Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms

11 years 1 months ago
Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms
Abstract. This paper discusses key recovery and universal forgery attacks on several MAC algorithms based on universal hash functions. The attacks use a substantial number of verification queries but eventually allow for universal forgeries instead of existential or multiple forgeries. This means that the security of the algorithms completely collapses once a few forgeries are found. Some of these attacks start off by exploiting a weak key property, but turn out to become full-fledged divide and conquer attacks because of the specific structure of the universal hash functions considered. Partial information on a secret key can be exploited too, in the sense that it renders some key recovery attacks practical as soon as a few key bits are known. These results show that while universal hash functions offer provable security, high speeds and parallelism, their simple combinatorial properties make them less robust than conventional message authentication primitives.
Helena Handschuh, Bart Preneel
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Authors Helena Handschuh, Bart Preneel
Comments (0)