Distinguishing Attacks On LPMAC Instantiated With Reduced SHA-1 And Partial Key Recovery Attacks On 53-step SHA-1-MAC

With the rapid development of information, information has become an important resource for the world development. Information security plays a very important role, which is directly related to the normal operation of all respects in society life. Particu-larly, with the rise of e-commerce in recent years, requirements on global information security improves, message encryption, authentication and security transmission beco-me more and more important.The cipher technique is the basic method in the information security application, as one of its based algorithms, the hash function not only has become the theory foundation, but also has been extensively applied in many fields. Recently, with the breakthrough of the analysis of hash function, hash function design and analysis of the filed of information security has become a hot issue. Furthermore, the development of hash function promotes the research of Message Authentication Code(MAC). The security of hash-based MAC algorithms gets more attention.The thesis analyzes the security of MAC algorithms based on SHA-1, under the guidance of our tutor, the results are as follows:(1) Distinguishing attacks on LPMAC instantiated with 63-step(5-67) SHA-1Based on the in-depth analysis of collisions of SHA-System and Wang et.al's distinguishing attacks on LPMAC, point out and correct the mistakes in Qiao et.al's distinguishing attacks on LPMAC instantiated with 63-step(8-70) SHA-1. Then, design a program to search for and choose a suitable differential path. The disturbance vector we found is same with the one Qiao et.al used, but shifted to different position. Combined with the new distinguisher proposed by Wang et. al, we successfully apply the distinguishing attack on LPMAC instantiated with 63-step SHA-1, while the complexity is 2155 queries and success rate is 0.70.(2) Distinguishing attacks on LPMAC instantiated with 66-step(15-80) SHA-1The method,which is used on distinguishing attack on LPMAC instantiated with 65-step SHA-1 by Qiao et. al, makes use of a single differential path instead of the doubled differential path to surpass the restriction of 40 conditions. We re-construct distinguisher, search for and choose a suitable differential path.By this way, we can reach up to 66-step SHA-1, with the complexity is 281 queries and success rate is 0.51.(3) Partial key recovery attacks on 53-step(20-72) SHA-1-MACCombined with Contini et.al's partial key recovery attacks on HMAC-MD5 and Wang et.al's key recovery attacks on MD5-MAC, using the differential path found by program,which is first proposed by Rechberger, and deducing the necessary and sufficient conditions that the differential path holds, we give the partial key recovery attacks on 53-step(20-72) SHA-1-MAC. Because the differential path starts at the 20th step, we only consider the subkey K1 is transformed into 3 32-bit K1[1], K1[2] and K1[3].We recovery subkey K1 of 96 bits and subkey Ko of 160 bits. The complexity is 2106 MAC queries.