Birthday Attack on Dual EWCDM
نویسنده
چکیده
In CRYPTO 2017, Mennink and Neves showed almost nbit security for a dual version of EWCDM. In this paper we describe a birthday attack on this construction which violates their claim.
منابع مشابه
EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC
We propose a nonce-based MAC construction called EWCDM (Encrypted Wegman-Carter with Davies-Meyer), based on an almost xoruniversal hash function and a block cipher, with the following properties: (i) it is simple and efficient, requiring only two calls to the block cipher, one of which can be carried out in parallel to the hash function computation; (ii) it is provably secure beyond the birthd...
متن کاملBirthday Forgery Attack on 128 - EIA 3 (
128-EIA3 is an integrity algorithm considered for adoption as a third integrity algorithm by European Telecommunication Standard Institute (ETSI) for 4th generation of GSM networks.128-EIA3 is vulnerable to birthday forgery attack. Birthday forgery attack requires minimum 2 known message-MAC pairs for finding collision in 128-EIA3. 128-EIA3 is susceptible to internal collision of its universal ...
متن کاملHow to Launch A Birthday Attack Against DES
We present a birthday attack against DES. It is entirely based on the relationship Li+1 = Ri and the simple key schedule in DES. It requires about 2 ciphertexts of the same R16, encrypted by the same key K. We conjecture it has a computational complexity of 2. Since the requirement for the birthday attack is more accessible than that for Differential cryptanalysis, Linear cryptanalysis or Davie...
متن کاملBounds on Birthday Attack Times
We analyze a generic birthday attack where distinct inputs to some function f are selected until two of the inputs map through f to the same output, meaning that the attack has succeeded. We give tight bounds on the probability of attack success after a given number of inputs are selected as well as tight bounds on the expected number of inputs that must be selected for the attack to succeed. T...
متن کاملMD5 Is Weaker Than Weak: Attacks on Concatenated Combiners
We consider a long standing problem in cryptanalysis: attacks on hash function combiners. In this paper, we propose the first attack that allows collision attacks on combiners with a runtime below the birthday-bound of the smaller compression function. This answers an open question by Joux posed in 2004. As a concrete example we give such an attack on combiners with the widely used hash functio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017