Breaking H2-MAC Using Birthday Paradox
نویسندگان
چکیده
We propose an efficient method to break H-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance).
منابع مشابه
Breaking H-MAC Using Birthday Paradox
H-MAC was proposed to increase efficiency over HMAC by omitting its outer key, and keep the advantage and security of HMAC at the same time. However, as pointed out by the designer, the security of H-MAC also depends on the secrecy of the intermediate value (the equivalent key) of the inner hashing. In this paper, we propose an efficient method to break H-MAC, by using a generalized birthday at...
متن کاملEquivalent Key Recovery Attack to H-MAC
In this paper, we propose an efficient method to break H2-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance). We can successfully recover the equivalent key of H2-MAC in about 2n/2 on-line MAC queries and 2n/2 off-line hash computations with great probability. This attack shows that t...
متن کاملOn the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction
In this paper, we study the security of randomized CBC– MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC– MAC using an n–bit block cipher is the same as the security ...
متن کاملOn the Security of the CCM Encryption Mode and of a Slight Variant
In this paper, we present an analysis of the CCM mode of operations and of a slight variant. CCM is a simple and efficient encryption scheme which combines a CBC-MAC authentication scheme with the counter mode of encryption. It is used in several standards. Despite some criticisms (mainly this mode is not online, and requires non-repeating nonces), it has nice features that make it worth to stu...
متن کاملUniversal Forgery with Birthday Paradox: Application to Blockcipher-based Message Authentication Codes and Authenticated Encryptions
An universal forgery attack means that for any given message M , an adversary without the key can forge the corresponding Message Authentication Code (MAC) tag τ , and the pair (M, τ) can be verified with probability 1. For a idea MAC, the universal forgery attack should be infeasible to be implemented, whose complexity is believed to be min(2, 2) queries in the classic setting, where n is the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2011 شماره
صفحات -
تاریخ انتشار 2011