In this paper we study the security of hash-based MAC algorithms (such as HMAC and NMAC) above the birthday bound. Up to the birthday bound, HMAC and NMAC are proven to be secure under reasonable assumptions on the hash function. On the other hand, if an n-bit MAC is built from a hash function with a l-bit state (l ≥ n), there is a well-known existential forgery attack with complexity 2l/2. However, the remaining security after 2l/2 computations is not well understood. In particular it is widely assumed that if the underlying hash function is sound, then a generic universal forgery attack should require 2 n computations and some distinguishing (e.g. distinguishing-H but not distinguishing-R) and state-recovery attacks should also require 2l computations (or 2k if k
CITATION STYLE
Leurent, G., Peyrin, T., & Wang, L. (2013). New generic attacks against hash-based MACs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8270 LNCS, pp. 1–20). https://doi.org/10.1007/978-3-642-42045-0_1
Mendeley helps you to discover research relevant for your work.