Equivalent Key Recovery Attack to H2-MAC

Provided by: Science and Development Network (SciDev.Net)
Topic: Security
Format: PDF
In this paper, the authors propose an efficient method to break H2-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance). They can successfully recover the equivalent key of H2-MAC in about 2n=2 on-line MAC queries and 2n/2 off line hash computations with great probability. This attack shows that the security of H2-MAC is totally dependent on the collision resistance of the underlying hash function, instead of the PRF-AX of the underlying compression function in the origin security proof of H2-MAC.

Find By Topic