Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks
نویسندگان
چکیده
منابع مشابه
Generic Related-Key Attacks for HMAC
In this article we describe new generic distinguishing and forgery attacks in the related-key scenario (using only a single related-key) for the HMAC construction. When HMAC uses a k-bit key, outputs an n-bit MAC, and is instantiated with an l-bit inner iterative hash function processing m-bit message blocks where m = k, our distinguishing-R attack requires about 2 queries which improves over t...
متن کاملNew Generic Attacks against Hash-Based MACs
In this paper we study the security of hash-based MAC algorithms (such as HMAC and NMAC) above the birthday bound. Up to the birthday bound, HMAC and NMAC are proven to be secure under reasonable assumptions on the hash function. On the other hand, if an n-bit MAC is built from a hash function with a l-bit state (l ≥ n), there is a well-known existential forgery attack with complexity 2. Howeve...
متن کاملA Full Key Recovery Attack on HMAC-AURORA-512
In this note, we present a full key recovery attack on HMACAURORA-512 when 512-bit secret keys are used and the MAC length is 512-bit long. Our attack requires 2 queries and the off-line complexity is 2 AURORA-512 operations, which is significantly less than the complexity of the exhaustive search for a 512-bit key. The attack can be carried out with a negligible amount of memory. Our attack ca...
متن کاملDistinguishing Attacks on MAC/HMAC Based on A New Dedicated Compression Function Framework
A new distinguishing attack on HMAC and NMAC based on a dedicated compression function framework H, proposed in ChinaCrypt2008, is first presented in this paper, which distinguish the HMAC/NMACH from HMAC/NMAC with a random function. The attack needs 2 chosen messages and 2 queries, with a success rate of 0.873. Furthermore, according to distinguishing attack on SPMAC-H, a key recovery attack o...
متن کاملEquivalent Key Recovery Attack on H 2-MAC Instantiated with MD5
This paper presents the first equivalent key recovery attack on H2-MAC-MD5, which conduces to a selective forgery attack directly. H2-MAC is similar with HMAC except that the outer key is omitted. For HMAC-MD5, since the available differential paths are pseudocollisions, all the key recovery attacks are in the related-key setting, while our attack on H2MAC-MD5 gets rid of this restriction. Base...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEICE Transactions
دوره 99-A شماره
صفحات -
تاریخ انتشار 2016