An Update on the Analysis and Design of NMAC and HMAC Functions

In this paper, we investigate the issues in the analysis and design of provably secure message authentication codes (MACs) Nested MAC (NMAC) and Hash based MAC (HMAC) proposed by Bellare, Canetti and Krawczyk. First, we provide security analysis of NMAC using weaker assumptions than stated in its proof of security. This analysis shows that, theoretically, one cannot further weaken the assumptions in the proof of security of NMAC to obtain a secure MAC function NMAC and for a secure MAC function NMAC, both keys must be secret. This analysis also provides a solution to an open question in Preneel’s thesis on the security of MAC functions when the attacker has knowledge of the key(s) in relation to NMAC and HMAC. Next, we propose a new variant to the NMAC function by altering the standard padding used for the hash function in NMAC. This variant is slightly more efficient than NMAC especially for short messages. The analysis and performance aspects of this variant are compared with other efficient MAC functions based on hash functions. Next, we provide another new variant to NMAC by altering the position of the trail key used in NMAC. This variant has some advantages over NMAC from the perspective of key-recovery attacks. Finally, we formally show how to convert NMAC and HMAC functions into pseudorandom functions.