Side channel analysis of some hash based MACs: A response to SHA-3 requirements

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5308 LNCS, Issue , 2008, Pages 111-127

  Gauravaram, Praveen ^a   Okeya, Katsuyuki ^b  

^a TECHNICAL UNIVERSITY OF DENMARK   (Denmark)

^b HITACHI LTD   (Japan)

Author keywords

Applied cryptography; Hash functions; HMAC; Side channel attacks

Indexed keywords

HASH FUNCTIONS; SMART CARDS;

ADVANCED HASH STANDARDS; APPLIED CRYPTOGRAPHY; COMPRESSION FUNCTIONS; DIFFERENTIAL POWER ANALYSIS; HMAC; ITS EVALUATION; SIDE-CHANNEL ANALYSIS; SMART CARD IMPLEMENTATION;

SIDE CHANNEL ATTACK;

EID: 57049137710     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-88625-9_8     Document Type: Conference Paper

References (45)

1. ANSI. ANSI X9.31:1998: Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA). American National Standards Institute (1998)
2. Bellare, M.: New Proofs for NMAC and HMAC: Security Without CollisionResistance. In: Dwork, C (ed.) CRYPTO 2006. LNCS, vol. 4117. Springer, Heidelberg (2006)
3. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1-15. Springer, Heidelberg (1996)
4. Bellare, M., Ristenpart, T.: Multi-Property-Preserving Hash Domain Extension and the EMD Transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299-314. Springer, Heidelberg (2006)
5. Bellovin, S.M., Rescorla, E.K.: Deploying a New Hash Algorithm. In: Proceedings of NDSS. Internet Society (February 2006)
6. Biham, E., Dunkelman, O.: A framework for iterative hash functions - HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007) (Accessed on 5/14/2008), http://eprint.iacr.org/2007/278
7. Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320-335. Springer, Heidelberg (2002)
8. Bosselaers, A., Preneel, B.: Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040. In: Bosselaers, A., Preneel, B. (eds.) RIPE 1992. LNCS, vol. 1007, pp. 31-67. Springer, Heidelberg (1995)
9. Burr, W.: Personal Communication regarding Frequently Asked Questions on AHS Competition (March 2008)
10. Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIA CRYPT 2006. LNCS, vol. 4284, pp. 37-53. Springer, Heidelberg (2006)
11. Coppersmith, D., Pilpel, S., Meyer, C.H., Matyas, S.M., Hyden, M.M., Oseas, J., Brachtl, B., Schilling, M.: Data authentication using modification dectection codes based on a public one way encryption function. U.S. Patent No. 4,908,861, March 13 (1990)
12. Danigård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416-427. Springer, Heidelberg (1990)
13. Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Menezes, A.' (ed.) CRYPTO 2007. LNCS. vol. 4622. pp. 13-30. Springer, Heidelberg (2007)
14. Gauravaram, P.: Cryptographic Hash Functions: Cryptanalysis, Design and Applications. PhD thesis, Information Security Institute, Queensland University of Technogy (June 2007)
15. Gauravaram, P., Kelsey, J.: Linear-XOR and Additive Checksums Don't Protect Damgård-Merkle Hashes from Generic Attacks. In: Malkin, T. (ed.) CT-RSA 2008. LNCS. vol. 4964. pp. 36-51. Springer, Heidelberg (2008)
16. Gauravaram, P., McCullagh, A., Dawson, E.: Collision Attacks on MD5 and SHA1: Is this the "Sword of Damocles" for Electronic Commerce?. In: AusCERT R & D Stream, pp. 1-13 (2006)
17. Gauravaram, P., Okeya, K.: An Update on the Side Channel Cryptanalysis of MACs Based on Cryptographic Hash Functions. In: Srinathan, K., Rangan, CP., Yung, M. (eds.) INDOCRYPT 2007. LNCS. vol. 4859, pp. 393-403. Springer, Heidelberg (2007)
18. Hirose, S., Park, J.H., Yun, A.: A Simple Variant of the Merkle-Damgård Scheme with a Permutation. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833. pp. 113-129. Springer, Heidelberg (2007)
19. ISO/IEC 10118-2. Information Technology - Security Techniques- Hash Functions-Hash functions using an n-bit block cipher. ISO (2000)
20. Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin. M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306-316. Springer, Heidelberg (2004)
