On the Security of NMAC and Its Variants

Free registration required

Executive Summary

HMAC, a derivative of NMAC, is a practically and commonly used, widely standardized MAC construction nowadays. HMAC has two advantages. First, HMAC can make use of current hash functions, the most widely used ones are based on Merkle-Damgard construction, without modification. Second, it is provable secure under two assumptions that the keyed compression function of the underlying hash function and the key derivation function in HMAC are Pseudo Random Functions (PRFs). After some prevalent iterated hash functions were broken, the security of NMAC and HMAC instantiated with those hash function were analyzed, which emphasized that NMAC and HMAC instantiated with broken hash functions are weak.

  • Format: PDF
  • Size: 318.55 KB