Paper 2010/216

Distinguishing Attacks on MAC/HMAC Based on A New Dedicated Compression Function Framework

Zheng Yuan and Xiaoqiu Ren


A new distinguishing attack on HMAC and NMAC based on a dedicated compression function framework H, proposed in ChinaCrypt2008, is first presented in this paper, which distinguish the HMAC/NMAC-H from HMAC/NMAC with a random function. The attack needs 2^{17} chosen messages and 223 queries, with a success rate of 0.873. Furthermore, according to distinguishing attack on SPMAC-H, a key recovery attack on the SPMAC-H is present, which recover all 256-bit key with 2^{17)chosen messages, 2^{19} queries, and (t+1)x8 times decrypting algorithms.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
distinguishing attacksthe block-collisions propertya dedicated compression function frameworkHMACNMAC.
Contact author(s)
yuanzheng @ besti edu cn
zyuan @ mail tsinghua edu cn
2012-04-08: revised
2010-04-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Zheng Yuan and Xiaoqiu Ren},
      title = {Distinguishing Attacks on MAC/HMAC Based on A New Dedicated Compression Function Framework},
      howpublished = {Cryptology ePrint Archive, Paper 2010/216},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.