Distinguishing Attacks on MAC/HMAC Based on A New Dedicated Compression Function Framework
نویسندگان
چکیده
A new distinguishing attack on HMAC and NMAC based on a dedicated compression function framework H, proposed in ChinaCrypt2008, is first presented in this paper, which distinguish the HMAC/NMACH from HMAC/NMAC with a random function. The attack needs 2 chosen messages and 2 queries, with a success rate of 0.873. Furthermore, according to distinguishing attack on SPMAC-H, a key recovery attack on the SPMAC-H is present, which recover all 256-bit key with 2 chosen messages, 2 queries, and (t+1)×8 times decrypting algorithms.
منابع مشابه
Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5
At Crypto ’06, Bellare presented new security proofs for HMAC and NMAC, under the assumption that the underlying compression function is a pseudo-random function family. Conversely, at Asiacrypt ’06, Contini and Yin used collision techniques to obtain forgery and partial key-recovery attacks on HMAC and NMAC instantiated with MD4, MD5, SHA-0 and reduced SHA-1. In this paper, we present the firs...
متن کاملCryptanalysis on HMAC/NMAC-MD5 and MD5-MAC
In this paper, we present the first distinguishing attack on HMAC and NMAC based on MD5 without related keys, which distinguishes the HMAC/NMAC-MD5 from HMAC/NMAC with a random function. The attack needs 2 queries, with a success probability 0.87, while the previous distinguishing attack on HMAC-MD5 reduced to 33 rounds takes 2 messages with a success rate of 0.92. Furthermore, we give distingu...
متن کاملGeneral Distinguishing Attacks on NMAC and HMAC with Birthday Attack Complexity
Kim et al. [4] and Contini et al. [3] studied on the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Especially, they considered the distinguishing attacks. However, they did not describe generic distinguishing attacks on NMAC and HMAC. In this paper, we describe the generic distinguishers to distinguish NMAC and HMAC with the birthday attack complexity and we prove the sec...
متن کاملOn the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1⋆
HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMA...
متن کاملNew Generic Attacks against Hash-Based MACs
In this paper we study the security of hash-based MAC algorithms (such as HMAC and NMAC) above the birthday bound. Up to the birthday bound, HMAC and NMAC are proven to be secure under reasonable assumptions on the hash function. On the other hand, if an n-bit MAC is built from a hash function with a l-bit state (l ≥ n), there is a well-known existential forgery attack with complexity 2. Howeve...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2010 شماره
صفحات -
تاریخ انتشار 2010