We provide a simple and improved security analysis of PMAC, a
Parallelizable MAC (Message Authentication Code) defined over
arbitrary messages. A similar kind of result was shown by Bellare,
Pietrzak and Rogaway at Crypto 2005, where they have provided an
improved bound for CBC (Cipher Block Chaining) MAC, which was
introduced by Bellare, Killan and Rogaway at Crypto 1994. Our
analysis idea is much more simpler to understand and is borrowed
from the work by Nandi for proving Indistinguishability at
Indocrypt 2005 and work by Bernstein. It shows that the advantage
for any distinguishing attack for n-bit PMAC based on a random
function is bounded by O(σq / 2^n), where
σ is the total number of blocks in all q queries made by
the attacker. In the original paper by Black and Rogaway at
Eurocrypt 2002 where PMAC was introduced, the bound is
O(σ^2 / 2^n).
We also compute the collision probability of CBC MAC for suitably
chosen messages. We show that the probability is Ω( lq^2 / N) where l is the number of message blocks, N is the
size of the domain and q is the total number of queries. For
random oracles the probability is O(q^2 / N). This improved
collision probability will help us to have an efficient
distinguishing attack and MAC-forgery attack. We also show that the
collision probability for PMAC is Ω(q^2 / N) (strictly greater
than the birthday bound). We have used a purely combinatorial
approach to obtain this bound. Similar analysis can be made for
other CBC MAC extensions like XCBC, TMAC and OMAC
