论文信息 - Note on Distinguishing , Forgery , and Second Preimage Attacks on HMAC-SHA-1 and a Method to Reduce the Key Entropy of NMAC

Note on Distinguishing , Forgery , and Second Preimage Attacks on HMAC-SHA-1 and a Method to Reduce the Key Entropy of NMAC

The first distinguishing, forgery and second preimage attacks on step-reduced HMAC-SHA-1 have recently been presented by Kim et al. In this note we report on ongoing work to improve their data complexity and present new attacks on HMAC-SHA-1 covering more steps. Additionally, we show how a collision-based technique can be used to reduce the key entropy of NMAC-SHA-1. Finally we comment on the applicability of the used techniques for analyzing a recent randomized hashing proposal. We expect the improvements as well as the new key entropy reduction technique to be applicable to HMAC and NMAC instantiated with other hash functions of the MD4 family as well.

Vincent Rijmen | Christian Rechberger

[1] Antoine Joux,et al. Differential Collisions in SHA-0 , 1998, CRYPTO.

[2] Jongsung Kim,et al. On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract) , 2006, SCN.

[3] Vincent Rijmen,et al. The Impact of Carries on the Complexity of Collision Attacks on SHA-1 , 2006, FSE.

[4] Hugo Krawczyk,et al. Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[5] Hugo Krawczyk,et al. Strengthening Digital Signatures Via Randomized Hashing , 2006, CRYPTO.