Message Authentication with Manipulation Detection Code

Abstract

In many applications of cryptography, assuring theauthenticity of communications is as important asprotecting their secrecy. A well known and securemethod of providing message authentication is tocompute a Message Authentication Code (MAC) byencrypting the message. If only one key is used toboth encrypt and authenticate a message, however,the system is subject to several forms ofcryptographic attack. Techniques have also beensought for combining secrecy and authentication inonly one encryption pass, using a ManipulationDetection Code generated by noncryptographicmeans. Previous investigations have shown that aproposed MDC technique involving block-by-blockExclusive-ORing is not secure when used with theCipher Block Chaining (CBC) mode of operation of theData Encryption Standard (DES]. It is shown herethat the Cipher Feedback (CFEI) mode of operationexhibits similar weaknesses. A linear addition modulo264 MDC is analyzed, including discussion of severalnovel attack scenarios. A Quadratic CongruentialManipulation Detection Code is proposed to avoid theproblems of previous schemes.