Security

Equivalent Key Recovery Attack to H2-MAC

Download Now Free registration required

Executive Summary

In this paper, the authors propose an efficient method to break H2-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance). They can successfully recover the equivalent key of H2-MAC in about 2n=2 on-line MAC queries and 2n/2 off line hash computations with great probability. This attack shows that the security of H2-MAC is totally dependent on the collision resistance of the underlying hash function, instead of the PRF-AX of the underlying compression function in the origin security proof of H2-MAC.

  • Format: PDF
  • Size: 278.9 KB