Paper 2013/212

A Closer Look at HMAC

Krzysztof Pietrzak

Abstract

Bellare, Canetti and Krawczyk~\cite{FOCS:BelCanKra96} show that cascading an $\eps$-secure (fixed input length) PRF gives an $O(\eps n q)$-secure (variable input length) PRF when making at most $q$ prefix-free queries of length $n$ blocks. We observe that this translates to the same bound for NMAC (which is the cascade without the prefix-free requirement but an additional application of the PRF at the end), and give a matching attack, showing this bound is tight. This contradicts the $O(\eps n)$ bound claimed by Koblitz and Menezes~\cite{KobMen12}.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. unpublished manuscript
Keywords
HMACcascade
Contact author(s)
krzpie @ gmail com
History
2013-04-14: received
Short URL
https://ia.cr/2013/212
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/212,
      author = {Krzysztof Pietrzak},
      title = {A Closer Look at HMAC},
      howpublished = {Cryptology ePrint Archive, Paper 2013/212},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/212}},
      url = {https://eprint.iacr.org/2013/212}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.