Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

Similar documents
Cryptographic Hash Functions

CS-E4320 Cryptography and Data Security Lecture 5: Hash Functions

Cryptographic Hash Functions

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Message Authentication Codes and Cryptographic Hash Functions

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptographic Hash Functions

Permutation-based symmetric cryptography

CSCE 715: Network Systems Security

Cryptographic hash functions and MACs

H must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls)

Data Integrity. Modified by: Dr. Ramzi Saifan

Jaap van Ginkel Security of Systems and Networks

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

ENEE 459-C Computer Security. Message authentication

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Cryptographic Hash Functions. William R. Speirs

Cryptography. Summer Term 2010

Lecture 1 Applied Cryptography (Part 1)

COMP4109 : Applied Cryptography

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

CSC 5930/9010 Modern Cryptography: Cryptographic Hashing

Lecture 1: Course Introduction

Introduction to Cryptography. Lecture 6

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Cryptography MIS

CIS 4360 Secure Computer Systems Symmetric Cryptography

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Spring 2010: CS419 Computer Security

Chapter 11 Message Integrity and Message Authentication

CS408 Cryptography & Internet Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 4: Hashes and Message Digests,

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

BCA III Network security and Cryptography Examination-2016 Model Paper 1

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.

Encryption. INST 346, Section 0201 April 3, 2018

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Winter 2011 Josh Benaloh Brian LaMacchia

V.Sorge/E.Ritter, Handout 6

Generic collision attacks on hash-functions and HMAC

Ref:

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Message authentication codes

Network and System Security

CSC 580 Cryptography and Computer Security

Data Integrity & Authentication. Message Authentication Codes (MACs)

Course Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here

HOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key

Computer Security: Principles and Practice

Overview. CSC 580 Cryptography and Computer Security. Hash Function Basics and Terminology. March 28, Cryptographic Hash Functions (Chapter 11)

UNIT - IV Cryptographic Hash Function 31.1

P2_L8 - Hashes Page 1

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Cryptography and Network Security

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Some Stuff About Crypto

Message Authentication and Hash function 2

Summary on Crypto Primitives and Protocols

Computer Security Spring Hashes & Macs. Aggelos Kiayias University of Connecticut

Cryptography and Network Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Jaap van Ginkel Security of Systems and Networks

CIT 480: Securing Computer Systems. Hashes and Random Numbers

Security Requirements

Security Analysis of Extended Sponge Functions. Thomas Peyrin

MasterMath Cryptology /2 - Cryptanalysis

Keccak discussion. Soham Sadhu. January 9, 2012

Symmetric, Asymmetric, and One Way Technologies

Integrity of messages

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012

ECE 646 Lecture 12. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value.

Computer Networks. Wenzhong Li. Nanjing University

e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Hash Algorithm Module No: CS/CNS/28 Quadrant 1 e-text

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Cipher Suite Configuration Mode Commands

Lecture 4: Authentication and Hashing

Kurose & Ross, Chapters (5 th ed.)

Cryptographic Concepts

Secret Key Algorithms (DES)

S. Erfani, ECE Dept., University of Windsor Network Security

Introduction to Software Security Hash Functions (Chapter 5)

Data Integrity & Authentication. Message Authentication Codes (MACs)

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Message Authentication with MD5 *

Construction of secure and fast hash functions using nonbinary error-correcting codes

Network Security. Cryptographic Hash Functions Add-on. Benjamin s slides are authoritative. Chair for Network Architectures and Services

Computer Security: Hashing

NIST Cryptographic Toolkit

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Transcription:

Hash Function Guido Bertoni Luca Breveglieri Fundations of Cryptography - hash function pp. 1 / 18

Definition a hash function H is defined as follows: H : msg space digest space the msg space is the set of all cleartexts the digest space is the set of the possible hash images of the cleartexts H(M) = x means that msg M maps to digest x normally the msg space is much larger than the digest space (by many orders of magnitude) in general hash functions are not injective Fundations of Cryptography - hash function pp. 2 / 18

Characteristics a hash function should have the following properties for being useful in cryptography: pre-image resistance: give a digest x, then it should be difficult to find a message M such that H ( M ) = x second pre-image resistance: give message M, then it should be difficult to find another message N such that H ( M ) = H ( N ) collision resistance: it should be difficult to find two messages M and N (of any type) such that H ( M ) = H ( N ) it is not so easy to ensure all such properties! Fundations of Cryptography - hash function pp. 3 / 18

Properties it should be easy to compute a hash function a has function should ensure a good compression example: suppose the max length of msg M is 2 64 bits ( 16 M Tera bytes) then usually the length of the digest x = H ( M ) is in the order of 128 to 512 bits only give a hash function with digest length equal to d 1 bits brute force attack finds a message that maps message M onto the digest x = H ( M ) in 2 d hash computations two messages M and N that have equal digests, i.e. such that H ( M ) = H ( N ), can be found in 2 d / 2 hash operations (average) this is a consequence of the birthday paradox Fundations of Cryptography - hash function pp. 4 / 18

Merkle Damgård construction This is one of the most used constructions It rely on the use of a compression function, usually indicated as f F is a compression function, taking two inputs, part of the input message and a chaining value Generating a chaining value output Fundations of Cryptography - hash function pp. 5 / 18

Generic Structure of a Hash Function initial value padded message temporary digest HASH function.. HASH function temporary digest.. HASH function digest somewhat similar to a generic secret key algorithm (but for the absence of key) Fundations of Cryptography - hash function pp. 6 / 18

