New Distinguishing Attack on MAC Using Secret-Prefix Method
نویسندگان
چکیده
This paper presents a new distinguisher which can be applied to secret-prefix MACs with the message length prepended to the message before hashing. The new distinguisher makes use of a special truncated differential path with high probability to distinguish an inner near-collision in the first round. Once the inner near-collision is detected, we can recognize an instantiated MAC from a MAC with a random function. The complexity for distinguishing the MAC with 43-step reduced SHA-1 is 2 queries. For the MAC with 61-step SHA-1, the complexity is 2 queries. The success probability is 0.70 for both.
منابع مشابه
MDx-MAC and Building Fast MACs from Hash Functions
We consider the security of message authentication code (MAC) algorithms, and the construction of MACs from fast hash functions. A new forgery attack applicable to all iterated MAC algorithms is described, the first known such attack requiring fewer operations than exhaustive key search. Existing methods for constructing MACs from hash functions, including the secret prefix, secret suffix, and ...
متن کاملDistinguishing and Forgery Attacks on Alred and Its AES-based Instance Alpha-MAC
In this paper, we present new distinguishers of the MAC construction Alred and its specific instance Alpha-MAC based on AES, which is proposed by Daemen and Rijmen in 2005. For the Alred construction, we describe a general distinguishing attack which leads to a forgery attack directly. The complexity is 2 chosen messages and 2 queries with success probability 0.63. We also use a two-round colli...
متن کاملPractical Key Recovery Attack against Secret-prefix Edon-R
Edon-R is one of the fastest SHA-3 candidate. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secret prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 computations, negligible memory, and a precomputation of 2. This does not directly contradict the security claims of Edon-R or the NI...
متن کاملPractical Key Recovery Attack against Secret-IV Edon-
The SHA-3 competition has been organized by NIST to select a new hashing standard. Edon-R was one of the fastest candidates in the first round of the competition. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secretIV or secret-prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 comp...
متن کاملDifferential Attacks against the Helix Stream Cipher
In this paper, we analyze the security of the stream cipher Helix, recently proposed at FSE’03. Helix is a high-speed asynchronous stream cipher, with a built-in MAC functionality. We analyze the differential properties of its keystream generator and describe two new attacks. The first attack requires 2 basic operations and processes only 2 words of chosen plaintext in order to recover the secr...
متن کامل