An Update on the Side Channel Cryptanalysis of MACs Based on Cryptographic Hash Functions

Okeya has established that HMAC/NMAC implementations based on only Matyas-Meyer-Oseas (MMO) PGV scheme and his two refined PGV schemes are secure against side channel DPA attacks when the block cipher in these constructions is secure against these attacks. The significant result of Okeya's analysis is that the implementations of HMAC/NMAC with the Davies-Meyer (DM) compression function based hash functions such as SHA-1 are vulnerable to DPA attacks. In this paper, first we show a partial key recovery attack on NMAC/HMAC based on Okeya's two refined PGV schemes by taking practical constraints into consideration. Next, we propose new hybrid NMAC/HMAC schemes for security against side channel attacks assuming that their underlying block cipher is ideal. We show a hybrid NMAC/HMAC proposal which can be instantiated with DM and a slight variant to it allowing NMAC/HMAC to use hash functions such as SHA-1. We then show that M-NMAC, MDx-MAC and a variant of the envelope MAC scheme based on DM with an ideal block cipher are secure against DPA attacks.

[1]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[2]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[3]  Gene Tsudik,et al.  Message authentication with one-way hash functions , 1992, [Proceedings] IEEE INFOCOM '92: The Conference on Computer Communications.

[4]  Bart Preneel,et al.  MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[5]  Ilya Mironov,et al.  Hash functions: Theory, attacks, and applications , 2005 .

[6]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[7]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[8]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[9]  Bruce Schneier One-way hash functions , 1991 .

[10]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[11]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[12]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[13]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[14]  Xuejia Lai,et al.  Hash Function Based on Block Ciphers , 1992, EUROCRYPT.

[15]  Katsuyuki Okeya Side Channel Attacks Against HMACs Based on Block-Cipher Based Hash Functions , 2006, ACISP.

[16]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[17]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[18]  Bart Preneel,et al.  On the Security of Iterated Message Authentication Codes , 1999, IEEE Trans. Inf. Theory.

[19]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[20]  Shoichi Hirose,et al.  An Update on the Analysis and Design of NMAC and HMAC Functions , 2008, Int. J. Netw. Secur..

[21]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[22]  Bart Preneel,et al.  On the Security of Two MAC Algorithms , 1996, EUROCRYPT.

[23]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[24]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[25]  Praveen Gauravaram,et al.  Cryptographic hash functions : cryptanalysis, design and applications , 2007 .