MD5 and SHA-1 MD5 and SHA-1 are the two most used hash functions today both process the message in blocks of 512 bits if the message length is not a multiple of 512 bits, the message is justified to the boundary by padding then the message is processed one block at a time MD5 is considered not secure, particularly for the collision resistance a new study on the weaknesses of SHA-1 has been presented at Crypto 2005 (and has proved to work) new standard to replace SHA-1 has been approved: SHA-2 with digest length equal to 224, 256, 384 or 512 bits Fundations of Cryptography - hash function pp. 7 / 18

MD5 hash function MD5 (Multimedia Digest version 5) is a simple and common hash algorithm it is an instance of the general hash model the size of the digest of MD5 is 128 bits the digest of MD5 composed by four 32 bit words, denoted A, B, C and D the initial value has been fixed by the designer of MD5 (Ron Rivest) MD5 can be implemented in SW and HW Fundations of Cryptography - hash function pp. 8 / 18

MD5 structure the algorithm is composed by four steps each step is composed by sixteen core operations (total 64 core operations) the core operation takes as input: the four digest words of the temporary digest output by the previous core operation one more word of the message and one constant word the core operation permutes the four digest words and modifies one of them (see next) Fundations of Cryptography - hash function pp. 9 / 18

MD5 core operation A B C D + F m j T k S p + + << + B C D A Fundations of Cryptography - hash function pp. 10 / 18

MD5 core operation A, B, C and D are the four digest words the core operation is parametrised by the following additional inputs m j the j th block of the message T k a set of constants S p the number of left rotations where indices k and p are updated depending on the step and core operation all the internal additions are modulo 2 32 function F changes at every step: step 1 F = (B and C) or (not B and D) step 2 F = (B and D) or (C and not D) etc Fundations of Cryptography - hash function pp. 11 / 18

MD5 security Collision resistance A collision can be found with an effort of 2^24, much lower than the 2^64 expected Preimage It has been shown that preimage can be found with complexity of 2^123 Fundations of Cryptography - hash function pp. 12 / 18

SHA-1 SHA-1 (Secure Hash Standard version 1) is a popular has function as well SHA-1 is a derivation of MD5 SHA-1 was developed by NSA for NIST a previous version of SHA (named SHA-0) had been preliminary published but SHA-0 was soon retired by NSA due to hidden faults, never clearly explained Fundations of Cryptography - hash function pp. 13 / 18

SHA-1 structure SHA-1 uses five temporary variables and outputs a longer digest than MD5: 160 bits MD5 takes only 64 iterations to process sixteen message words SHA-1 takes 80 iterations to process sixteen message words SHA-1 is composed by four steps each step is composed by 20 applications of the core operation (see next) Fundations of Cryptography - hash function pp. 14 / 18

SHA-1 core operation generalisation of MD5 core A B C D E << 30 F + << 5 + + W j + K i B C D E A Fundations of Cryptography - hash function pp. 15 / 18

Uses of Hash Functions hash functions are components of more complex cryptographic algorithms and protocols main uses of hash functions are the following: DSA Digital Signature MAC Message Authentication Code KDF Key Derivation Function MGF Mask Generation Function but in general a hash function (of some type) is used whenever one need compress a msg Fundations of Cryptography - hash function pp. 16 / 18

DSA DSA (digital signature) is a protocol to authenticate a message M DSA is based on public key cryptography: the signature of M is computed with the secret key the signature of M is verified with the public key actually, instead of computing the signature of the whole message M, only the digest H (M) of M is signed, as it is much shorter Fundations of Cryptography - hash function pp. 17 / 18

HMAC MAC (message authentication code) is a piece of information that authenticates the message (it is an alternative to using digital signature) HMAC is a MAC based on a hash function H the two entities must already have a secret key the HMAC of msg M is generated as follows: HMAC (M) = H ( secret key H ( secret key M ) ) where operator indicates concatenation the security of HMAC is based on two aspects: the difficulty of finding a message that maps on a given digest and the secrecy of the key the two occurrences of the secret key in the above formula are padded in two different ways Fundations of Cryptography - hash function pp. 18 / 18

KDF KDF (key derivation function) is used to create a secret key from a shared secret, for example: from the result of a Diffie-Hellman key exchange or from a random number obtained from a not very secure random number generator (RNG) the common secret is processed by the hash function and eventually a counter is added KDF (Z) = H (Z, C 0 ) H (Z, C 1 ) H (Z, C 2 ) where Z is the secret and C i is the counter Fundations of Cryptography - hash function pp. 19 / 18

MGF MGF (mask generation function) is used to pad a message, especially in the case of digital signature or public key encryption It is typically used when the output of the hash function is too short What should be needed is the so called full domain hash Fundations of Cryptography - hash function pp. 20 / 18

Tree Hashing When the message is particularly long and part of it can change and the new hash should be computed, it is useful to construct a tree, where leafs are message blocks, intermediate nodes are hashes of sub-tree Fundations of Cryptography - hash function pp. 21 / 18

Alternative to Merkle Damgård An hash function designed on top of MD is collision resistance if the compression function is collision resistance Not easy to build such a function There are some alternative design for trying to have a simpler design Fundations of Cryptography - hash function pp. 22 / 18

Block Cipher primitives Different like: Davies Meyer, Matyas Meyer Oseas, Miyaguchi Preneel Fundations of Cryptography - hash function pp. 23 / 18

Stream Cipher mode Example is Panama A large enough state, where input are injected, and a non linear function that compute the update of the state Part of the state is outputed when needed Fundations of Cryptography - hash function pp. 24 / 18

Sponge Construction Use of a plain permutation Fundations of Cryptography - hash function pp. 25 / 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback