Cryptology ePrint Archive: Report 2015/075

Equivalent Key Recovery Attacks against HMAC and NMAC with Whirlpool Reduced to 7 Rounds

Jian Guo and Yu Sasaki and Lei Wang and Meiqin Wang and Long Wen

Abstract: A main contribution of this paper is an improved analysis against HMAC instantiating with reduced Whirlpool. It recovers equivalent keys, which are often denoted as Kin and Kout, of HMAC with 7-round Whirlpool, while the previous best attack can work only for 6 rounds. Our approach is applying the meet-in-the-middle (MITM) attack on AES to recover MAC keys of Whirlpool. Several techniques are proposed to bypass different attack scenarios between a block cipher and a MAC, e.g., the chosen plaintext model of the MITM attacks on AES cannot be used for HMAC-Whirlpool. Besides, a larger state size and different key schedule designs of Whirlpool leave us a lot of room to study. As a result, equivalent keys of HMAC with 7-round Whirlpool are recovered with a complexity of (Data, Time, Memory) = (2^481.7, 2^482.3, 2^481).

Category / Keywords: secret-key cryptography / HMAC, NMAC, Whirlpool, universal forgery, key recovery

Original Publication (in the same form): IACR-FSE-2014

Date: received 2 Feb 2015

Contact author: ntu guo at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150210:203522 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]