Filters








41 Hits in 3.3 sec

On the Security of NMAC and Its Variants

Fanbao Liu, Changxiang Shen, Tao Xie, Dengguo Feng
2013 TELKOMNIKA (Telecommunication Computing Electronics and Control)  
We propose some key recovery attacks to these NMAC variants, for example, we can recover the equivalent inner key of NMAC in about O(2 n/2 ) MAC operations, in a related key setting.  ...  Kata kunci: NMAC, keying hash function, equivalent key recovery, MAC forgery, birthday attack Abstract Based on the three earlier MAC (Message Authentication Code) construction approaches, we propose and  ...  The overall strategy of the equivalent inner key recovery attack to NMAC is shown as follows.  ... 
doi:10.12928/telkomnika.v11i2.940 fatcat:xffovuhpxfdqtgbpa7vft6744u

On Authentication with HMAC and Non-random Properties [chapter]

Christian Rechberger, Vincent Rijmen
2007 Lecture Notes in Computer Science  
Other examples are distinguishing, forgery and partial or full key recovery attacks on NMAC/HMAC-SHA-1 with a reduced number of steps (up to 61 out of 80).  ...  Among the examples of the proposed method, the first theoretical full key recovery attack on NMAC-MD5 is presented.  ...  Acknowledgements We would like to thank Christophe De Cannière, Florian Mendel, Lars R. Knudsen, Hugo Krawczyk, and Norbert Pramstaller for helpful discussions.  ... 
doi:10.1007/978-3-540-77366-5_13 fatcat:mgnnm24a5fhh3aphylwyw56uae

Cryptanalysis of HMAC/NMAC-Whirlpool [chapter]

Jian Guo, Yu Sasaki, Lei Wang, Shuang Wu
2013 Lecture Notes in Computer Science  
To the best of our knowledge, this is the first result on "original" key recovery for HMAC (previous works only succeeded in recovering the equivalent keys).  ...  These attacks work with Whirlpool reduced to 6 out of 10 rounds in single-key setting.  ...  This research was initially started from a discussion at the second Asian Workshop on Symmetric Key Cryptography (ASK 2012). We would like to thank the organizers of ASK12.  ... 
doi:10.1007/978-3-642-42045-0_2 fatcat:hpkhatgszbhh7lllwwfcfqj5my

Updates on Generic Attacks against HMAC and NMAC [chapter]

Jian Guo, Thomas Peyrin, Yu Sasaki, Lei Wang
2014 Lecture Notes in Computer Science  
Finally, we describe the very first time-memory tradeoff for key recovery attack on HMAC.  ...  We note that key recovery and forgeries are arguably the most important as they have the greatest impact in practice. We provide below definitions of the attacks which are related to this paper.  ...  The authors would like to thank the anonymous referees for their helpful comments, especially for suggesting the conversion from the previous distinguishing-H attack into the selective forgery attack.  ... 
doi:10.1007/978-3-662-44371-2_8 fatcat:lbls3bfmazgbfly3iplokjld24

Equivalent Key Recovery Attacks Against HMAC and NMAC with Whirlpool Reduced to 7 Rounds [chapter]

Jian Guo, Yu Sasaki, Lei Wang, Meiqin Wang, Long Wen
2015 Lecture Notes in Computer Science  
Our approach is applying the meet-in-the-middle (MITM) attack on AES to recover MAC keys of Whirlpool.  ...  It recovers equivalent keys, which are often denoted as Kin and Kout, of HMAC with 7-round Whirlpool, while the previous best attack can work only for 6 rounds.  ...  Acknowledgement We would like to thank the organizers, Meiqin Wang and Hongbo Yu, of ASK 2013 workshop http:// www.infosec.sdu.edu.cn/ask2013/ in China, without which the collaboration in this work could  ... 
doi:10.1007/978-3-662-46706-0_29 fatcat:gfkdrtl3erd4vkhx366nbo37xa

Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC [chapter]

Xiaoyun Wang, Hongbo Yu, Wei Wang, Haina Zhang, Tao Zhan
2009 Lecture Notes in Computer Science  
Furthermore, we give distinguishing and partial key recovery attacks on MDx-MAC based on MD5.  ...  In this paper, we present the first distinguishing attack on HMAC and NMAC based on MD5 without related keys, which distinguishes the HMAC/NMAC-MD5 from HMAC/NMAC with a random function.  ...  We also hope to thank Guangwu Xu for revising the paper during his stay in Tsinghua University.  ... 
doi:10.1007/978-3-642-01001-9_7 fatcat:oo43nyxurfag7aexq54gt6cw7m

Quantum Security of NMAC and Related Constructions [chapter]

Fang Song, Aaram Yun
2017 Lecture Notes in Computer Science  
We first show that a quantumsecure PRF is secure against key-recovery attacks, and remains secure under random leakage of the key.  ...  This enables a hybrid argument to prove the security of NMAC. Security proofs for other constructions follow similarly.  ...  We would like to thank the anonymous reviewers of Crypto 2017 for many helpful comments.  ... 
doi:10.1007/978-3-319-63715-0_10 fatcat:ibvg5gd6tjec3okyd6wtbkfpsa

Practical Electromagnetic Template Attack on HMAC [chapter]

