空军工程大学学报(自然科学版)2013,Vol.14Issue(4):84-87,4.DOI:10.3969/j.issn.1009-3516.2013.04.020
基于缩减到53(20-72)步的SHA-1的H2-MAC的等价密钥恢复攻击
Equivalent Key Recovery Attack on H2-MAC Instantiated with SHA-1 Reduced to 53 (20-72) Steps
摘要
Abstract
H2-MAC,which was proposed by Kan Yasuda in Information Security Conference (ISC) 2009,is a new type of MAC construction.Compared with HMAC,H2-MAC is much easier for algorithm implementation and key management,for it gets access to the key only once.This paper first presents an equivalent key recovery attack H2-MAC-SHA-1 reduced to 53 (20-72) steps,which conduces to a universal forgery attack directly.Firstly,an H2-MAC-SHA-1 distinguisher is constructed.Then,the intermediate chaining variable,i.e.,the equivalent key is recovered by using the distinguisher and bit flipping technology.Consequently,the universal forgery attack is processed.The adversary unknowing the secret key can process the universal forgery attack by computing the valid MAC value of M,which can be an arbitrary message.The complexity of the attack is about 299 queries,which is much lower than the ideal complexity of the universal forgery.关键词
密码分析/H2-MAC-SHA-1/等价密钥恢复攻击/一般性伪造攻击Key words
crypt analysis/H2-MAC-SHA-1/equivalent key recovery attack/universal forgery分类
信息技术与安全科学引用本文复制引用
张丽,王沛..基于缩减到53(20-72)步的SHA-1的H2-MAC的等价密钥恢复攻击[J].空军工程大学学报(自然科学版),2013,14(4):84-87,4.基金项目
高等学校博士学科点专项科研基金资助项目(20100131120015) (20100131120015)
