On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract)

  • Jongsung Kim
  • Alex Biryukov
  • Bart Preneel
  • Seokhie Hong
Conference paper

DOI: 10.1007/11832072_17

Volume 4116 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Kim J., Biryukov A., Preneel B., Hong S. (2006) On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract). In: De Prisco R., Yung M. (eds) Security and Cryptography for Networks. SCN 2006. Lecture Notes in Computer Science, vol 4116. Springer, Berlin, Heidelberg

Abstract

HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMAC, called differential and rectangle distinguishers, and use them to discuss the security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We show how to distinguish HMAC with reduced or full versions of these cryptographic hash functions from a random function or from HMAC with a random function. We also show how to use our differential distinguisher to devise a forgery attack on HMAC. Our distinguishing and forgery attacks can also be mounted on NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jongsung Kim
    • 1
  • Alex Biryukov
    • 2
  • Bart Preneel
    • 1
  • Seokhie Hong
    • 3
  1. 1.ESAT/SCD-COSICKatholieke Universiteit LeuvenLeuven-HeverleeBelgium
  2. 2.FDEF, Campus LimpertsbergUniversity of LuxembourgLuxembourg
  3. 3.Center for Information Security Technologies(CIST)Korea UniversitySeoulKorea