Paper 2006/187

On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1

Jongsung Kim, Alex Biryukov, Bart Preneel, and Seokhie Hong

Abstract

HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMAC, called {\em differential} and {\em rectangle distinguishers}, and use them to discuss the security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We show how to distinguish HMAC with reduced or full versions of these cryptographic hash functions from a random function or from HMAC with a random function. We also show how to use our differential distinguisher to devise a forgery attack on HMAC. Our distinguishing and forgery attacks can also be mounted on NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Furthermore, we show that our differential and rectangle distinguishers can lead to second-preimage attacks on HMAC and NMAC.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. A shorted version of the paper will be published in the proceedings of SCN 2006.
Keywords
Message Authentication CodesHMACNMACdistinguishing and forgery attacks
Contact author(s)
Kim Jongsung @ esat kuleuven be
History
2006-06-19: received
Short URL
https://ia.cr/2006/187
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2006/187,
      author = {Jongsung Kim and Alex Biryukov and Bart Preneel and Seokhie Hong},
      title = {On the Security of {HMAC} and {NMAC} Based on {HAVAL}, {MD4}, {MD5}, {SHA}-0 and {SHA}-1},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/187},
      year = {2006},
      url = {https://eprint.iacr.org/2006/187}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.