“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Topic 1.Background 2.“Chinese” collision attacks 3.Results for MD4 and MD5.

Slides:



Advertisements
Similar presentations
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.
MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
Foundations of Network and Computer Security J J ohn Black Lecture #8 Sep 15 th 2005 CSCI 6268/TLEN 5831, Fall 2005.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
By Jyh-haw Yeh Boise State University ICIKM 2013.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
A Case for a Parallelizable Hash Alan Kaminsky and Stanislaw Radziszowski Department of Computer Science B. Thomas Golisano College of Computing and Information.
1 Hash Functions. 2 A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length
Cryptographic Hash Functions
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Chapter 11 Message Authentication and Hash Functions.
Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
11 Authentication Algorithms Discussions CCSDS Security WG Winter 2007 Colorado Springs, Colorado USA Howard Weiss NASA/JPL/SPARTA
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2014 Nitesh Saxena.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
DTTF/NB479: Dszquphsbqiz Day 26
Message Integrity and Message Authentication
Cryptographic Hash Functions
Cryptographic Hash Function
Cryptographic Hash Functions
Cryptographic Hash Functions Part I
Cryptographic Hash Functions
ICS 454 Principles of Cryptography
How to Break MD5 and Other Hash Functions
Security in Network Communications
Pre-image Resistance: Given a, hard to find b such that ____
ICS 454 Principles of Cryptography
Better security for maintainers
DTTF/NB479: Dszquphsbqiz Day 27
Cryptographic Hash Functions Part I
Lecture 4.1: Hash Functions, and Message Authentication Codes
Practical Aspects of Modern Cryptography
Hashing Hash are the auxiliary values that are used in cryptography.
SHA: Secure Hash Algorithm
Lecture 4: Hash Functions
Hash Function Requirements
CRYPTOGRAPHY & NETWORK SECURITY
Presentation transcript:

“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Topic 1.Background 2.“Chinese” collision attacks 3.Results for MD4 and MD5 attacks 4.What does it mean and what to do about it? 5.Conclusion

“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Background 1.Two sides of a coin: developing new hash functions and breaking them. 2.MD4 (1990) family hash functions and attacks on them. 3.Breakthroughs by “Chinese” attacks in 2004 and 2005: MD4, MD5, HAVAL, RIPEMD, SHA-0, SHA-1. 4.Best results: MD4: 2^8 MD4 operations. MD5: 2^39 MD5 operations for first blocks and 2^32 for second blocks. SHA-1: 2^63 SHA-1 operations.

“Chinese” Attacks on Hashes March 11, 2006, Bing Wu “Chinese” collision attacks Find a “low-Hamming-weight differential” Δ (a vector of almost all zeros) such that for messages M, the probability that h(M  Δ) = h(M) is larger than it should be. Basically, the attacks are involved with three steps: 1.Find a collision differential for which M and M’ probably produce a collision. 2.Derive a set of sufficient conditions which ensure the collision differential to hold. 3.Make some modification to M such that almost all the sufficient conditions hold. This is done by two types of message modification techniques, which are termed as “single-step modification” and “multi- step modification”. This greatly improves the probability that M and M’ may produce a collision.

“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Results for MD4 and MD5 attacks Computational resource: My PC, Pentium4, 3.40G, WinXP. C programs on Unix/Linux (Cygwin on Windows). Results for “Chinese” attacks on MD4 and MD5. MD4: about 5 seconds to produce a collision. MD5: about 1 hour to produce a collision.

“Chinese” Attacks on Hashes March 11, 2006, Bing Wu What does it mean and what to do about it? Hash functions such as MD5 are no longer useful as digital signature hashes. No panic. Attacks are collision resistance attacks, not pre-image attacks. Applications that use hashes, such as HMAC-MD5 protocols are still fine. Don’t use MD4, MD5, HAVAL, RIPEMD, SHA-0, and avoid SHA-1 if possible. Upgrade to stronger ones, such as SHA-2. VSH is about the best generally published hash function, but needs more review. Alternative approaches: 1) Protocols without requiring that the hash function be collision resistant, such as adding randomness to hash functions. 2) Message pre-processing to convert plaintext messages into a form that makes all existing collision attacks inapplicable.

“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Conclusion “Chinese” attacks on hashes are remarkable in the cryptographic area. Makes people upgrade their systems to employ better hash functions as well as develop new and more collision-resistant hash functions. Greatly help us achieve a more secure digital world.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.