Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms
Helena Handschuh,Bart Preneel +1 more
- pp 144-161
Reads0
Chats0
TLDR
In this paper, the authors discuss key recovery and universal forgery attacks on several MAC algorithms based on universal hash functions, and show that while universal hash function offers provable security, their simple combinatorial properties make them less robust than conventional message authentication primitives.Abstract:
This paper discusses key recovery and universal forgery attacks on several MAC algorithms based on universal hash functions. The attacks use a substantial number of verification queries but eventually allow for universal forgeries instead of existential or multiple forgeries. This means that the security of the algorithms completely collapses once a few forgeries are found. Some of these attacks start off by exploiting a weak key property, but turn out to become full-fledged divide and conquer attacks because of the specific structure of the universal hash functions considered. Partial information on a secret key can be exploited too, in the sense that it renders some key recovery attacks practical as soon as a few key bits are known. These results show that while universal hash functions offer provable security, high speeds and parallelism, their simple combinatorial properties make them less robust than conventional message authentication primitives.read more
Citations
More filters
Book ChapterDOI
SipHash : a fast short-input PRF
TL;DR: This work proposes that hash tables switch to SipHash as a hash function, which is simpler than MACs based on universal hashing, and faster on short inputs than state-of-the-art MACs.
Journal ArticleDOI
Grain-128a: a new version of Grain-128 with optional authentication
TL;DR: A new version of the stream cipher Grain-128 is proposed, strengthened against all known attacks and observations on the original Grain- 128, and has built-in support for optional authentication.
Book ChapterDOI
NEON crypto
TL;DR: This paper explains how to use a single 800MHz Cortex A8 core to compute the existing NaCl suite of high-security cryptographic primitives at the following speeds: 5.60 cycles per byte (1.14 Gbps) to encrypt using a shared secret key, 2.30 cycles perbyte (2.78 Gbps), and 244655 cycles (3269/second) to sign a message.
Posted Content
SipHash: a fast short-input PRF.
TL;DR: SipHash as mentioned in this paper is a pseudorandom function optimized for short inputs that can be used for hash table lookup and authentication in network traffic authentication and hash-table lookups.
Book ChapterDOI
Four$$\mathbb {Q}$$: Four-Dimensional Decompositions on a $$\mathbb {Q}$$-curve over the Mersenne Prime
Craig Costello,Patrick Longa +1 more
TL;DR: In this article, a high-security, high-performance elliptic curve that targets the 128-bit security level is presented, where scalar multiplications on four-dimensional Gallant-Lambert-Vanstone decomposition are performed modulo the extremely fast Mersenne prime.
References
More filters
Journal ArticleDOI
Universal classes of hash functions
TL;DR: An input independent average linear time algorithm for storage and retrieval on keys that makes a random choice of hash function from a suitable class of hash functions.
Book ChapterDOI
Keying Hash Functions for Message Authentication
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Journal ArticleDOI
New hash functions and their use in authentication and set equality
TL;DR: Several new classes of hash functions with certain desirable properties are exhibited, and two novel applications for hashing which make use of these functions are introduced, including a provably secure authentication technique for sending messages over insecure lines and the application of testing sets for equality.
Book
Contemporary Cryptology: The Science of Information Integrity
TL;DR: This book provides the engineer and scientist with algorithms, protocols, and applications of the science of information integrity, with an emphasis on the cryptographic elements of the subject.
Book ChapterDOI
LFSR-based Hashing and Authentication
TL;DR: The characterization of the properties required from a family of hash functions in order to be secure for authentication when combined with a (secure) stream cipher is characterization.