| 基于缩减到53(20-72)步的SHA-1的H2-MAC的等价密钥恢复攻击 |
| |
| 引用本文: | 张丽,王沛.基于缩减到53(20-72)步的SHA-1的H2-MAC的等价密钥恢复攻击[J].空军工程大学学报,2013(4):84-87. |
| |
| 作者姓名: | 张丽 王沛 |
| |
| 作者单位: | 1.山东大学计算机科学与技术学院,山东济南,250101;2.国防科技大学信息系统与管理学院,湖南长沙,410073 |
| |
| 基金项目: | 高等学校博士学科点专项科研基金资助项目(20100131120015) |
| |
| 摘 要: | H2-MAC是Kan Yasuda在ISC 2009上提出的一种新型的MAC结构,与HMAC的不同之处仅在于H-MAC用固定的常数IV代替HMAC的外部密钥,计算MAC值时只访问一次种子密钥,在保持HMAC优势的基础上简化密钥管理。文中首次给出基于缩减到53 (20-72)步的SHA-1的H2-MAC的等价密钥恢复攻击,并进行一般性伪造攻击的理想复杂度。
|
| 关 键 词: | 密码分析 H-MAC-SHA-1 等价密钥恢复攻击 一般性伪造攻击 |
Equivalent Key Recovery Attack on H-MAC Instantiated with SHA-1 Reduced to 53 (20-72) Steps |
| |
| ZHANG Li,WANG Pei.Equivalent Key Recovery Attack on H-MAC Instantiated with SHA-1 Reduced to 53 (20-72) Steps[J].Journal of Air Force Engineering University(Natural Science Edition),2013(4):84-87. |
| |
| Authors: | ZHANG Li WANG Pei |
| |
| Abstract: | H2-MAC, which was proposed by Kan Yasuda in Information Security Conference (ISC) 2009, is a new type of MAC construction. Compared with HMAC,H2-MAC is much easier for algorithm implementation and key management, for it gets access to the key only once. This paper first presents an equivalent key recovery attack H2-MAC-SHA-1 reduced to 53 (20-72) steps, which conduces to a universal forgery attack directly. Firstly, an H2-MAC-SHA-1 distinguisher is constructed. Then, the intermediate chaining variable, i.e., the equivalent key is recovered by using the distinguisher and bit flipping technology. Consequently, the universal forgery attack is processed. The adversary unknowing the secret key can process the universal forgery attack by computing the valid MAC value of M, which can be an arbitrary message. The complexity of the attack is about 299 queries, which is much lower than the ideal complexity of the universal forgery. |
| |
| Keywords: | crypt analysis H2-MAC-SHA-1 equivalent key recovery attack universal forgery |
|
| 点击此处可从《空军工程大学学报》浏览原始摘要信息 |
| 点击此处可从《空军工程大学学报》下载免费的PDF全文 |
|
