Improved Generic Attacks Against Hash-based MACs and HAIFA

Itai Dinur 1, 2 Gaëtan Leurent 3
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : The security of HMAC (and more general hash-based MACs) against state-recovery and universal forgery attacks was very recently shown to be suboptimal, following a series of surprising results by Leurent \emph{et al.} and Peyrin \emph{et al.}. These results have shown that such powerful attacks require much less than $2^{\ell}$ computations, contradicting the common belief (where $\ell$ denotes the internal state size). In this work, we revisit and extend these results, with a focus on properties of concrete hash functions such as a limited message length, and special iteration modes. We begin by devising the first state-recovery attack on HMAC with a HAIFA hash function (using a block counter in every compression function call), with complexity $2^{4\ell/5}$. Then, we describe improved trade-offs between the message length and the complexity of a state-recovery attack on HMAC. Consequently, we obtain improved attacks on several HMAC constructions used in practice, in which the hash functions limit the maximal message length (e.g., SHA-1 and SHA-2). Finally, we present the first universal forgery attacks, which can be applied with short message queries to the \mac oracle. In particular, we devise the first universal forgery attacks applicable to SHA-1 and SHA-2.
Document type :
Conference papers
Complete list of metadatas
Contributor : Itai Dinur <>
Submitted on : Saturday, November 22, 2014 - 11:11:18 PM
Last modification on : Wednesday, January 30, 2019 - 11:07:32 AM

Links full text




Itai Dinur, Gaëtan Leurent. Improved Generic Attacks Against Hash-based MACs and HAIFA. Advances in Cryptology - CRYPTO 2014, Aug 2014, Santa Barbara, CA, United States. ⟨10.1007/978-3-662-44371-2_9⟩. ⟨hal-01086177⟩



Record views