Article

Keying Hash Functions for Message Authentication

Authors:

Ran Canetti, and

Hugo KrawczykAuthors Info & Claims

CRYPTO '96: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology

August 1996

Pages 1 - 15

Published: 18 August 1996 Publication History

Abstract

The use of cryptographic hash functions like MD5 or SHA-1 for message authentication has become a standard approach in many applications, particularly Internet security protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis.

We present new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitative way, that the schemes retain almost all the security of the underlying hash function. The performance of our schemes is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardwair can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.

References

[1]

R. ATKINSON, "Security Architecture for the Internet Protocol", IETF Network Working Group, RFC 1825, August 1995.

[2]

R. ATKINSON, "IP Authentication Header", IETF Network Working Group, RFC 1826, August 1995.

[3]

M. BELLARE, R. CANETTI AND H. KRAWCZYK, "Keying hash functions for message authentication," (full version of the current paper) available at http://www-cse.ucsd.edu/users/mihir or http://www.research. ibm.com/security/keyed-md5.html.

[4]

M. BELLARE, R. CANETTI AND H. KRAWCZYK, "Pseudorandom functions revisted: the cascade construction," Available via http://www.research. ibm.com/security/ or http://www-cse. ucsd.edu/users/mihir/ papers/papers.html.

[5]

M. BELLARE, R. GUÉRIN AND P. ROGAWAY, "XOR MACs: New methods for message authentication using finite pseudorandom functions," Advances in Cryptology - Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.

[6]

M. BELLARE, J. KILIAN AND P. ROGAWAY. "The security of cipher block chaining." Advances in Cryptology - Crypto 94 Proceedings, Lecture Notes in Computer Science VoI. 839, Y. Desmedt ed., Springer-Verlag, 1994.

[7]

A. BOSSELAERRS, R. GOVAERTS, J. VANDEWALLE, "Fast hashing on the Pentium," Advances in Ciyptology - Ciypro 96 Proceedings, Lecture Notes in Computer Science Vol., N. Koblitz ed., Springer-Verlag, 1996.

[8]

I. DAMGÅRD, "A design principle for hash functions," Advances in Cryptology - Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989.

[9]

H. DOBBERTIN, "MD4 is not collision-free," Manuscript, September 1995. To appear in Fast Software Encryption Workshop, Cambridge, 1996.

[10]

H. DOBBERTIN, "MDS is not collision-free," Manuscript, 1996.

[11]

NATIONAL INSTITUTE FOR STANDARDS AND TECHNOLOGY, "Digital Signature Standard (DSS)", Federal Register, Vol. 56, No. 169, August, 1991.

[12]

O. GOLDREICH, S. GOLDWASSER AND S. MICALI, "How to construct random functions," Journal of the ACM, Vol. 33, No. 4, 210-217, (1986).

[13]

B. KALISKI AND M. ROBSHAW, "Message Authentication with MD5", RSA Labs' Crypto Bytes, Vol. 1 No. 1, Spring 1995.

[14]

H. KRAWCZYK. M. BELLARE AND R. CANETTI, Internet draft draft-ietf-ipsec-hmac-md5- txt.OO. March 1996.

[15]

P. METZGER AND W. SIMPSON, "IP Authentication using Keyed MD5", IETF Network Working Group, RFC 1828, August 1995.

[16]

R. MERKLE, "One way hash functions and DES," Advances in Cryptology - Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989. (Based on unpublished paper from 1979 and his Ph. D thesis, Stanford, 1979).

[17]

J. NECHVATAL, "Public Key Cryptography," in Contemporary Cryptography, The Science of Information Integrity, G. Simmons ed., IEEE Press, 1992.

[18]

B. PRENEEL AND P. VAN OORSCHOT, "MD-x MAC and building fast MACs from hash functions," Advances in Cryptology - Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.

[19]

B. PRENEEL AND P. VAN OORSCHOT, "On the security of two MAC algorithms," Advances in Cryptology - Eurocrypt 96 Proceedings, Lecture Notes in computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.

[20]

R. RIVEST, "The MD5 message-digest algorithm," IETF Network Working Group, RFC 1321, April 1992.

[21]

FIPS 180-1. Secure Hash Standard. Federal Information Processing Standard (FPS), Publication 180-1, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., April 1995.

[22]

J. TOUCH, "Performance Analysis of MD5". Proceedings of Sigcomm '95, pp. 77-86. (See also RFC 1810).

[23]

G. TSUDIK, "Message authentication with one-way hash functions," Proceedings of Infocom 92.

[24]

P. VAN OORSCHOT AND M. WIENER, "Parallel Collision Search with Applications to Hash Functions and Discrete Logarithms", Proceedings of the 2nd ACM Conf. Computer and Communications Security, Fairfax, VA, November 1994.

[25]

ANSI X9.9, "American National Standard for Financial Institution Message Authentication (Wholesale)," American Bankers Association, 1981. Revised 1986.

Cited By

Tennage PBasescu CKokoris-Kogias LSyta EJovanovic PEstrada-Galinanes VFord BDruschel PKaufmann AMace JFlinn JSeltzer M(2023)QuePaxa: Escaping the tyranny of timeouts in consensusProceedings of the 29th Symposium on Operating Systems Principles10.1145/3600006.3613150(281-297)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3600006.3613150
Rong YWu WChen Z(2019)COMBFTProceedings of the 48th International Conference on Parallel Processing10.1145/3337821.3337885(1-10)Online publication date: 5-Aug-2019
https://dl.acm.org/doi/10.1145/3337821.3337885
Wedaj SPaul KRibeiro V(2019)DADSACM Transactions on Privacy and Security10.1145/332582222:3(1-29)Online publication date: 16-Jul-2019
https://dl.acm.org/doi/10.1145/3325822
Show More Cited By

Index Terms

Keying Hash Functions for Message Authentication

Index terms have been assigned to the content through auto-classification.

Recommendations

On hash functions using checksums

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum ...
Read More
Non-interactive manual channel message authentication based on eTCR hash functions
ACISP'07: Proceedings of the 12th Australasian conference on Information security and privacy

We present a new non-interactive message authentication protocol in manual channel model (NIMAP, for short) using the weakest assumption on the manual channel (i.e. assuming the strongest adversary). Our protocol uses enhanced target collision resistant ...
Read More
Related-Key Almost Universal Hash Functions: Definitions, Constructions and Applications
FSE 2016: Revised Selected Papers of the 23rd International Conference on Fast Software Encryption - Volume 9783

Universal hash functions UHFs have been extensively used in the design of cryptographic schemes. If we consider the related-key attack RKA against these UHF-based schemes, some of them may not be secure, especially those using the key of UHF as a part ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CRYPTO '96: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology

August 1996

415 pages

ISBN:3540615121

Editor:
Neal Koblitz

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 18 August 1996

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

284
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Tennage PBasescu CKokoris-Kogias LSyta EJovanovic PEstrada-Galinanes VFord BDruschel PKaufmann AMace JFlinn JSeltzer M(2023)QuePaxa: Escaping the tyranny of timeouts in consensusProceedings of the 29th Symposium on Operating Systems Principles10.1145/3600006.3613150(281-297)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3600006.3613150
Rong YWu WChen Z(2019)COMBFTProceedings of the 48th International Conference on Parallel Processing10.1145/3337821.3337885(1-10)Online publication date: 5-Aug-2019
https://dl.acm.org/doi/10.1145/3337821.3337885
Wedaj SPaul KRibeiro V(2019)DADSACM Transactions on Privacy and Security10.1145/332582222:3(1-29)Online publication date: 16-Jul-2019
https://dl.acm.org/doi/10.1145/3325822
Lin QXu WLiu JKhamis AHu WHassan MSeneviratne AEskicioglu RMottola LPriyantha B(2019)H2BProceedings of the 18th International Conference on Information Processing in Sensor Networks10.1145/3302506.3310406(265-276)Online publication date: 16-Apr-2019
https://dl.acm.org/doi/10.1145/3302506.3310406
Xiao HLi ZZhai EXu TLi YLiu YZhang QLiu YAgrawal NRangaswami R(2018)Towards web-based delta synchronization for cloud storage servicesProceedings of the 16th USENIX Conference on File and Storage Technologies10.5555/3189759.3189774(155-168)Online publication date: 12-Feb-2018
https://dl.acm.org/doi/10.5555/3189759.3189774
Tarik BZakaria E(2018)Privacy Preserving Classification of Biomedical Data With Secure Removing of Duplicate RecordsInternational Journal of Organizational and Collective Intelligence10.4018/IJOCI.20180701048:3(41-58)Online publication date: 1-Jul-2018
https://dl.acm.org/doi/10.4018/IJOCI.2018070104
Kenthapadi KTran TCuzzocrea AAllan JPaton NSrivastava DAgrawal RBroder AZaki MCandan SLabrinidis ASchuster AWang H(2018)PriPeARLProceedings of the 27th ACM International Conference on Information and Knowledge Management10.1145/3269206.3272031(2183-2191)Online publication date: 17-Oct-2018
https://dl.acm.org/doi/10.1145/3269206.3272031
Fraunholz DKrohmer DDuque Anton SSchotten HAlbanese MHuang D(2018)Catch Me If You CanProceedings of the 5th ACM Workshop on Moving Target Defense10.1145/3268966.3268970(31-39)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3268966.3268970
Duan SReiter MZhang HLie DMannan MBackes MWang X(2018)BEATProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243812(2028-2041)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243812
Dubrova ENäslund MSelander GLindqvist FPapadimitratos PButler KPöpper C(2018)Lightweight Message Authentication for Constrained DevicesProceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks10.1145/3212480.3212482(196-201)Online publication date: 18-Jun-2018
https://dl.acm.org/doi/10.1145/3212480.3212482
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents