Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks
HMAC is the most widely used hash based MAC scheme. Recently, several generic attacks have been presented against HMAC with a complexity between 2n/2 and 2n, where n is the output size of an underlying hash function. In this paper, we investigate the security of strengthened HMAC instantiated with a...
Saved in:
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2016
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/82093 http://hdl.handle.net/10220/39787 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-82093 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-820932020-11-01T05:29:09Z Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks Sasaki, Yu Wang, Lei Lee Kong Chian School of Medicine (LKCMedicine) Internal state recovery Multi-collision HMAC Generic attack HMAC is the most widely used hash based MAC scheme. Recently, several generic attacks have been presented against HMAC with a complexity between 2n/2 and 2n, where n is the output size of an underlying hash function. In this paper, we investigate the security of strengthened HMAC instantiated with a Merkle-Damgård hash function in which the key is used to process underlying compression functions. With such a modification, the attacker is unable to precompute the property of the compression function offline, and thus previous generic attacks are prevented. In this paper, we show that keying the compression function in all blocks is necessary to prevent a generic internal state recovery attack with a complexity less than 2n. In other words, only with a single keyless compression function, the internal state is recovered faster than 2n. To validate the claim, we present a generic attack against the strengthened HMAC instantiated with a Merkle-Damgård hash function in which only one block is keyless, thus pre-computable offline. Our attack uses the previous generic attack by Naito et al. as a base. We improve it so that the attack can be applied only with a single keyless compression function while the attack complexity remains unchanged from the previous work. NRF (Natl Research Foundation, S’pore) Published version 2016-01-26T03:49:54Z 2019-12-06T14:46:25Z 2016-01-26T03:49:54Z 2019-12-06T14:46:25Z 2016 Journal Article Sasaki, Y., & Wang, L. (2016). Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E99.A (1), 22-30. https://hdl.handle.net/10356/82093 http://hdl.handle.net/10220/39787 10.1587/transfun.E99.A.22 en IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences © 2016 Institute of Electronics, Information and Communication Engineers. This paper was published in IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences and is made available as an electronic reprint (preprint) with permission of Institute of Electronics, Information and Communication Engineers. The published version is available at: [http://doi.org/10.1587/transfun.E99.A.22]. One print or electronic copy may be made for personal use only. Systematic or multiple reproduction, distribution to multiple locations via electronic or other means, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper is prohibited and is subject to penalties under law. 9 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Internal state recovery Multi-collision HMAC Generic attack |
| spellingShingle |
Internal state recovery Multi-collision HMAC Generic attack Sasaki, Yu Wang, Lei Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks |
| description |
HMAC is the most widely used hash based MAC scheme. Recently, several generic attacks have been presented against HMAC with a complexity between 2n/2 and 2n, where n is the output size of an underlying hash function. In this paper, we investigate the security of strengthened HMAC instantiated with a Merkle-Damgård hash function in which the key is used to process underlying compression functions. With such a modification, the attacker is unable to precompute the property of the compression function offline, and thus previous generic attacks are prevented. In this paper, we show that keying the compression function in all blocks is necessary to prevent a generic internal state recovery attack with a complexity less than 2n. In other words, only with a single keyless compression function, the internal state is recovered faster than 2n. To validate the claim, we present a generic attack against the strengthened HMAC instantiated with a Merkle-Damgård hash function in which only one block is keyless, thus pre-computable offline. Our attack uses the previous generic attack by Naito et al. as a base. We improve it so that the attack can be applied only with a single keyless compression function while the attack complexity remains unchanged from the previous work. |
| author2 |
Lee Kong Chian School of Medicine (LKCMedicine) |
| author_facet |
Lee Kong Chian School of Medicine (LKCMedicine) Sasaki, Yu Wang, Lei |
| format |
Article |
| author |
Sasaki, Yu Wang, Lei |
| author_sort |
Sasaki, Yu |
| title |
Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks |
| title_short |
Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks |
| title_full |
Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks |
| title_fullStr |
Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks |
| title_full_unstemmed |
Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks |
| title_sort |
generic internal state recovery on strengthened hmac: n-bit secure hmac requires key in all blocks |
| publishDate |
2016 |
| url |
https://hdl.handle.net/10356/82093 http://hdl.handle.net/10220/39787 |
| _version_ |
1683494336697729024 |