SHA-0-MAC的部分密钥恢复攻击

J4 ›› 2010, Vol. 45 ›› Issue (4): 6-11.

SHA-0-MAC的部分密钥恢复攻击

乔思远^1,2,贾珂婷^1,2

1. 山东大学数学学院, 山东济南 250100;
2. 山东大学密码技术与信息安全教育部重点实验室, 山东济南 250100

收稿日期:2010-02-02 出版日期:2010-04-10 发布日期:2010-05-19
作者简介:乔思远(1980-),男,博士研究生,主要从事HASH函数分析和MAC码的分析研究. Email: sy-qiao@mail.sdu.edu.cn
基金资助:
国家自然科学基金资助项目(60910118);山东省博士基金资助项目(BS2009DX030)

Partial key recovery attack on SHA-0-MAC

QIAO Si-Yuan^1,2, JIA Ke-Ting^1,2

1. School of Mathematics, Shandong University, Jinan 250100, Shandong, China;
2. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan 250100, Shandong, China

Received:2010-02-02 Online:2010-04-10 Published:2010-05-19

摘要/Abstract

摘要：

提出了SHA-0-MAC的部分密钥恢复攻击,这是首个对SHA-0-MAC的密钥恢复攻击。SHA-0-MAC是基于SHA-0的MDx-MAC,由Preneel等人于1995年在美密会提出,其包含3个160比特子密钥K₀, K₁, K₂。基于Biham等给出的伪碰撞路线,结合王小云等提出的MD5-MAC部分密钥恢复的思想,对SHA-0-MAC恢复子密钥K₁的128比特,推出该路线成立的充分条件.在此基础上利用Contini的部分密钥恢复技术恢复160比特的子密钥K₀, 总的复杂度约为2^125.58次MAC询问。

关键词: MDx-MAC;SHA-0;密钥恢复

Abstract:

A partial key recovery attack on SHA-0-MAC is presented, which is the first partial key recovery attack on SHA-0-MAC. SHA-0-MAC is a kind of MDx-MAC based on hash function SHA-0. MDx-MAC was first proposed by Preneel et al. in Crypto’95,which has 3 160-bit subkeys K0, K1, K2. 160-bit K0 can be fully recovered, and 128 bits of the subkey K1 with 2^125.58 MAC queries. By using Wang’s new methods of partial key recovery of MD5-MAC and a special pseudo collision differential path given by Biham et al., the sufficient conditions are deduced which make the differential path hold.

Key words: MDx-MAC; SHA-0; key recovery

乔思远1,2,贾珂婷1,2. SHA-0-MAC的部分密钥恢复攻击[J]. J4, 2010, 45(4): 6-11.

QIAO Si-Yuan1,2, JIA Ke-Ting1,2. Partial key recovery attack on SHA-0-MAC[J]. J4, 2010, 45(4): 6-11.

参考文献

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed