Collision Attacks on AES-Based MAC: Alpha-MAC

Biryukov, Alex; Bogdanov, Andrey; Khovratovich, Dmitry; Kasper, Timo

Reference : Collision Attacks on AES-Based MAC: Alpha-MAC


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/15035

Title :	Collision Attacks on AES-Based MAC: Alpha-MAC
Language :	English
Author, co-author :	Biryukov, Alex [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Bogdanov, Andrey [Ruhr-University, Bochum]
	Khovratovich, Dmitry [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Kasper, Timo [Ruhr-University, Bochum]
Publication date :	2007
Main document title :	Cryptographic Hardware and Embedded Systems - CHES 2007
Publisher :	Springer
Pages :	166-180
Peer reviewed :	Yes
Audience :	International
ISBN :	978-3-540-74734-5
Event name :	Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop
Event date :	September 10-13
Event place (city) :	Vienna
Event country :	Austria
Keywords :	[en] Alpha-MAC ; message authentication codes ; MAC ; AES ; collision attack ; side-channel attack ; selective forgery
Abstract :	[en] Message Authentication Code construction Alred and its AES-based instance Alpha-MAC were introduced by Daemen and Rijmen in 2005. We show that under certain assumptions about its implementation (namely that keyed parts are perfectly protected against side-channel attacks but bulk hashing rounds are not) one can efficiently attack this function. We propose a side-channel collision attack on this MAC recovering its internal state just after 29 measurements in the known-message scenario which is to be compared to 40 measurements required by collision attacks on AES in the chosen-plaintext scenario. Having recovered the internal state, we mount a selective forgery attack using new 4 to 1 round collisions working with negligible memory and time complexity.
Permalink :	http://hdl.handle.net/10993/15035
Other URL :	http://www.springerlink.com/content/r241n19657h68rm3/
Commentary :	4727 Lecture Notes in Computer Science Lect Notes Comput Sci 1611-3349 0302-9743

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Collisions-alfa-mac-ches07.pdf	No commentary	Author postprint	476.43 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices