Equivalent Key Recovery Attack to H-MAC

نویسندگان

  • Fanbao Liu
  • Tao Xie
  • Changxiang Shen
چکیده

In this paper, we propose an efficient method to break H2-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance). We can successfully recover the equivalent key of H2-MAC in about 2n/2 on-line MAC queries and 2n/2 off-line hash computations with great probability. This attack shows that the security of H2-MAC is totally dependent on the collision resistance of the underlying hash function, instead of the PRF-AX of the underlying compression function in the origin security proof of H2-MAC.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Equivalent Key Recovery Attack on H 2-MAC Instantiated with MD5

This paper presents the first equivalent key recovery attack on H2-MAC-MD5, which conduces to a selective forgery attack directly. H2-MAC is similar with HMAC except that the outer key is omitted. For HMAC-MD5, since the available differential paths are pseudocollisions, all the key recovery attacks are in the related-key setting, while our attack on H2MAC-MD5 gets rid of this restriction. Base...

متن کامل

On the Security of NMAC and Its Variants

We first propose a general equivalent key recovery attack to a H-MAC variant NMAC1, which is also provable secure, by applying a generalized birthday attack. Our result shows that NMAC1, even instantiated with a secure Merkle-Damg̊ard hash function, is not secure. We further show that this equivalent key recovery attack to NMAC1 is also applicable to NMAC for recovering the equivalent inner key ...

متن کامل

Breaking H-MAC Using Birthday Paradox

H-MAC was proposed to increase efficiency over HMAC by omitting its outer key, and keep the advantage and security of HMAC at the same time. However, as pointed out by the designer, the security of H-MAC also depends on the secrecy of the intermediate value (the equivalent key) of the inner hashing. In this paper, we propose an efficient method to break H-MAC, by using a generalized birthday at...

متن کامل

Cryptanalysis of HMAC/NMAC-Whirlpool

In this paper, we present universal forgery and key recovery attacks on the most popular hash-based MAC constructions, e.g., HMAC and NMAC, instantiated with an AES-like hash function Whirlpool. These attacks work with Whirlpool reduced to 6 out of 10 rounds in single-key setting. To the best of our knowledge, this is the first result on “original” key recovery for HMAC (previous works only suc...

متن کامل

A new key recovery attack on the ANSI retail MAC

A new type of attack is introduced which takes advantage of MAC truncation to simplify key recovery attacks based on MAC verifications. One example of the attack is described which, in certain circumstances, enables a more efficient attack than was previously known to be launched against the ANSI retail MAC. The existence of this attack means that truncation for this MAC scheme should be used w...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012