Cryptographic Hash Functions

Introduction A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digest.

The ideal cryptographic hash function has four main properties It is easy to compute the hash value for any given message It is infeasible to generate a message that has a given hash It is infeasible to modify a message without changing the hash It is infeasible to find two different messages with the same hash

There are several well-known hash functions in use today: Hashed Message Authentication Code (HMAC): Combines authentication via a shared secret with hashing. Message Digest 2 (MD2): Byte-oriented, produces a128-bit hash value from an arbitrary-length message, designed for smartcards. MD4: Similar to MD2, designed specifically for fast processing in software. MD5: Similar to MD4 but slower because the data ismanipulated more. Developed after potential weaknesses were reported inMD4. Secure Hash Algorithm (SHA): Modeled after MD4 and proposed by NIST forthe Secure Hash Standard (SHS), produces a 160-bit hash value.

Merkle-Damgard Scheme A hash function must be able to process an arbitrary-length message into a fixed-length output. This can be achieved by breaking the input up into a series of equal-sized blocks, and operating on them in sequence using a one-way compression function. The compression function can either be specially designed for hashing or be built from a block cipher. A hash function built with the Merkle–Damgård construction is as resistant to collisions as is its compression function; any collision for the full hash function can be traced back to a collision in the compression function.

Cont.., The last block processed should also be unambiguously length padded; this is crucial to the security of this construction. This construction is called the Merkle–Damgard construction. Most widely used hash functions, including SHA-1 and MD5, take this form. The construction has certain inherent flaws, including length-extension and generate-and-paste attacks, and cannot be parallelized. As a result, many entrants in the current NIST hash function competition are built on different, sometimes novel, constructions.

Merkle-Damgard Scheme Figure Merkle-Damgard scheme

Crypto Hash Function Design Desired property: avalanche effect Any change to input affects lots of output bits Crypto hash functions consist of some number of rounds Analogous to block cipher in CBC mode Want security and speed Avalanche effect after few rounds But simple rounds

Crypto Hash Function Design Input data split into blocks Compression function applied to blocks Current block and previous block output Output for last block is the hash value For hashes we consider Block size is 512 bits Compression function output is 128 bits

Rabin Scheme

Davies-Meyer Scheme

Matyas-Meyer-Oseas Scheme

Miyaguchi-Preneel Scheme

Applications for hashes We can use a hash any time we want to prove message integrity. Hash values have been important in incident response for a long time. They can be used to put a "tamper proof seal" on digital evidence as it is collected. For instance, many incident responders prefer Polaroid cameras since digital photos can be easily altered. However, digital cameras are much more convenient, so best practice is to make a hash of the digital photo as soon as possible to reduce the time window on ecould claim the photo was altered. Some cameras such as Nikon D200 and beyond have the ability to "authenticate" the images they shoot; this, of course, is done with a hash.

The End Thank you