21. Kelsey, J.: How Should We Evaluate Hash Submissions?. In: ECRYPT Hash Function orkshop (2007) (Accessed on 02/13/2008), http://csrc.nist.gov/groups/ ST/hash/documents/kelsey-ECRYPT2007.pdf
22. Kelsey, J.: How to Choose SHA-3?.In: ECRYPT Hash Function Workshop (2008) (Accessed on 07/26/2008), http://www.lorentzcenter.nl/lc/web/2008/309/ presentations/Kelsey.pdf
23. Kelsey, J., Schneier, B.: Second Preimages on n-bit Hash Functions for Much Less than 2n Work. In: Cramer. R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474-490. Springer, Heidelberg (2005)
24. Knudsen, L.R., Rechberger. .C, Thomsen, S.S.: The Grindahl Hash Functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39-57. Springer, Heidelberg (2007)
25. Lei, D., Chao, L.: Extended Multi-Property-Preserving and ECM-construction. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 361-372. Springer. Heidelberg (2007)
26. Lemke, K., Schramm, K., Paar, C.: DPA on n-bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205-219. Springer, Heidelberg (2004)
27. Lucks. S.: A Failure-Friendly Design Principle for Hash Functions. In: Roy. B. (ed.) ASIACRYPT 2005. LNCS.'vol. 3788, pp. 474-494. Springer. Heidelberg'(2005)
28. McEvoy. R.P., Tunstall, M., Murphy, C.C., Marnane, W.P.: Differential power analysis of HMAC based on SHA-2, and countermeasures. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 317-332. Springer, Heidelberg (2008)
29. Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, ch. 9. pp. 321-383. CRC Press. Boca Raton (1997)
30. Merkle, R.: One way Hash Functions and DES. In: Brassard. G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428-446. Springer, Heidelberg (1990)
31. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Investigations of power analysis attacks on smartcards. In: Proceedings of the USENIX Workshop on Smartcard Technology, pp. 151-162. USENIX Association (1999)
32. Meyer. C., Schilling, M.: Secure program load with manipulation detection code. In: Proceedings of the 6th Worldwide Congress on Computer and Communications Security and Protection (SECURlCOM 1988), Paris, pp. 111-130 (1988)
33. NIST. Federal Information Processing Standard (FIPS PUB 198) The Keyed-Hash Message Authentication Code (HMAC) (March 2002)
34. NIST. Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Docket No: 070911510-7512-01 (November 2007)
35. NIST. Federal Information Processing Standard (FIPS PUB 180-3) Secure Hash Standard (2007)
36. Okeya, K.: Side Channel Attacks Against HMACs Based on Block-Cipher Based Hash Functions. In: Batten. L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 432-443. Springer, Heidelberg (2006)
37. Peyrin. T.: Cryptanalysis of Grindahl. In: Kurosawa. K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 551-567. Springer, Heidelberg (2007)
38. Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368-378. Springer, Heidelberg (1994)
39. Steinberger. J.P.: The collision intractability of MDC-2 in the ideal-cipher model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS. vol. 4515, pp. 34-51. Springer, Heidelberg (2007)
40. Stevens, M., Lenstra, A.K., de Weger, B.: Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1-22. Springer, Heidelberg (2007)
41. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17-36. Springer, Heidelberg (2005)
42. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R., (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19-35. Springer, Heidelberg (2005)
43. Yasuda, K.: Boosting Merkle-Damgård Hashing for Message Authentication. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 216-231. Springer, Heidelberg (2007)
44. Yasuda, K.: Multilane HMAC - Security beyond the Birthday Limit. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 18-32. Springer, Heidelberg (2007)
45. Yoshida, H., Watanabe, D., Okeya, K., Kitahara, J., Wu, H., Kücük, O., Preneel, B.: MAME: A Compression Function with Reduced Hardware Requirements. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 148-165. Springer, Heidelberg (2007)