Pierre-Alain Fouque, Gaëtan Leurent, Denis Réal, Frédéric Valette
2009 Lecture Notes in Computer Science  
After a profiling phase in which the adversary has access to a device and can configure it, the attack recovers the secret key by monitoring a single execution of HMAC-SHA-1.  ...  The secret key can be recovered using a "template attack" with a computation of about 2 32 3 κ compression functions, where κ is the number of 32-bit words of the key.  ...  Any key-recovery attack against NMAC can be used to recover an equivalent inner key H(k ⊕ ipad) and an equivalent outer key H(k ⊕ opad) in HMAC.  ... 
doi:10.1007/978-3-642-04138-9_6 fatcat:stnfyp3xpre5bc6kzwsxb5n2za

Generic Related-Key Attacks for HMAC [chapter]

Thomas Peyrin, Yu Sasaki, Lei Wang
2012 Lecture Notes in Computer Science  
The issue in the HMAC construction (not present in the NMAC construction) comes from the non-independence of the two inner hash layers and we provide a simple patch in order to avoid this generic attack  ...  We also present generic related-key distinguishing-H, internal state recovery and forgery attacks. Our method is new and elegant, and uses a simple cyclesize detection criterion.  ...  Conclusion In this article we introduced a new type of distinguishing-R, distinguishing-H, internal state recovery and forgery attacks for HMAC in the related-key setting.  ... 
doi:10.1007/978-3-642-34961-4_35 fatcat:am5tn4eonfb55jv5w5qmlwt3cm

New Generic Attacks against Hash-Based MACs [chapter]

Gaëtan Leurent, Thomas Peyrin, Lei Wang
2013 Lecture Notes in Computer Science  
However, our attacks works in the single-key model for both HMAC and NMAC, and without restriction on the key size.  ...  We use techniques similar to the cycle-detection technique proposed by Peyrin et al. at Asiacrypt 2012 to attack HMAC in the related-key model.  ...  The authors would like to thank the anonymous referees for their helpful comments. Gaëtan Leurent is supported by the ERC project CRASH.  ... 
doi:10.1007/978-3-642-42045-0_1 fatcat:c6clm5ixlnesderf7amymb4uxm

Generic Security of NMAC and HMAC with Input Whitening [chapter]

Peter Gaži, Krzysztof Pietrzak, Stefano Tessaro
2015 Lecture Notes in Computer Science  
The complexity of such a generic attack is then expressed in the number of key-dependent queries to the construction (denoted q C ) as well as the number of queries to the underlying compression function  ...  Their result 4 can be interpreted as giving tight bounds on the PRF security of NMAC against an attacker making q C key-dependent construction queries (of length at most < 2 c/3 b-bit blocks) but no queries  ...  The main contribution of this paper is the introduction and analysis of a variant of NMAC (which we then adapt to the HMAC setting, as described below) which uses additional key material to "whiten" Acknowledgments  ... 
doi:10.1007/978-3-662-48800-3_4 fatcat:ov4eskzgsvbupftzfo2k37vbsq

New Distinguishing Attack on MAC Using Secret-Prefix Method [chapter]

Xiaoyun Wang, Wei Wang, Keting Jia, Meiqin Wang
2009 Lecture Notes in Computer Science  
The new distinguisher makes use of a special truncated differential path with high probability to distinguish an inner near-collision in the first round.  ...  This paper presents a new distinguisher which can be applied to secret-prefix MACs with the message length prepended to the message before hashing.  ...  We would like to thank Christian Rechberger and three reviewers for their very helpful comments on the paper.  ... 
doi:10.1007/978-3-642-03317-9_22 fatcat:zu7xgbjferfktcc4awfjqrsdti

Keying Hash Functions for Message Authentication [chapter]

Mihir Bellare, Ran Canetti, Hugo Krawczyk
1996 Lecture Notes in Computer Science  
Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.  ...  Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis.  ...  Notice that these attacks produce forgery of the MAC function but not key recovery.  ... 
doi:10.1007/3-540-68697-5_1 fatcat:e2o6vgnr3vftrgjjukmogfx54q

The Exact PRF-Security of NMAC and HMAC [chapter]

Peter Gaži, Krzysztof Pietrzak, Michal Rybár
2014 Lecture Notes in Computer Science  
A practical single-key variant of NMAC called HMAC is a very popular and widely deployed message authentication code (MAC). Security proofs and attacks for NMAC can typically be lifted to HMAC.  ...  NMAC is a mode of operation which turns a fixed input-length keyed hash function f into a variable input-length function.  ...  Hellman's result for example implies that there almost certainly exist key-recovery attacks against AES with a k bit key (k being 128, 192 or 256) which succeed with probability at least 1/2 and run in  ... 
doi:10.1007/978-3-662-44371-2_7 fatcat:73lqg3xzgnbdbk4oyf5x5c7yeu

Generic Universal Forgery Attack on Iterative Hash-Based MACs [chapter]

Thomas Peyrin, Lei Wang
2014 Lecture Notes in Computer Science  
In this article, we study the security of iterative hash-based MACs, such as HMAC or NMAC, with regards to universal forgery attacks.  ...  Leveraging recent advances in the analysis of functional graphs built from the iteration of HMAC or NMAC, we exhibit the very first generic universal forgery attack against hash-based MACs.  ...  The keyed hash functions H Kin and H Kout are referred to as the inner and the outer hash functions respectively. HMAC algorithm [2] is a single-key variant of NMAC, depicted in Figure 1 .  ... 
doi:10.1007/978-3-642-55220-5_9 fatcat:6chqh5qh4bagtnsmvgijmdrpi4
« Previous Showing results 1 — 15 out of 41 results