Abstract
The use of cryptographic hash functions like MD5 or SHA-1 for message authentication has become a standard approach in many applications, particularly Internet security protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis.
We present new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitative way, that the schemes retain almost all the security of the underlying hash function. The performance of our schemes is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardware can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.
This version of our paper has been truncated due to page limits. The full version is [3].
Chapter PDF
Similar content being viewed by others
References
R. Atkinson, “Security Architecture for the Internet Protocol”, IETF Network Working Group, RFC 1825, August 1995.
R. Atkinson, “IP Authentication Header”, IETF Network Working Group, RFC 1826, August 1995.
M. Bellare, R. Canetti and H. Krawczyk, “Keying hash functions for message authentication,” (full version of the current paper) available at http://www-cse.ucsd.edu/users/mihir or http://www.research.ibm.com/security/keyed-md5.html.
M. Bellare, R. Canetti and H. Krawczyk, “Pseudorandom functions revisted: the cascade construction,” Available via http://www.research.ibm.com/security/ or http://www-cse.ucsd.edu/users/mihir/papers/papers.html.
M. Bellare, R. Guérin and P. Rogaway, “XOR MACs: New methods for message authentication using finite pseudorandom functions,” Advances in Cryptology — Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.
M. Bellare, J. Kilian and P. Rogaway, “The security of cipher block chaining.” Advances in Cryptology — Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.
A. Bosselaers, R. Govaerts, J. Vandewalle, “Fast hashing on the Pentium,” Advances in Cryptology — Crypto 96 Proceedings, Lecture Notes in Computer Science Vol. ??, N. Koblitz ed., Springer-Verlag, 1996.
I. Damgård, “A design principle for hash functions,” Advances in Cryptology — Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989.
H. Dobbertin, “MD4 is not collision-free,” Manuscript, September 1995. To appear in Fast Software Encryption Workshop, Cambridge, 1996.
H. Dobbertin, “MD5 is not collision-free,” Manuscript, 1996.
National Institute for Standards and Technology, “Digital Signature Standard (DSS)”, Federal Register, Vol. 56, No. 169, August, 1991
O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions,” Journal of the ACM, Vol. 33, No. 4, 210–217, (1986).
B. Kaliski and M. Robshaw, “Message Authentication with MD5”, RSA Labs’ CryptoBytes, Vol. 1 No. 1, Springer 1995.
H. Krawczyk, M. Bellare and R. Canetti, Internet draft draft-ietf-ipsec-hmac-md5-txt.00, March 1996.
P. Metzger and W. Simpson, “IP Authentication using Keyed MD5”, IETF Network Working Group, RFC 1828, August 1995.
R. Merkle, “One way hash functions and DES,” Advances in Cryptology — Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, G. Brassard ed., Springer-Verlag, 1989. (Based on unpublished paper from 1979 and his Ph. D thesis, Stanford, 1979).
J. Nechvatal, “Public Key Cryptography,” in Contemporary Cryptography, The Science of Information Integrity, G. Simmons ed., IEEE Press, 1992.
B. Preneel and P. van Ooorschot, “MD-x MAC and building fast MACs from hash functions,” Advances in Cryptology — Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.
B. Preneel and P. van Oorschot, “On the security of two MAC algorithms,” Advances in Cryptology — Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
R. Rivest, “The MD5 message-digest algorithm,” IETF Network Working Group, RFC 1321, April 1992.
FIPS 180-1. Secure Hash Standard. Federal Information Processing Standard (FIPS), Publication 180-1, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., April 1995.
J. Touch, “Performance Analysis of MD5”, Proceedings of Sigcomm’ 95, pp. 77–86. (See also RFC 1810).
G. Tsudik, “Message authentication with one-way hash functions,” Proceedings of Infocom 92.
P. van Oorschot and M. Wiener, “Parallel Collision Search with Applications to Hash Functions and Discrete Logarithms”, Proceedings of the 2nd ACM Conf. Computer and Communications Security, Fairfax, VA, November 1994.
ANSI X9.9, “American National Standard for Financial Institution Message Authentication (Wholesale),” American Bankers Association, 1981. Revised 1986.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellare, M., Canetti, R., Krawczyk, H. (1996). Keying Hash Functions for Message Authentication. In: Koblitz, N. (eds) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, vol 1109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68697-5_1
Download citation
DOI: https://doi.org/10.1007/3-540-68697-5_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61512-5
Online ISBN: 978-3-540-68697-2
eBook Packages: Springer Book Archive