Equivalent Key Recovery Attack to H2-MAC
In this paper, the authors propose an efficient method to break H2-MAC, by using a generalized birthday attack to recover the equivalent key, under the assumption that the underlying hash function is secure (collision resistance). They can successfully recover the equivalent key of H2-MAC in about 2n=2 on-line MAC queries and 2n/2 off line hash computations with great probability. This attack shows that the security of H2-MAC is totally dependent on the collision resistance of the underlying hash function, instead of the PRF-AX of the underlying compression function in the origin security proof of H2-MAC.
Provided by: Science and Development Network (SciDev.Net) Topic: Security Date Added: Apr 2012 Format: PDF