On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1

Jongsimg Kim; Alex Biryukov; Bart Preneel; Seokhie Hong

doi:10.1007/11832072_17

On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1

Jongsimg Kim, Alex Biryukov, Bart Preneel, Seokhie Hong

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

67 Citations (Scopus)

Abstract

HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMAC, called differential and rectangle distinguishers, and use them to discuss the security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We show how to distinguish HMAC with reduced or full versions of these cryptographic hash functions from a random function or from HMAC with a random function. We also show how to use our differential distinguisher to devise a forgery attack on HMAC. Our distinguishing and forgery attacks can also be mounted on NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1.

Original language	English
Title of host publication	Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings
Publisher	Springer Verlag
Pages	242-256
Number of pages	15
ISBN (Print)	3540380809, 9783540380801
DOIs	https://doi.org/10.1007/11832072_17
Publication status	Published - 2006
Event	5th International Conference on Security and Cryptography for Networks, SCN 2006 - Maiori, Italy Duration: 2006 Sept 6 → 2006 Sept 8

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4116 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	5th International Conference on Security and Cryptography for Networks, SCN 2006
Country/Territory	Italy
City	Maiori
Period	06/9/6 → 06/9/8

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11832072_17

Cite this

Kim, J., Biryukov, A., Preneel, B., & Hong, S. (2006). On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. In Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings (pp. 242-256). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4116 LNCS). Springer Verlag. https://doi.org/10.1007/11832072_17

On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. / Kim, Jongsimg; Biryukov, Alex; Preneel, Bart et al.
Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings. Springer Verlag, 2006. p. 242-256 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4116 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, J, Biryukov, A, Preneel, B & Hong, S 2006, On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. in Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4116 LNCS, Springer Verlag, pp. 242-256, 5th International Conference on Security and Cryptography for Networks, SCN 2006, Maiori, Italy, 06/9/6. https://doi.org/10.1007/11832072_17

Kim J, Biryukov A, Preneel B, Hong S. On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. In Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings. Springer Verlag. 2006. p. 242-256. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11832072_17

Kim, Jongsimg ; Biryukov, Alex ; Preneel, Bart et al. / On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings. Springer Verlag, 2006. pp. 242-256 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{afb632e0d9f14c40a6b9daa02d5be39b,

title = "On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1",

abstract = "HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMAC, called differential and rectangle distinguishers, and use them to discuss the security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We show how to distinguish HMAC with reduced or full versions of these cryptographic hash functions from a random function or from HMAC with a random function. We also show how to use our differential distinguisher to devise a forgery attack on HMAC. Our distinguishing and forgery attacks can also be mounted on NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1.",

author = "Jongsimg Kim and Alex Biryukov and Bart Preneel and Seokhie Hong",

year = "2006",

doi = "10.1007/11832072_17",

language = "English",

isbn = "3540380809",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "242--256",

booktitle = "Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings",

note = "5th International Conference on Security and Cryptography for Networks, SCN 2006 ; Conference date: 06-09-2006 Through 08-09-2006",

}

TY - GEN

T1 - On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1

AU - Kim, Jongsimg

AU - Biryukov, Alex

AU - Preneel, Bart

AU - Hong, Seokhie

PY - 2006

Y1 - 2006

N2 - HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMAC, called differential and rectangle distinguishers, and use them to discuss the security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We show how to distinguish HMAC with reduced or full versions of these cryptographic hash functions from a random function or from HMAC with a random function. We also show how to use our differential distinguisher to devise a forgery attack on HMAC. Our distinguishing and forgery attacks can also be mounted on NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1.

AB - HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMAC, called differential and rectangle distinguishers, and use them to discuss the security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We show how to distinguish HMAC with reduced or full versions of these cryptographic hash functions from a random function or from HMAC with a random function. We also show how to use our differential distinguisher to devise a forgery attack on HMAC. Our distinguishing and forgery attacks can also be mounted on NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1.

UR - http://www.scopus.com/inward/record.url?scp=33750029023&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750029023&partnerID=8YFLogxK

U2 - 10.1007/11832072_17

DO - 10.1007/11832072_17

M3 - Conference contribution

AN - SCOPUS:33750029023

SN - 3540380809

SN - 9783540380801

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 242

EP - 256

BT - Security and Cryptography for Networks - 5th International Conference, SCN 2006, Proceedings

PB - Springer Verlag

T2 - 5th International Conference on Security and Cryptography for Networks, SCN 2006

Y2 - 6 September 2006 through 8 September 2006

ER -

On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this