Name
Abstract | ||
|---|---|---|
HMAC and its variant NMAC are the most popular approaches to deriving a MAC and more generally, a PRF from a cryptographic hash function. Despite nearly two decades of research, their exact security still remains far from understood in many different contexts. Indeed, recent works have re-surfaced interest for generic attacks, i.e., attacks that treat the compression function of the underlying hash function as a black box. Generic security can be proved in a model where the underlying compression function is modeled as a random function --- yet, to date, the question of proving tight, non-trivial bounds on the generic security of HMAC/NMAC even as a PRF remains a challenging open question. In this paper, we ask the question of whether a small modification to HMAC and NMAC can allow us to exactly characterize the security of the resulting constructions, while only incurring little penalty with respect to efficiency. To this end, we present simple variants of NMAC and HMAC, for which we prove tight bounds on the generic PRF security, expressed in terms of numbers of construction and compression function queries necessary to break the construction. All of our constructions are obtained via a near black-box modification of NMAC and HMAC, which can be interpreted as an initial step of key-dependent message pre-processing. While our focus is on PRF security, a further attractive feature of our new constructions is that they clearly defeat all recent generic attacks against properties such as state recovery and universal forgery. These exploit properties of the so-called \"functional graph\" which are not directly accessible in our new constructions. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.1007/978-3-662-48800-3_4 | IACR Cryptology ePrint Archive |
Keywords | Field | DocType |
Message authentication codes,HMAC,Generic attacks,Provable security | Black box (phreaking),Hash-based message authentication code,Computer science,Computer security,Cryptographic hash function,Concrete security,Theoretical computer science,Exploit,Hash function,Provable security,Random function | Journal |
Volume | ISSN | Citations |
2015 | 0302-9743 | 3 |
PageRank | References | Authors |
0.39 | 15 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Peter Gaži | 1 | 84 | 5.81 |
| Krzysztof Pietrzak | 2 | 1513 | 72.60 |
| Stefano Tessaro | 3 | 599 | 38.30 |