Paper 2015/075

Equivalent Key Recovery Attacks against HMAC and NMAC with Whirlpool Reduced to 7 Rounds

Jian Guo, Yu Sasaki, Lei Wang, Meiqin Wang, and Long Wen


A main contribution of this paper is an improved analysis against HMAC instantiating with reduced Whirlpool. It recovers equivalent keys, which are often denoted as Kin and Kout, of HMAC with 7-round Whirlpool, while the previous best attack can work only for 6 rounds. Our approach is applying the meet-in-the-middle (MITM) attack on AES to recover MAC keys of Whirlpool. Several techniques are proposed to bypass different attack scenarios between a block cipher and a MAC, e.g., the chosen plaintext model of the MITM attacks on AES cannot be used for HMAC-Whirlpool. Besides, a larger state size and different key schedule designs of Whirlpool leave us a lot of room to study. As a result, equivalent keys of HMAC with 7-round Whirlpool are recovered with a complexity of (Data, Time, Memory) = (2^481.7, 2^482.3, 2^481).

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in FSE 2014
HMACNMACWhirlpooluniversal forgerykey recovery
Contact author(s)
ntu guo @ gmail com
2015-02-10: received
Short URL
Creative Commons Attribution


      author = {Jian Guo and Yu Sasaki and Lei Wang and Meiqin Wang and Long Wen},
      title = {Equivalent Key Recovery Attacks against {HMAC} and {NMAC} with Whirlpool Reduced to 7 Rounds},
      howpublished = {Cryptology ePrint Archive, Paper 2015/075},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.