2014 | OriginalPaper | Buchkapitel
Improved Generic Attacks against Hash-Based MACs and HAIFA
verfasst von : Itai Dinur, Gaëtan Leurent
Erschienen in: Advances in Cryptology – CRYPTO 2014
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
The security of HMAC (and more general hash-based MACs) against state-recovery and universal forgery attacks was very recently shown to be suboptimal, following a series of surprising results by Leurent
et al.
and Peyrin
et al.
. These results have shown that such powerful attacks require much less than 2
ℓ
computations, contradicting the common belief (where ℓ denotes the internal state size). In this work, we revisit and extend these results, with a focus on properties of concrete hash functions such as a limited message length, and special iteration modes.
We begin by devising the first state-recovery attack on HMAC with a HAIFA hash function (using a block counter in every compression function call), with complexity 2
4ℓ/5
. Then, we describe improved trade-offs between the message length and the complexity of a state-recovery attack on HMAC. Consequently, we obtain improved attacks on several HMAC constructions used in practice, in which the hash functions limit the maximal message length (e.g.,
SHA-1
and
SHA-2
). Finally, we present the first universal forgery attacks, which can be applied with short message queries to the
MAC
oracle. In particular, we devise the first universal forgery attacks applicable to
SHA-1
and
SHA-2
.