International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1

Authors:
Jongsung Kim
Alex Biryukov
Bart Preneel
Seokhie Hong
Download:
URL: http://eprint.iacr.org/2006/187
Search ePrint
Search Google
Abstract: HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMAC, called {\em differential} and {\em rectangle distinguishers}, and use them to discuss the security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We show how to distinguish HMAC with reduced or full versions of these cryptographic hash functions from a random function or from HMAC with a random function. We also show how to use our differential distinguisher to devise a forgery attack on HMAC. Our distinguishing and forgery attacks can also be mounted on NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Furthermore, we show that our differential and rectangle distinguishers can lead to second-preimage attacks on HMAC and NMAC.
BibTeX
@misc{eprint-2006-21680,
  title={On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / Message Authentication Codes, HMAC, NMAC, distinguishing and forgery attacks},
  url={http://eprint.iacr.org/2006/187},
  note={A shorted version of the paper will be published in the proceedings of SCN 2006. Kim.Jongsung@esat.kuleuven.be 13311 received 12 Jun 2006},
  author={Jongsung Kim and Alex Biryukov and Bart Preneel and Seokhie Hong},
  year=2006
}