The Exact PRF-Security of NMAC and HMAC

NMAC is a mode of operation which turns a fixed input-length keyed hash function f into a variable input-length function. A practical single-key variant of NMAC called HMAC is a very popular and widely deployed message authentication code (MAC). Security proofs and attacks for NMAC can typically be lifted to HMAC.

[1]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[2]  D. R. Heath-Brown,et al.  An Introduction to the Theory of Numbers, Sixth Edition , 2008 .

[3]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[4]  Mihir Bellare,et al.  Improved Security Analyses for CBC MACs , 2005, CRYPTO.

[5]  Alfred Menezes,et al.  Another look at HMAC , 2013, IACR Cryptol. ePrint Arch..

[6]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[7]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[8]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[9]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[10]  Noga Alon,et al.  Simple Construction of Almost k-wise Independent Random Variables , 1992, Random Struct. Algorithms.

[11]  E. Wright,et al.  An Introduction to the Theory of Numbers , 1939 .

[12]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[13]  Ueli Maurer,et al.  Computational Indistinguishability Amplification: Tight Product Theorems for System Composition , 2009, IACR Cryptol. ePrint Arch..

[14]  Stefano Tessaro,et al.  Security Amplification for the Cascade of Arbitrarily Weak PRPs: Tight Bounds via the Interactive Hardcore Lemma , 2011, TCC.

[15]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[16]  Ueli Maurer Conditional equivalence of random systems and indistinguishability proofs , 2013, 2013 IEEE International Symposium on Information Theory.

[17]  Krzysztof Pietrzak Composition Implies Adaptive Security in Minicrypt , 2006, EUROCRYPT.

[18]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[19]  Thomas Peyrin,et al.  Generic Related-Key Attacks for HMAC , 2012, ASIACRYPT.

[20]  Krzysztof Pietrzak Composition Does Not Imply Adaptive Security , 2005, CRYPTO.

[21]  Mihir Bellare,et al.  Constructing VIL-MACsfrom FIL-MACs: Message Authentication under Weakened Assumptions , 1999, CRYPTO.

[22]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[23]  Jongsung Kim,et al.  On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract) , 2006, SCN.

[24]  Yu Sasaki,et al.  Generic State-Recovery and Forgery Attacks on ChopMD-MAC and on NMAC/HMAC , 2013, IWSEC.

[25]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[26]  John P. Steinberger,et al.  To Hash or Not to Hash Again? (In)differentiability Results for H2 and HMAC , 2012, IACR Cryptol. ePrint Arch..

[27]  Thomas Peyrin,et al.  New Generic Attacks against Hash-Based MACs , 2013, ASIACRYPT.

[28]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2006, Journal of Cryptology.

[29]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[30]  Rafail Ostrovsky,et al.  Equivalence of Uniform Key Agreement and Composition Insecurity , 2010, CRYPTO.

[31]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[32]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[33]  Thomas Peyrin,et al.  Generic Universal Forgery Attack on Iterative Hash-Based MACs , 2014, EUROCRYPT.

[34]  Madhur Tulsiani,et al.  Time Space Tradeoffs for Attacks against One-Way Functions and PRGs , 2010, CRYPTO.

[35]  Noga Alon,et al.  Simple construction of almost k-wise independent random variables , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.