Cryptanalysis of HMAC/NMAC-Whirlpool

  • Jian Guo
  • Yu Sasaki
  • Lei Wang
  • Shuang Wu
Conference paper

DOI: 10.1007/978-3-642-42045-0_2

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8270)
Cite this paper as:
Guo J., Sasaki Y., Wang L., Wu S. (2013) Cryptanalysis of HMAC/NMAC-Whirlpool. In: Sako K., Sarkar P. (eds) Advances in Cryptology - ASIACRYPT 2013. ASIACRYPT 2013. Lecture Notes in Computer Science, vol 8270. Springer, Berlin, Heidelberg

Abstract

In this paper, we present universal forgery and key recovery attacks on the most popular hash-based MAC constructions, e.g., HMAC and NMAC, instantiated with an AES-like hash function Whirlpool. These attacks work with Whirlpool reduced to 6 out of 10 rounds in single-key setting. To the best of our knowledge, this is the first result on “original” key recovery for HMAC (previous works only succeeded in recovering the equivalent keys). Interestingly, the number of attacked rounds is comparable with that for collision and preimage attacks on Whirlpool hash function itself. Lastly, we present a distinguishing-H attack against the full HMAC- and NMAC-Whirlpool.

Keywords

HMAC NMAC Whirlpool key recovery universal forgery 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jian Guo
    • 1
  • Yu Sasaki
    • 2
  • Lei Wang
    • 1
  • Shuang Wu
    • 1
  1. 1.Nanyang Technological UniversitySingapore
  2. 2.NTT Secure Platform LaboratoriesJapan

Personalised recommendations