Let\'s say I have a long sentence, like \"The quick brown fox jumped over the la

Question

Let's say I have a long sentence, like "The quick brown fox jumped over the lazy dog." Let's further say that I need to keep this string encrypted, so I use an HMAC. Let's further further say I want to be able to do prefix searches for this string, so I also store all possible prefixes of this string, like HMAC("T"), HMAC("Th"), HMAC("The"), HMAC("The "), etc.

I recognize there are some weaknesses between rows here involving overlap, but what I'm interested in is whether having this one row's set of HMAC values is enough to make things insecure. Could an adversary work out the key, or any part of the plaintext, given a series of HMAC values for all of a given input's prefix values?

Feel free to use any flavor of HMAC if it'll help you argue that there's a weakness.

Explanation / Answer

I'll start by assuming that your instance of HMAC is a secure MAC function, which comes down to making various assumptions about the hash function it is instantiated with.

If this assumption holds, then an adversary will not be practically able to recover the key, even if they have access to a large number of MACs and the corresponding plaintexts, or even if they get to choose their own plaintexts

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.