An Update on the Side Channel Cryptanalysis of MACs Based on Cryptographic Hash Functions

  • Praveen Gauravaram
  • Katsuyuki Okeya
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)


Okeya has established that HMAC/NMAC implementations based on only Matyas-Meyer-Oseas (MMO) PGV scheme and his two refined PGV schemes are secure against side channel DPA attacks when the block cipher in these constructions is secure against these attacks. The significant result of Okeya’s analysis is that the implementations of HMAC/NMAC with the Davies-Meyer (DM) compression function based hash functions such as SHA-1 are vulnerable to DPA attacks. In this paper, first we show a partial key recovery attack on NMAC/HMAC based on Okeya’s two refined PGV schemes by taking practical constraints into consideration. Next, we propose new hybrid NMAC/HMAC schemes for security against side channel attacks assuming that their underlying block cipher is ideal. We show a hybrid NMAC/HMAC proposal which can be instantiated with DM and a slight variant to it allowing NMAC/HMAC to use hash functions such as SHA-1. We then show that M-NMAC, MDx-MAC and a variant of the envelope MAC scheme based on DM with an ideal block cipher are secure against DPA attacks.


Side channel attacks DPA HMAC M-NMAC MDx-MAC 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Praveen Gauravaram
    • 1
  • Katsuyuki Okeya
    • 2
  1. 1.Department of Mathematics, Technical University of DenmarkDenmark
  2. 2.Hitachi, Ltd., Systems Development LaboratoryJapan

Personalised recommendations