0

I'm looking at the CBC-MAC vulnerabilities that arise when CBC-MAC is used incorrectly, specifically when the keys for encryption and authentication are reused. The source I'm relying on is the Wikipedia Article on the matter (https://en.wikipedia.org/wiki/CBC-MAC#Using_the_same_key_for_encryption_and_authentication).

There are some odd omissions that I fail to understand. For one, it says CBC-MAC is used with IV = 0 and let's assume we reuse the key for authentication using CBC-MAC and encryption using CBC. If the MAC of the encryption is not zero, then the attack does not work at all, right? As far as I understand, the attack only works if

  • Plaintext is authenticated, not ciphertext
  • Encryption key and authentication key are identical
  • Encryption IV and authentication IV are identical

I.e., I really fail to understand what the attack is. Obviously, if everything is identical, then the last ciphertext block is also going to be identical (which is the auth tag of CBC-MAC). Does this really only work with all those broken assumptions or is there something I'm missing?

itecMemory
  • 13
  • 2
  • The article is really clear on this forgery if one uses the same key for encryption and authentication. This is an example for us to separate the keys! No, the CBC encryption and CBC-MAC IV's are not identical. Note that is is going to migrate to cryptography.SE. Before that you might read some questions there. – kelalaka Oct 27 '21 at 18:35
  • cryptography.se has 103 question tagged with [CBC-MAC](https://crypto.stackexchange.com/questions/tagged/cbc-mac). Please have a look at! – kelalaka Oct 27 '21 at 18:37
  • Of course it is an example to use separate keys, I'm well aware of that. However, with the information given in the article there is no "forgery" possible, possibly because they're omitting some information. – itecMemory Oct 28 '21 at 08:05
  • Well, the definition is there; By definition, a Message Authentication Code is broken if we can find a different message (a sequence of plain-text pairs `P'` which produces the same tag as the previous message, P, with `P`=P'=P'. Go on and edit? – kelalaka Oct 28 '21 at 08:41

0 Answers0