We prove a security theorem without collision-resistance for a class of 1-key hash-function-based MAC schemes that includes HMAC and Envelope MAC. The proof has some advantages over earlier proofs: it is in the uniform model, it uses a weaker related-key assumption, and it covers a broad class of MACs in a single theorem. However, we also explain why our theorem is of doubtful value in assessin...

In this paper, we present universal forgery and key recovery attacks on the most popular hash-based MAC constructions, e.g., HMAC and NMAC, instantiated with an AES-like hash function Whirlpool. These attacks work with Whirlpool reduced to 6 out of 10 rounds in single-key setting. To the best of our knowledge, this is the first result on “original” key recovery for HMAC (previous works only suc...

This paper introduces an area-optimized and power-efficient implementation of the Cipher Block Chaining (CBC) mode for ultra-lightweight block cipher, PRESENT, Keyed-Hash Message Authentication Code (HMAC)-expanded PHOTON by using a feedback path single in scheme. The proposed scheme is designed, taped out, integrated as System-on-a-Chip (SoC) 65-nm CMOS process. An experimental analysis compar...

Rutting of asphalt pavement occurs earlier and is more serious under the increasingly heavy traffic load conditions that can be found in subtropical monsoon climate regions. High modulus concrete (HMAC) with excellent anti-rutting anti-fatigue properties generally used to mitigate this issue. Given relatively high cost additives type asphalt, study feasibility using recycled mixture (RAP) Trini...

In spite of the central role of key derivation functions (KDF) in applied cryptography, there has been little formal work addressing the design and analysis of general multi-purpose KDFs. In practice, most KDFs (including those widely standardized) follow ad-hoc approaches that treat cryptographic hash functions as perfectly random functions. In this paper we close some gaps between theory and ...

We show that the second iterate H(M) = H(H(M)) of a random oracle H cannot achieve strong security in the sense of indifferentiability from a random oracle. We do so by proving that indifferentiability for H holds only with poor concrete security by providing a lower bound (via an attack) and a matching upper bound (via a proof requiring new techniques) on the complexity of any successful simul...

This document describes a keyed-MD5 transform to be used in conjunction with the IP Authentication Header [RFC-1826]. The particular transform is based on [HMAC-MD5]. An option is also specified to guard against replay attacks.

This document describes a cryptographic authentication mechanism for Babel routing protocol, updating, but not superceding RFC 6126. The mechanism allocates two new TLV types for the authentication data, uses HMAC and is both optional and backward compatible.

We show that the second iterate H(M) = H(H(M)) of a random oracle H cannot achieve strong security in the sense of indifferentiability from a random oracle. We do so by proving that indifferentiability for H holds only with poor concrete security by providing a lower bound (via an attack) and a matching upper bound (via a proof requiring new techniques) on the complexity of any successful simul...

In this paper, we investigate the issues in the analysis and design of provably secure message authentication codes (MACs) Nested MAC (NMAC) and Hash based MAC (HMAC) proposed by Bellare, Canetti and Krawczyk. First, we provide security analysis of NMAC using weaker assumptions than stated in its proof of security. This analysis shows that, theoretically, one cannot further weaken the assumptio...