Improved Generic Attacks Against Hash-Based MACs and HAIFA
The security of HMAC (and more general hash-based MACs) against state-recovery and universal forgery attacks was shown to be suboptimal, following a series of results by Leurent et al. and Peyrin et al. These results have shown that such powerful attacks require significantly less than 2 ℓ computati...
Saved in:
Published in | Algorithmica Vol. 79; no. 4; pp. 1161 - 1195 |
---|---|
Main Authors | , |
Format | Journal Article |
Language | English |
Published |
New York
Springer US
01.12.2017
Springer Nature B.V Springer Verlag |
Series | Special Issue: Algorithmic Tools in Cryptography |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The security of HMAC (and more general hash-based MACs) against state-recovery and universal forgery attacks was shown to be suboptimal, following a series of results by Leurent et al. and Peyrin et al. These results have shown that such powerful attacks require significantly less than
2
ℓ
computations, contradicting the common belief (where
ℓ
denotes the internal state size). In this work, we revisit and extend these results, with a focus on concrete hash functions that limit the message length, and apply special iteration modes. We begin by devising the first state-recovery attack on HMAC with a HAIFA hash function (using a block counter in every compression function call), with complexity
2
4
ℓ
/
5
. Then, we describe improved tradeoffs between the message length and the complexity of a state-recovery attack on HMAC with a Merkle–Damgård hash function. Consequently, we obtain improved attacks on several HMAC constructions used in practice, in which the hash functions limits the maximal message length (e.g., SHA-1 and SHA-2). Finally, we present the first universal forgery attacks, which can be applied with short message queries to the
MAC
oracle. In particular, we devise the first universal forgery attacks applicable to SHA-1 and SHA-2. Despite their theoretical interest, our attacks do not seem to threaten the practical security of the analyzed concrete HMAC constructions. |
---|---|
ISSN: | 0178-4617 1432-0541 |
DOI: | 10.1007/s00453-016-0236-6 |