New Distinguishing Attack on MAC Using Secret-Prefix Method

Abstract: Abstract. This paper presents a new distinguisher which can be applied to secret-prefix MACs with the message length prepended to the message before hashing. The new distinguisher makes use of a special truncated differential path with high probability to distinguish an inner near-collision in the first round. Once the inner near-collision is detected, we can recognize an instantiated MAC from a MAC with a random function. The complexity for distinguishing the MAC with 43-step reduced SHA-1 is 2 124.5 queries.… Show more

“…In this part, we adopt the techniques of detecting the inner near-collisions with some specific differences [19,20,21] to implement impossible differential cryptanalysis on Pelican, MT-MAC-AES and PC-MAC-AES, and all of them take the 4-round AES as the iteration function. Based on a 3-round impossible differential path of AES, we can recover the internal state of Pelican, which is an equivalent subkey, and the recovery leads to a selective forgery attack.…”

“…While for MACs mentioned above, we have to explore new techniques to collect such message pairs since the 4-round AES is To get over this obstacle, we take advantage of the idea described in [19,20,21]. First, randomly choose two structures of messages, with the message differences of some specific forms.…”

“…Inspired by recent MAC cryptanalysis techniques of Wang et al [19,20] and the methods introduced in Part I [21], we observe that the impossible differential attack can be extended to MACs provided that enough inner near-collisions with specific differences are detected.…”

“…Another kind of attacks was suggested by Kim et al, which distinguishes the cryptographic primitive embedded in a MAC construction from a random function [13]. Recently, new techniques to identify the underlying hash functions of MACs were proposed [19,20]. For example, distinguishing attacks on HMAC/NMAC-MD5 and MD5-MAC were proposed in [20].…”

“…Inspired by Wang et al's work [19,20], we propose a new idea to detect the inner near-collision with some specific differences, which can be used to identify the cryptographic primitives embedded in MACs. Build upon this idea, two distinguishing attacks on Alred construction and Alpha-MAC are presented in this part.…”

New Birthday Attacks on Some MACs Based on Block Ciphers

“…In this part, we adopt the techniques of detecting the inner near-collisions with some specific differences [19,20,21] to implement impossible differential cryptanalysis on Pelican, MT-MAC-AES and PC-MAC-AES, and all of them take the 4-round AES as the iteration function. Based on a 3-round impossible differential path of AES, we can recover the internal state of Pelican, which is an equivalent subkey, and the recovery leads to a selective forgery attack.…”

“…While for MACs mentioned above, we have to explore new techniques to collect such message pairs since the 4-round AES is To get over this obstacle, we take advantage of the idea described in [19,20,21]. First, randomly choose two structures of messages, with the message differences of some specific forms.…”

“…Inspired by recent MAC cryptanalysis techniques of Wang et al [19,20] and the methods introduced in Part I [21], we observe that the impossible differential attack can be extended to MACs provided that enough inner near-collisions with specific differences are detected.…”

“…Another kind of attacks was suggested by Kim et al, which distinguishes the cryptographic primitive embedded in a MAC construction from a random function [13]. Recently, new techniques to identify the underlying hash functions of MACs were proposed [19,20]. For example, distinguishing attacks on HMAC/NMAC-MD5 and MD5-MAC were proposed in [20].…”

“…Inspired by Wang et al's work [19,20], we propose a new idea to detect the inner near-collision with some specific differences, which can be used to identify the cryptographic primitives embedded in MACs. Build upon this idea, two distinguishing attacks on Alred construction and Alpha-MAC are presented in this part.…”

New Birthday Attacks on Some MACs Based on Block Ciphers

Distinguishing Attack on the Secret-Prefix MAC Based on the 39-Step SHA-256

Distinguishing and Second-Preimage Attacks on CBC-Like MACs