Distinguishing Attack on the Secret-Prefix MAC Based on the 39-Step SHA-256
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Distinguishing and Second-Preimage Attacks on CBC-Like MACs
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Distinguishing attack on secret prefix MAC instantiated with reduced SHA-1
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Distinguishing attacks on LPMAC based on the full RIPEMD and reduced-step RIPEMD-{256, 320}
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Practical key recovery attack against secret-IV EDON-R
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Cryptanalyses on a merkle-damgård based MAC -- almost universal forgery and distinguishing-h attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
This paper presents a new distinguisher which can be applied to secret-prefix MACs with the message length prepended to the message before hashing. The new distinguisher makes use of a special truncated differential path with high probability to distinguish an inner near-collision in the first round. Once the inner near-collision is detected, we can recognize an instantiated MAC from a MAC with a random function. The complexity for distinguishing the MAC with 43-step reduced SHA-1 is 2124.5 queries. For the MAC with 61-step SHA-1, the complexity is 2154.5 queries. The success probability is 0.70 for both.