您的位置:首页 > 论文页面
H2-MAC-MD5的等价密钥恢复攻击
发表时间:2012-04-30 浏览量:1520 下载量:735
| 全部作者: | 王薇 |
| 作者单位: | 山东大学计算机科学与技术学院,山东省软件工程重点实验室,密码技术与信息安全教育部重点实验室 |
| 摘 要: | H2-MAC与带密钥的杂凑函数构造的消息认证码(keyed-hash message authentication code,HMAC)的不同之处在于H2-MAC没有外部密钥,简化了密钥管理。首次给出H2-MAC-MD5的等价密钥恢复攻击,并进行选择性伪造。基于HMAC-MD5区分器和比特探测技术,筛选可能满足特殊伪碰撞路线的中间链接变量,即等价密钥,并恢复其数值,导致选择性伪造。即在不知道密钥的前提下,敌手可伪造消息M0‖M*的合法消息认证码(message authentication code, MAC)值,其中,M0为固定的512 bit消息分组,M*为任意消息。攻击的复杂度为297次MAC查询,远低于选择性伪造攻击的理想复杂度。 |
| 关 键 词: | 信息安全;密码分析;H2-MAC-MD5;等价密钥恢复攻击;选择性伪造 |
| Title: | Equivalent key recovery attack on H2-MAC instantiated with MD5 |
| Author: | WANG Wei |
| Organization: | School of Computer Science and Technology, Shandong University, Shandong Provincial Key Laboratory of Software Engineering; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education |
| Abstract: | H2-MAC which is similar with keyed-hash message authentication code (HMAC) except that the outer key is omitted, and gets rid of the disadvantage of the key management. This paper for the first time presents the equivalent key recovery attack on H2-MAC-MD5, which conduces to a selective forgery attack directly, while there only is a distinguishing attack for HMAC-MD5. Based on the distinguisher of HMAC-MD5, a pair of intermediate chaining variables, i.e., the equivalent keys, is detected which fulfills the specific conditions on the initial variables of the pseudo-collision. Then the inner key recovery attack on HMAC-MD5 is adopted to recover the equivalent key. Consequently, the adversary can process the selective forgery attack by computing the valid MAC value of M0‖M* effortlessly, where M0 is a fixed one-block message, and M* can be any bit strings. The complexity of the attack is about 297 queries, which is much lower than the ideal complexity of the selective forgery attack. |
| Key words: | information security; cryptanalysis; H2-MAC-MD5; equivalent key recovery attack; selective forgery |
| 发表期数: | 2012年4月第8期 |
| 引用格式: | 王薇. H2-MAC-MD5的等价密钥恢复攻击[J]. 中国科技论文在线精品论文,2012,5(8):736-741. |
0
评论数 0请您登录
暂无评论
下载全文
多维论文