Improved generic attacks against hash-based MACs and HAIFA

Itai Dinur, Gaëtan Leurent

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations


The security of HMAC (and more general hash-based MACs) against state-recovery and universal forgery attacks was very recently shown to be suboptimal, following a series of surprising results by Leurent et al. and Peyrin et al.. These results have shown that such powerful attacks require much less than 2 computations, contradicting the common belief (where ℓ denotes the internal state size). In this work, we revisit and extend these results, with a focus on properties of concrete hash functions such as a limited message length, and special iteration modes. We begin by devising the first state-recovery attack on HMAC with a HAIFA hash function (using a block counter in every compression function call), with complexity 2 4ℓ/5. Then, we describe improved trade-offs between the message length and the complexity of a state-recovery attack on HMAC. Consequently, we obtain improved attacks on several HMAC constructions used in practice, in which the hash functions limit the maximal message length (e.g., SHA-1 and SHA-2). Finally, we present the first universal forgery attacks, which can be applied with short message queries to the MAC oracle. In particular, we devise the first universal forgery attacks applicable to SHA-1 and SHA-2.

Original languageEnglish
Title of host publicationAdvances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings
PublisherSpringer Verlag
Number of pages20
EditionPART 1
ISBN (Print)9783662443705
StatePublished - 1 Jan 2014
Externally publishedYes
Event34rd Annual International Cryptology Conference, CRYPTO 2014 - Santa Barbara, CA, United States
Duration: 17 Aug 201421 Aug 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 1
Volume8616 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference34rd Annual International Cryptology Conference, CRYPTO 2014
Country/TerritoryUnited States
CitySanta Barbara, CA


  • GOST
  • HMAC
  • Hash functions
  • MAC
  • Merkle-Damgård
  • SHA family
  • Streebog
  • state-recovery attack
  • universal forgery attack


Dive into the research topics of 'Improved generic attacks against hash-based MACs and HAIFA'. Together they form a unique fingerprint.

Cite this