Re: Generic CBC-MAC specification

["Rich Ankney" <rankney@erols.com>]

Actually, the extra encryption of the last block was defined in
ANSI X9.19 (retail MAC for things like ATM transactions).
A recent paper by Bellare and Rogaway proves that this approach
does indeed provide the optimum amount of extra security.

Regards,
Rich

----------
> From: Theodore Y. Ts'o <tytso@MIT.EDU>
> To: FUKUMOTO Atsushi <fukumoto@isl.rdc.toshiba.co.jp>
> Cc: ipsec@tis.com
> Subject: Re: Generic CBC-MAC specification
> Date: Thursday, February 12, 1998 2:48 PM
> 
>    Date: Thu, 12 Feb 1998 17:59:36 +0900
>    From: FUKUMOTO Atsushi <fukumoto@isl.rdc.toshiba.co.jp>
> 
>    Only description I could find about CBC-MAC in "Applied Cryptography
>    2nd ed." (first print) is in p.456, where it says:
> 
> 	   [...] encrypt a message with a block algorithm in CBC or CFB
> 	   modes.  The hash is the last encrypted block, encrypted once
> 	   more in CBC or CFB modes.
> 
>    This last line, "encrypted once more in CBC or CFB modes", seems to be
>    different from FIPS81 Appendix F, or Mr.Rogers' CBC-MAC draft.
> 
>    So my question is, am I right that the description of Applied
>    Cryptography is wrong, and the "encrypted once more" should only be
>    applied to CFB mode?
> 
> If Applied Crypto says this, Applied Crypto is wrong....
> 
> 						- Ted

---

Follow-Ups:

• Re: Generic CBC-MAC specification
• From: Bart Preneel <Bart.Preneel@esat.kuleuven.ac.be>

---

• Prev by Date: Re: Generic CBC-MAC specification
• Next by Date: Re: Help - Details on March 2nd worshop at Raliegh requested ...
• Prev by thread: Re: Generic CBC-MAC specification
• Next by thread: Re: Generic CBC-MAC specification
• Index(es):
  • Main
  • Thread