Cryptology ePrint Archive: Report 2009/125

A Full Key Recovery Attack on HMAC-AURORA-512

Yu Sasaki

Abstract: In this note, we present a full key recovery attack on HMAC-AURORA-512 when 512-bit secret keys are used and the MAC length is 512-bit long. Our attack requires $2^{257}$ queries and the off-line complexity is $2^{259}$ AURORA-512 operations, which is significantly less than the complexity of the exhaustive search for a 512-bit key. The attack can be carried out with a negligible amount of memory. Our attack can also recover the inner-key of HMAC-AURORA-384 with almost the same complexity as in HMAC-AURORA-512. This attack does not recover the outer-key of HMAC-AURORA-384, but universal forgery is possible by combining the inner-key recovery and 2nd-preimage attacks. Our attack exploits some weaknesses in the mode of operation.

Category / Keywords: secret-key cryptography / AURORA, DMMD, HMAC, Key recovery attack

Date: received 16 Mar 2009

Contact author: sasaki yu at lab ntt co jp

Available format(s): PDF | BibTeX Citation

Version: 20090320:140026 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]