Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
MDx-MAC and Building Fast MACs from Hash Functions
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
On authentication with HMAC and non-random properties
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
The second-preimage attack on MD4
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
New proofs for NMAC and HMAC: security without collision-resistance
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
On the security of iterated message authentication codes
IEEE Transactions on Information Theory
Message freedom in MD4 and MD5 collisions: application to APOP
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Second Preimage Attack on 3-Pass HAVAL and Partial Key-Recovery Attacks on HMAC/NMAC-3-Pass HAVAL
Fast Software Encryption
Side Channel Analysis of Some Hash Based MACs: A Response to SHA-3 Requirements
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Disappearing Cryptography: Information Hiding: Steganography & Watermarking
Disappearing Cryptography: Information Hiding: Steganography & Watermarking
Pseudorandom-Function Property of the Step-Reduced Compression Functions of SHA-256 and SHA-512
Information Security Applications
A Single-Key Domain Extender for Privacy-Preserving MACs and PRFs
Information Security and Cryptology --- ICISC 2008
Full Key-Recovery Attack on the HMAC/NMAC Based on 3 and 4-Pass HAVAL
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Second Preimage Attack on 5-Pass HAVAL and Partial Key-Recovery Attack on HMAC/NMAC-5-Pass HAVAL
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Distinguishing Attack on the Secret-Prefix MAC Based on the 39-Step SHA-256
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Practical Electromagnetic Template Attack on HMAC
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
New key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Password recovery on challenge and response: impossible differential attack on hash function
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Distinguishing attack on secret prefix MAC instantiated with reduced SHA-1
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Cryptography for network security: failures, successes and challenges
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Collisions of MMO-MD5 and their impact on original MD5
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Distinguishing attacks on LPMAC based on the full RIPEMD and reduced-step RIPEMD-{256, 320}
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Cryptanalyses on a merkle-damgård based MAC -- almost universal forgery and distinguishing-h attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Analysis of differential attacks in ARX constructions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Generic related-key attacks for HMAC
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
At Crypto '06, Bellare presented new security proofs for HMAC and NMAC, under the assumption that the underlying compression function is a pseudo-random function family. Conversely, at Asiacrypt '06, Contini and Yin used collision techniques to obtain forgery and partial key-recovery attacks on HMAC and NMAC instantiated with MD4, MD5, SHA-0 and reduced SHA-1. In this paper, we present the first full key-recovery attacks on NMAC and HMAC instantiated with a real-life hash function, namely MD4. Our main result is an attack on HMAC/NMAC-MD4 which recovers the full MAC secret key after roughly 288 MAC queries and 295 MD4 computations. We also extend the partial key-recovery Contini-Yin attack on NMAC-MD5 (in the related-key setting) to a full key-recovery attack. The attacks are based on generalizations of collision attacks to recover a secret IV, using new differential paths for MD4.