Paper 2009/125

A Full Key Recovery Attack on HMAC-AURORA-512

Yu Sasaki

Abstract

In this note, we present a full key recovery attack on HMAC-AURORA-512 when 512-bit secret keys are used and the MAC length is 512-bit long. Our attack requires $2^{257}$ queries and the off-line complexity is $2^{259}$ AURORA-512 operations, which is significantly less than the complexity of the exhaustive search for a 512-bit key. The attack can be carried out with a negligible amount of memory. Our attack can also recover the inner-key of HMAC-AURORA-384 with almost the same complexity as in HMAC-AURORA-512. This attack does not recover the outer-key of HMAC-AURORA-384, but universal forgery is possible by combining the inner-key recovery and 2nd-preimage attacks. Our attack exploits some weaknesses in the mode of operation.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AURORADMMDHMACKey recovery attack
Contact author(s)
sasaki yu @ lab ntt co jp
History
2009-03-20: received
Short URL
https://ia.cr/2009/125
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/125,
      author = {Yu Sasaki},
      title = {A Full Key Recovery Attack on HMAC-AURORA-512},
      howpublished = {Cryptology ePrint Archive, Paper 2009/125},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/125}},
      url = {https://eprint.iacr.org/2009/125}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.