You are looking at a specific version 20111209:204611 of this paper. See the latest version.

Paper 2011/649

On the Security of NMAC and Its Variants

Fanbao Liu and Changxiang Shen and Tao Xie and Dengguo Feng

Abstract

We first propose a general equivalent key recovery attack to a $H^2$-MAC variant NMAC$_1$, which is also provable secure, by applying a generalized birthday attack. Our result shows that NMAC$_1$, even instantiated with a secure Merkle-Damgård hash function, is not secure. We further show that this equivalent key recovery attack to NMAC$_1$ is also applicable to NMAC for recovering the equivalent inner key of NMAC, in a related key setting. We propose and analyze a series of NMAC variants with different secret approaches and key distributions, we find that a variant NMAC-E, with secret envelop approach, can withstand most of the known attacks in this paper. However, all variants including NMAC itself, are vulnerable to on-line birthday attack for verifiable forgery. Hence, the underlying cryptographic hash functions, based on Merkle-Damgård construction, should be re-evaluated seriously.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
NMACKeying Hash FunctionEquivalent Key RecoveryVerifiable ForgeryBirthday Attack.
Contact author(s)
liufanbao @ gmail com
History
2011-12-09: received
Short URL
https://ia.cr/2011/649
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.