Browse > Article
http://dx.doi.org/10.9708/jksci.2018.23.01.057

Key Recovery Attacks on HMAC with Reduced-Round AES  

Ryu, Ga-Yeon (Dept. of Computer Engineering, Chonbuk National University)
Hong, Deukjo (Dept. of Information Technology Engineering, Chonbuk National University)
Publication Information
Journal of the Korea Society of Computer and Information / v.23, no.1, 2018 , pp. 57-66 More about this Journal
Abstract
It is known that a single-key and a related-key attacks on AES-128 are possible for at most 7 and 8 rounds, respectively. The security of CMAC, a typical block-cipher-based MAC algorithm, has very high possibility of inheriting the security of the underlying block cipher. Since the attacks on the underlying block cipher can be applied directly to the first block of CMAC, the current security margin is not sufficient compared to what the designers of AES claimed. In this paper, we consider HMAC-DM-AES-128 as an alternative to CMAC-AES-128 and analyze its security for reduced rounds of AES-128. For 2-round AES-128, HMAC-DM-AES-128 requires the precomputation phase time complexity of $2^{97}$ AES, the online phase time complexity of $2^{98.68}$ AES and the data complexity of $2^{98}$ blocks. Our work is meaningful in the point that it is the first security analysis of MAC based on hash modes of AES.
Keywords
AES; HMAC; MAC;
Citations & Related Records
연도 인용수 순위
  • Reference
1 FIPS-197, Announcing the ADVANCED ENCRYPTION STANDARD (AES), 2009.
2 Preneel, Govaerts and Vandewalle, "Hash functions based on block ciphers: a synthetic approach", In: Stinson D.R. (eds) CRYPTO 1993. LNCS, vol 773. Springer, Berlin, Heidelberg, 1993.
3 Merkle and Damgard, "A Design Principle for Hash Functions", CRYPTO '89 Proceedings, LNCS, vol.435, Brassard, ed, Springer, 1989, pp. 416-427.
4 Bellare, "New Proofs for NMAC and HMAC: Security without Collision-Resistance", In Dwork, C., ed.: CRYPTO. Vol.4117 of Lecture Notes in Computer Science., Springer (2006) 602-619
5 Black, Rogaway and Shrimpton, "Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV", In: Yung M. (eds) CRYPTO 2002. LNCS, vol 2442. Springer, Berlin, Heidelberg.
6 Leurent, Peyrin and Wang, "New Generic Attacks against Hash-Based MACs" In:Sako K., Sarkar P.(eds) ASIACRYPT 2013. LNCS, vol.8270, Springer, Berlin, Heidelberg, 2013.
7 Menezes, Oorschot and Vanstone, Handbook of Applied Cryptography. CRC Press, 1996.
8 Derbez, Fouque and Jean, 2013. "Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting", EUROCRYPT 2013, LNCS 7881, pp.371-387, 2013.
9 Bellare and Kohno "Hash function balance and its impact on birthday attacks", IACR, 2003