{ipad} \| M)$ .
– Outer hash: $H_{outer} = H(K_{opad} \| H_{inner})$ .

The MAC is $H_{outer}$ .

Security Analysis

The security of a MAC constructed using block ciphers depends on the strength of the underlying block cipher and the construction method. CBC-MAC, CMAC, and HMAC (with block ciphers) each offer different security properties and efficiency trade-offs.

– CBC-MAC: Secure for fixed-length messages but vulnerable to length extension attacks. Variants like Length-Prefix CBC-MAC or CMAC are recommended for variable-length messages.
– CMAC: Provides strong security guarantees for messages of arbitrary length and is resistant to various attacks.
– HMAC: Offers robust security by combining the properties of hash functions and block ciphers, making it suitable for a wide range of applications.

Practical Applications

MACs constructed using block ciphers are employed in various applications to ensure data integrity and authenticity. Examples include:

– Financial Transactions: Ensuring the integrity of transaction data in banking systems.
– Secure Communications: Authenticating messages in secure communication protocols like TLS/SSL.
– Digital Signatures: Providing an additional layer of security for digital signatures by ensuring message integrity.

In the realm of classical cryptography, block ciphers serve as versatile tools for constructing MACs, offering robust mechanisms to ensure message integrity and authenticity. By leveraging the properties of block ciphers through methods such as CBC-MAC, CMAC, and HMAC, cryptographic systems can provide strong security guarantees against tampering and forgery.

EITCA Academy

Can a MAC be built by block ciphers?

Understanding Block Ciphers

MAC Construction Using Block Ciphers

CBC-MAC (Cipher Block Chaining Message Authentication Code)

CMAC (Cipher-based Message Authentication Code)

HMAC (Hash-based Message Authentication Code)

Security Analysis

Practical Applications

Other recent questions and answers regarding Modes of operation for block ciphers:

More questions and answers:

EITCA Academy is a part of the European IT Certification framework

EITCA Academy

LOG IN TO YOUR ACCOUNT

FORGOT YOUR PASSWORD?

CREATE AN ACCOUNT

Can a MAC be built by block ciphers?

Understanding Block Ciphers

MAC Construction Using Block Ciphers

CBC-MAC (Cipher Block Chaining Message Authentication Code)

CMAC (Cipher-based Message Authentication Code)

HMAC (Hash-based Message Authentication Code)

Security Analysis

Practical Applications

Other recent questions and answers regarding Modes of operation for block ciphers:

More questions and answers: