Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Methods for Message Authentication

IP.com Disclosure Number: IPCOM000115045D
Original Publication Date: 1995-Mar-01
Included in the Prior Art Database: 2005-Mar-30
Document File: 2 page(s) / 72K

Publishing Venue

IBM

Related People

Basturk, E: AUTHOR [+4]

Abstract

Sender and receiver share a key K not known to the adversary. The goal is to be authenticate a message. That is, upon receipt of a message purporting to be from the sender, the receiver should be convinced this is true and the message was not sent the adversary.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Methods for Message Authentication

      Sender and receiver share a key K not known to the adversary.
The goal is to be authenticate a message.  That is, upon receipt of a
message purporting to be from the sender, the receiver should be
convinced this is true and the message was not sent the adversary.

      Let f sub a be a pseudorandom function (PRF) mapping 64 bits
to l  bits.  Let H be a hash function such MD5 which takes a string
of any length and returns a 128 bit string.  Let H sub 1 (y) denote
the first 64 bits of H(y) and let H sub 2 (y) denote the next 64 bits
of H(y).  We specify the following two MACs:
  1.  MAC by CBC encryption of hash.  The key K of the message
       authentication scheme is the key a of the PRF.  The MAC is
given
       by
      'MAC' sub a(x) = f sub a (f sub a (H sub 1 (x)) cplus H sub 2
(x))
  2.  MAC by encrypting keyed hash.  The key K of the message
       authentication scheme specifies a pair of keys a, s.  The
first
       is the key of a PRF f sub a, and the second is a 64 bit key to
be
       used for the "keyed hash".  The MAC is given by
      'MAC' sub <a , s> (x) = f sub a (H sub 1 (x, s))

      Instantiations for PRFs and for hash functions are suggested.
This gives rise to a collection of schemes.

      For a 56 bit key a, denote by 'DES' sub a ratio {0,1} sup <64>
rarrow {0,1} sup <64> the permutation specified by the algorithm of
the data encryption standard.  Let f sub a (x) be the first 48 bits
of 'DES' sub a(x).  This is a PRF with key length k=56, input length
L=64 and output length l=48.

      For a 80 bit key a, denote by 'SJ' sub a ratio {0,1} sup <64>
rarrow {0,1} sup <64> the permutation specified by the skipjack
algorithm of the Clipper chip.  Let f sub a (x) be the first 48 bits
of 'SJ' sub a (x).  This is a PRF with key length k=80, input length
L=64 and output length l=48.

   ...