Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5 - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2007

Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5

Résumé

At Crypto ?06, Bellare presented new security proofs for HMAC and NMAC, under the assumption that the underlying compression function is a pseudo-random function family. Conversely, at Asiacrypt ?06, Contini and Yin used collision techniques to obtain forgery and partial key-recovery attacks on HMAC and NMAC instantiated with MD4, MD5, SHA-0 and reduced SHA-1. In this paper, we present the first full key-recovery attacks on NMAC and HMAC instantiated with a real-life hash function, namely MD4. Our main result is an attack on HMAC/NMAC-MD4 which recovers the full MAC secret key after roughly $2^88$ MAC queries and $2^95$ MD4 computations. We also extend the partial key-recovery Contini-Yin attack on NMAC-MD5 (in the related-key setting) to a full key-recovery attack. The attacks are based on generalizations of collision attacks to recover a secret IV, using new differential paths for MD4.
Fichier principal
Vignette du fichier
crypto07b.pdf (244.1 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

inria-00556690 , version 1 (17-01-2011)

Identifiants

Citer

Pierre-Alain Fouque, Gaëtan Leurent, Phong Q. Nguyen. Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5. Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, 2007, Santa Barbara, California, United States. pp.13-30, ⟨10.1007/978-3-540-74143-5_2⟩. ⟨inria-00556690⟩
158 Consultations
238 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More