An update on the side channel cryptanalysis of MACs based on cryptographic hash functions

Praveen Gauravaram, Katsuyuki Okeya

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


    Okeya has established that HMAC/NMAC implementations based on only Matyas-Meyer-Oseas (MMO) PGV scheme and his two refined PGV schemes are secure against side channel DPA attacks when the block cipher in these constructions is secure against these attacks. The significant result of Okeya's analysis is that the implementations of HMAC/NMAC with the Davies-Meyer (DM) compression function based hash functions such as MD5 and SHA-1 are vulnerable to side channel attacks. In this paper, first we show a partial key recovery attack on NMAC/HMAC based on Okeya's two refined PGV schemes by taking practical constraints into consideration. Next, we propose new hybrid NMAC/HMAC schemes for security against side channel attacks assuming that their underlying block cipher is ideal. We then show that M-NMAC, MDx-MAC and a variant of the envelope MAC scheme based on DM with an ideal block cipher are secure against DPA attacks.
    Original languageEnglish
    Title of host publicationINDOCRYPT 2007 : 8th International Conference on Cryptology in India
    EditorsKannan Srinathan, Pandu Rangan, Moti Yung
    Place of PublicationBerlin Heidelberg
    PublisherSpringer Verlag
    Publication date2007
    ISBN (Print)978-3-540-77025-1
    Publication statusPublished - 2007
    Event8th International Conference on Cryptology in India: Progress in Cryptology - Chennai, India
    Duration: 9 Dec 200713 Dec 2007
    Conference number: 8


    Conference8th International Conference on Cryptology in India
    Internet address
    SeriesLecture Notes in Computer Science

    Bibliographical note

    This content in the paper is supported by The Danish Research Council for Technology and Production Sciences grant no. 274-05-0151 and partly supported by National Institute of Information and Communications Technology (NICT), Japan.


    • RDPA
    • DPA,
    • MDx-MAC
    • HMAC
    • M-NMAC
    • Side channel attacks


    Dive into the research topics of 'An update on the side channel cryptanalysis of MACs based on cryptographic hash functions'. Together they form a unique fingerprint.

    Cite this