원문정보
초록
영어
H2-MAC was proposed by Yasuda to increase efficiency over hash-based message authentication code (HMAC) by omitting its outer key, and keep the advantages and security of HMAC at the same time. We propose an efficient method to break H2-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance). We can successfully recover the equivalent key of H2-MAC instantiated with any Merkle-Damgard hash function in about 2n=2 on-line message authentication code (MAC) queries and 2n=2 o-line MAC computations with good probability. We argue that the pseudo random function-ax (PRF-AX) assumption of the origin security proof of H2-MAC, and we prove that the security of H2- MAC is dependent on the collision resistance of the underlying hash function, instead of the PRF assumption.
목차
1 Introduction
2 Preliminaries
2.1 Notations
2.2 Birthday Paradox
2.3 Brief Description of H2-MAC
3 Breaking H2-MAC Using Birthday Paradox
4 Some Optimizations over the attack
4.1 Enlarging the success probability
4.2 Implementing more parallelism
5 The Security Proof of H2-MAC
5.1 The Re-measurement of PRF-AX
5.2 The revised Security Proof of H2-MAC
5.3 H2-MAC is not a Secure MAC
6 Conclusion
Acknowledgement
References