Cryptology ePrint Archive: Report 2015/149

Cryptanalysis of HMAC/NMAC-Whirlpool

Jian Guo and Yu Sasaki and Lei Wang and Shuang Wu

Abstract: In this paper, we present universal forgery and key recovery attacks on the most popular hash-based MAC constructions, e.g., HMAC and NMAC, instantiated with an AES-like hash function Whirlpool. These attacks work with Whirlpool reduced to 6 out of 10 rounds in single-key setting. To the best of our knowledge, this is the first result on ``original'' key recovery for HMAC (previous works only succeeded in recovering the equivalent keys). Interestingly, the number of attacked rounds is comparable with that for collision and preimage attacks on Whirlpool hash function itself. Lastly, we present a distinguishing-H attack against the full HMAC- and NMAC-Whirlpool.

Category / Keywords: secret-key cryptography / HMAC, NMAC, Whirlpool, key recovery, universal forgery

Original Publication (with minor differences): IACR-ASIACRYPT-2013

Date: received 23 Feb 2015

Contact author: ntu guo at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150227:212832 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]