Paper 2015/075

Equivalent Key Recovery Attacks against HMAC and NMAC with Whirlpool Reduced to 7 Rounds

Jian Guo, Yu Sasaki, Lei Wang, Meiqin Wang, and Long Wen

Abstract

A main contribution of this paper is an improved analysis against HMAC instantiating with reduced Whirlpool. It recovers equivalent keys, which are often denoted as Kin and Kout, of HMAC with 7-round Whirlpool, while the previous best attack can work only for 6 rounds. Our approach is applying the meet-in-the-middle (MITM) attack on AES to recover MAC keys of Whirlpool. Several techniques are proposed to bypass different attack scenarios between a block cipher and a MAC, e.g., the chosen plaintext model of the MITM attacks on AES cannot be used for HMAC-Whirlpool. Besides, a larger state size and different key schedule designs of Whirlpool leave us a lot of room to study. As a result, equivalent keys of HMAC with 7-round Whirlpool are recovered with a complexity of (Data, Time, Memory) = (2^481.7, 2^482.3, 2^481).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in FSE 2014
Keywords
HMACNMACWhirlpooluniversal forgerykey recovery
Contact author(s)
ntu guo @ gmail com
History
2015-02-10: received
Short URL
https://ia.cr/2015/075
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/075,
      author = {Jian Guo and Yu Sasaki and Lei Wang and Meiqin Wang and Long Wen},
      title = {Equivalent Key Recovery Attacks against {HMAC} and {NMAC} with Whirlpool Reduced to 7 Rounds},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/075},
      year = {2015},
      url = {https://eprint.iacr.org/2015/075}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.