Skip to main content
SpringerLink
Log in

Equivalent Key Recovery Attack on H 2-MAC Instantiated with MD5

  • Conference paper
Information Security and Assurance (ISA 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 200))

Included in the following conference series:

  • 1073 Accesses

Abstract

This paper presents the first equivalent key recovery attack on H 2-MAC-MD5, which conduces to a selective forgery attack directly. H 2-MAC is similar with HMAC except that the outer key is omitted. For HMAC-MD5, since the available differential paths are pseudo-collisions, all the key recovery attacks are in the related-key setting, while our attack on H 2-MAC-MD5 gets rid of this restriction. Based on the distinguisher of HMAC-MD5 proposed by Wang et al., a pair of intermediate chaining variables, i.e., the equivalent keys \((\tilde{K},\tilde{K}')\), is detected which fulfils the specific conditions on (IV,IV′) of the pseudo-collision. Then the inner key recovery attack on HMAC-MD5 explored by Contini and Yin is adopted to recover \((\tilde{K},\tilde{K}')\). Consequently, the adversary can compute the valid MAC value of M 0 ∥ M * effortlessly, where M 0 is a fixed one-block message, and M * can be any bit string.

Supported by Research Fund for the Doctoral Program of Higher Education of China (Grant No. 20100131120015) and Independent Innovation Foundation of Shandong University (Grant No. 2010TS069).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  2. Bellare, M.: New Proofs for NMAC and HMAC: Security without Collision-Resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. den Boer, B., Bosselaers, A.: Collisions for the Compression Function of MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  6. Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  7. Contini, S., Yin, Y.L.: Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 13–30. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Kim, J., Biryukov, A., Preneel, B., Hong, S.: On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0, and SHA-1. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 242–256. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Preneel, B., van Oorschot, P.: MDx-MAC and Building Fast MACs from Hash Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)

    Google Scholar 

  11. Rechberger, C., Rijmen, V.: On Authentication with HMAC and Non-Random Properties. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 39–57. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. Rechberger, C., Rijmen, V.: New Results on NMAC/HMAC when Instantiated with Popular Hash Functions. Journal of Universal Computer Science 14(3), 347–376 (2008)

    MathSciNet  Google Scholar 

  13. Rivest, R.L.: The MD5 Message Digest Algorithm. Request for Comments (RFC 1321), Network Working Group (1992)

    Google Scholar 

  14. Tsudik, G.: Message Authentication with One-Way Hash Functions. ACM Comput. Commun. Rev. 22(5), 29–38 (1992)

    Article  Google Scholar 

  15. Wang, L., Ohta, K., Kunihiro, N.: New Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 237–253. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Wang, X.: What’s the Potential Danger Behind the Collisions of Hash Functions. In: ECRYPT Conference on Hash Functions, Krakow (2005), http://www.ecrypt.eu.org/stvl/hfw/

  17. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 121–133. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  20. Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. Yasuda, K.: HMAC without the ”Second” Key. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 443–458. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Yu, H., Wang, G., Zhang, G., Wang, X.: The Second-Preimage Attack on MD4. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 1–12. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  24. Yuval, G.: How to Swindle Rabin. Cryptologia 3, 187–190 (1979)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Shandong University, Jinan, 250101, China

    Wei Wang

  2. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, 250100, China

    Wei Wang

Authors
  1. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, 133 Ojeong-dong, Daeduk-gu, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  2. The Ohio State University, 470 Hitchcock Hall, 2070 Neil Avenue, 43210-1275, Columbus, OH, USA

    Hojjat Adeli

  3. Hannam University, 133 Ojeong-dong, Daeduk-gu, 306-791, Daejeon, Korea

    Rosslin John Robles

  4. Hannam University, 133 Ojeong-dong, Daeduk-gu, Daejeon, Korea

    Maricel Balitanas

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, W. (2011). Equivalent Key Recovery Attack on H 2-MAC Instantiated with MD5. In: Kim, Th., Adeli, H., Robles, R.J., Balitanas, M. (eds) Information Security and Assurance. ISA 2011. Communications in Computer and Information Science, vol 200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23141-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23141-4_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23140-7

  • Online ISBN: 978-3-642-23141-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation