General Distinguishing Attacks on NMAC and HMAC with Birthday Attack Complexity
نویسندگان
چکیده
Kim et al. [4] and Contini et al. [3] studied on the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Especially, they considered the distinguishing attacks. However, they did not describe generic distinguishing attacks on NMAC and HMAC. In this paper, we describe the generic distinguishers to distinguish NMAC and HMAC with the birthday attack complexity and we prove the security bound when the underlying compression function is the random oracle.
منابع مشابه
New Generic Attacks against Hash-Based MACs
In this paper we study the security of hash-based MAC algorithms (such as HMAC and NMAC) above the birthday bound. Up to the birthday bound, HMAC and NMAC are proven to be secure under reasonable assumptions on the hash function. On the other hand, if an n-bit MAC is built from a hash function with a l-bit state (l ≥ n), there is a well-known existential forgery attack with complexity 2. Howeve...
متن کاملCryptanalysis on HMAC/NMAC-MD5 and MD5-MAC
In this paper, we present the first distinguishing attack on HMAC and NMAC based on MD5 without related keys, which distinguishes the HMAC/NMAC-MD5 from HMAC/NMAC with a random function. The attack needs 2 queries, with a success probability 0.87, while the previous distinguishing attack on HMAC-MD5 reduced to 33 rounds takes 2 messages with a success rate of 0.92. Furthermore, we give distingu...
متن کاملNote on Distinguishing, Forgery, and Second Preimage Attacks on HMAC-SHA-1 and a Method to Reduce the Key Entropy of NMAC
The first distinguishing, forgery and second preimage attacks on step-reduced HMAC-SHA-1 have recently been presented by Kim et al. In this note we report on ongoing work to improve their data complexity and present new attacks on HMAC-SHA-1 covering more steps. Additionally, we show how a collision-based technique can be used to reduce the key entropy of NMAC-SHA-1. Finally we comment on the a...
متن کاملDistinguishing Attacks on MAC/HMAC Based on A New Dedicated Compression Function Framework
A new distinguishing attack on HMAC and NMAC based on a dedicated compression function framework H, proposed in ChinaCrypt2008, is first presented in this paper, which distinguish the HMAC/NMACH from HMAC/NMAC with a random function. The attack needs 2 chosen messages and 2 queries, with a success rate of 0.873. Furthermore, according to distinguishing attack on SPMAC-H, a key recovery attack o...
متن کاملCryptanalysis of HMAC/NMAC-Whirlpool
In this paper, we present universal forgery and key recovery attacks on the most popular hash-based MAC constructions, e.g., HMAC and NMAC, instantiated with an AES-like hash function Whirlpool. These attacks work with Whirlpool reduced to 6 out of 10 rounds in single-key setting. To the best of our knowledge, this is the first result on “original” key recovery for HMAC (previous works only suc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006