Another look at HMAC
نویسندگان
چکیده
HMAC is the most widely-deployed cryptographic-hash-function-based message authentication code. First, we describe a security issue that arises because of inconsistencies in the standards and the published literature regarding keylength. We prove a separation result between two versions of HMAC, which we denote HMAC and HMAC, the former being the real-world version standardized by Bellare et al. in 1997 and the latter being the version described in Bellare’s proof of security in his Crypto 2006 paper. Second, we describe how HMAC (the FIPS version standardized by NIST), while provably secure (in the single-user setting), succumbs to a practical attack in the multi-user setting. Third, we describe a fundamental defect from a practice-oriented standpoint in Bellare’s 2006 security result for HMAC, and show that because of this defect his proof gives a security guarantee that is of little value in practice. We give a new proof of NMAC security that gives a stronger result for NMAC and HMAC and we discuss why even this stronger result by itself fails to give convincing assurance of HMAC security.
منابع مشابه
Another Look at Tightness II: Practical Issues in Cryptography
How to deal with large tightness gaps in security proofs is a vexing issue in cryptography. Even when analyzing protocols that are of practical importance, leading researchers often fail to treat this question with the seriousness that it deserves. We discuss nontightness in connection with complexity leveraging, HMAC, lattice-based cryptography, identity-based encryption, and hybrid encryption.
متن کاملAnother Look at Security Theorems for 1-Key Nested MACs
We prove a security theorem without collision-resistance for a class of 1-key hash-function-based MAC schemes that includes HMAC and Envelope MAC. The proof has some advantages over earlier proofs: it is in the uniform model, it uses a weaker related-key assumption, and it covers a broad class of MACs in a single theorem. However, we also explain why our theorem is of doubtful value in assessin...
متن کاملResponse to Crypto 2014 Paper
However, GPR fails to note that a very similar result giving lqǫ-security was proved earlier in our paper “Another look at HMAC.” GPR acknowledges our main theorem, which gives lǫ-security under a stronger PRF-assumption, but omits any mention of our Corollary 10.3, where we proved that lqǫ-security under the weaker assumption follows from the theorem. GPR can correctly claim that their result ...
متن کاملSecond Preimages for Iterated Hash Functions and Their Implications on MACs
In this article, we focus on second preimages for iterated hash functions. More precisely, we introduce the notion of a b-block bypass which is closely related to the notion of second preimage but specifies additional properties. We will then give two examples of iterated hash functions to which this notion applies: a double-block length hash function and a single-block length hash function. Fu...
متن کاملA New Concept of Hash Functions SNMAC Using a Special Block Cipher and NMAC/HMAC Constructions
In this paper, we present new security proofs of well-known hash constructions NMAC/HMAC proposed by Bellare et al. in 1996. We show that block ciphers should be used in hash functions in another way than it has been so far. We introduce a new cryptographic primitive called special block cipher (SBC) which is resistant to attacks specific for block ciphers used in hash functions. We propose to ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Mathematical Cryptology
دوره 7 شماره
صفحات -
تاریخ انتشار 2012