Presentation is loading. Please wait.

Presentation is loading. Please wait.

Team TDB Members: Anthony Knopp Zach Langley

Published byLoreen Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "Team TDB Members: Anthony Knopp Zach Langley"— Presentation transcript:

1 Team TDB Members: Anthony Knopp Zach Langley
SHA-1 Team TDB Members: Anthony Knopp Zach Langley

2 Overview SHA-1 is a cryptographic hash function designed by the NSA and published by the NIST as a U.S Federal standard. It is a Merkle-Damgard construction, 160 bit digest size hash that performs 80 rounds. The spec was first published in 1995, two years after SHA-0. In 2005 SHA-1 was proven to be “broken” and various weaknesses were found in the hash function. No collisions were found but the running time to find one was proven to be much smaller than brute force.

3 Padding SHA-1 pads data in the following way:
1) Append the bitstring 10000…000 to the message (the amount of 0’s depends on the original message length) 2) The last two words in the message are set to be the amount of bits in the original message E.g., “hello” after padding becomes: c6c 6f

4 Round Function Constants: A0 = 67452301 B0 = EFCDAB89 C0 = 98BADCFE
E0 = C3D2E1F0 K0..19 = 5A827999 K = 6ED9EBA1 K = 8F1BBCDC K = CA62C1D6

5 Original Design Original Algorithm: We originally stored the words to hash as a circular queue of sixteen 32- bit words, and used bitwise operations to compute hash Took advantage of Merkle-Damgård construction by using an append(byte) method, which would hash the data as it filled up

6 Original Runtime Measurements
time java –Xint SHATest test.txt time java –Xint SHATestBulk Trial(#) 20mb File Results(s) 1 82.284 2 82.228 3 82.227 Average 82.246 Trial(#) bulk encrypt Results(s) 1 2 3 Average

7 Original Profile(File)
Rank Self Accum Method Location 1 12.03% java.io .BufferedInputStream .read SHATest.java:11 2 9.66% 21.68% SHA1.compress SHA1.java:113 3 7.71% 29.40% SHA1.java:97 4 7.21% 36.61% SHA1.f SHA1.java:11 5 7.14% 43.75% SHA1.append SHA1.java:45

8 Original Profile(Bulk Encryptions)
Rank Self Accum Method Location 1 10.23% SHA1.compress SHA1.java:113 2 8.46% 18.69% SHA1.java:97 3 7.50% 26.19% SHA1.f SHA1.java:11 4 6.83% 33.02% SHA1.java:88 5 6.09% 39.11% SHA1.java:101 6 4.88% 43.99% SHA1.java:94 7 4.05% 48.13% SHA1.java:22

9 Original Analysis Offending lines: data = new int[16];
int temp = circularShift(a, 5) + f(t, b, c, d) e + data[s] + k[t/20]; if (t < 20) for (int t = 0; t <= 79; t++) { c = circularShift(b, 30); data[s] = circularShift(data[s], 1); return (x << n) | (x >>> (32 - n)); if (bytes >= 4 * data.length)

10 Revised Design Unrolled loop
Operated on an array of 80 words, instead of masking with 16 In-lined all functions and constants Used 5 chaining values instead of an array

11 Revised Design Runtime
time java –Xint SHATestOptimized test.txt time java –Xint SHATestBulkOptimized Trial(#) 20mb File Results(s) 1 49.010 2 48.973 3 49.261 Average 49.081 Trial(#) 20mb File Results(s) 1 65.342 2 65.412 3 65.400 Average 65.384

12 Revised Design Profile (file)
Rank Self Accum Method Location 1 30.40% java.io .BufferedInputStream .read SHATest.java:11 2 14.41% 44.82% OptimizedSHA1.append OptimizedSHA1.java:26 3 8.06% 52.87% 4 2.06% 54.94% 5 1.94% 56.88%

13 Revised Design Profile(Bulk Encryptions)
Rank Self Accum Method Location 1 24.84% java.lang .AbstractStringBuilder .<init> OptimizedSHA1.java:316 2 5.79% 30.63% java.util.Arrays .copyOfRange 3 5.56% 36.19% 4 5.52% 41.70% 5 5.41% 47.11% 6 5.06% 52.18% 7 1.71% 53.89%

14 Revised Analysis Offending lines:
String ret = Hex.toString(chain0) + Hex.toString(chain1) + Hex.toString(chain2) + Hex.toString(chain3) + Hex.toString(chain4); data[bytes >> 2] = (data[bytes >> 2] << 8) | (b & 0xff);

15 What We Learned We learned that the government spec for SHA-1 is very thorough in its description and implementation of SHA-1. The implementation didn’t pose much trouble. We learned that really trying to trim down run time can be a pain and requires a lot of trial and error. You can have an idea of what will reduce runtime but it turns out it doesn’t really help at all and sometimes makes it worse.

16 Possible Future Work There’s not much future work when it comes to implementing the algorithm. It would be interesting to implement the algorithm in another language and compare the running times between Java and the other language. Future work could also include attempting to implement some of the attacks against SHA-1 and see if we can find some collisions on smaller amounts of rounds.

Download ppt "Team TDB Members: Anthony Knopp Zach Langley"

Similar presentations

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
SECURE HASHING ALGORITHM By: Ruth Betcher. Purpose: Authentication Not Encryption Authentication Requirements:  Masquerade – Insertion of message from.

SECURE HASHING ALGORITHM By: Ruth Betcher. Purpose: Authentication Not Encryption Authentication Requirements:  Masquerade – Insertion of message from.
SHA-1 collision found Lukáš Miňo, Richard Bartuš.

SHA-1 collision found Lukáš Miňo, Richard Bartuš.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.

MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.
Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.

Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.
MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.

MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
By: Matthew Ng. SHA stands for Secure Hash Algorithm It is based off the Merkle-Dangard hash function There are 3 versions of it with one coming in 2012.

By: Matthew Ng. SHA stands for Secure Hash Algorithm It is based off the Merkle-Dangard hash function There are 3 versions of it with one coming in 2012.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
SHA (secure hash algorithm) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

SHA (secure hash algorithm) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google