| SHA-0-MAC的部分密钥恢复攻击 |
| |
| 引用本文: | 乔思远,贾珂婷.SHA-0-MAC的部分密钥恢复攻击[J].山东大学学报(理学版),2010,45(4):6-11. |
| |
| 作者姓名: | 乔思远 贾珂婷 |
| |
| 作者单位: | 山东大学数学学院,山东,济南,250100;山东大学密码技术与信息安全教育部重点实验室,山东,济南,250100 |
| |
| 基金项目: | 国家自然科学基金,山东省博士基金 |
| |
| 摘 要: | 提出了SHA-0-MAC的部分密钥恢复攻击,这是首个对SHA-0-MAC的密钥恢复攻击。SHA-0-MAC是基于SHA-0的MDx-MAC,由Preneel等人于1995年在美密会提出,其包含3个160比特子密钥K0,K1,K2。基于Bi-ham等给出的伪碰撞路线,结合王小云等提出的MD5-MAC部分密钥恢复的思想,对SHA-0-MAC恢复子密钥K1的128比特,推出该路线成立的充分条件.在此基础上利用Contini的部分密钥恢复技术恢复160比特的子密钥K0,总的复杂度约为2125.58次MAC询问。
|
| 关 键 词: | MDx-MAC SHA-0 密钥恢复 |
| 收稿时间: | 2010-02-02 |
Partial key recovery attack on SHA-0-MAC |
| |
| QIAO Si-yuan,JIA Ke-ting.Partial key recovery attack on SHA-0-MAC[J].Journal of Shandong University,2010,45(4):6-11. |
| |
| Authors: | QIAO Si-yuan JIA Ke-ting |
| |
| Institution: | 1. School of Mathematics, Shandong University, Jinan 250100, Shandong, China;
2. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan 250100, Shandong, China |
| |
| Abstract: | A partial key recovery attack on SHA-0-MAC is presented, which is the first partial key recovery attack on SHA-0-MAC. SHA-0-MAC is a kind of MDx-MAC based on hash function SHA-0. MDx-MAC was first proposed by Preneel et al. in Crypto’95,which has 3 160-bit subkeys K0, K1, K2. 160-bit K0 can be fully recovered, and 128 bits of the subkey K1 with 2125.58 MAC queries. By using Wang’s new methods of partial key recovery of MD5-MAC and a special pseudo collision differential path given by Biham et al., the sufficient conditions are deduced which make the differential path hold.
|
| |
| Keywords: | MDx-MAC SHA-0 MDx-MAC SHA-0 key recovery |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《山东大学学报(理学版)》浏览原始摘要信息 |
| 点击此处可从《山东大学学报(理学版)》下载免费的PDF全文 |
|
