Presentation is loading. Please wait.

Presentation is loading. Please wait.

ICS 454 Principles of Cryptography

Published byBrice Denis Hodges Modified over 5 years ago

Similar presentations

Presentation on theme: "ICS 454 Principles of Cryptography"— Presentation transcript:

1 ICS 454 Principles of Cryptography
Secure Hashing and DSS Sultan Almuhammadi

2 Outline One-way functions Secure Hash function
Authentication (example) Digital Signature Standards (DSS)

3 Definitions One-way function f :AB Trapdoor one-way function
Given x  A, it is easy to compute f (x) Given f (x), it is hard to compute x Trapdoor one-way function A one-way function f :A  B with a secret s, such that Given f (x) and s, it is easy to compute x

4 Examples One-way function Trapdoor one-way function
Multipicative group Zp* with generator g f (x) = gx mod p Trapdoor one-way function Multiplicative group Zn* where n = p.q for primes p,q f (x) = x2 mod n The secret is: (p and q)

5 Hash Function Definition: one-way hash function h(x)
A one-way hash function operates on an input message x of arbitrary length, and outputs a fixed-length hash value h(x). Given x, it is easy to compute h(x) Given h(x), it is infeasible to compute x

6 Hash Function Properties
h can be applied to an input of any size h produces a fixed-length output One-way property: Easy to compute h(x), but infeasible to compute x given h(x) (Preimage resistance) Collision resistance property: Weakly collision-free: Given x, it is infeasible to find y  x, such that h(x) = h(y) (Second preimage resistance) Strongly collision-free: It is infeasible to find any pair (x, y) such that y  x and h(x) = h(y) (Collision resistance)

7 Secure Hashing Definition: h is cryptographically secure if it is a one-way collision-free hash function. Note: Strong/weak collision resistance depends on the sensitivity of the application Given a message M, h(M) is called the hash value of M , hash code, or the message digest. Examples: SHA, MD4, MD5, Whirlpool

8 Security of Hash Functions
Effort Required for Brute-Force Attack (on average) One way 2n-1 Weak collision resistance Strong collision resistance 2n/2

9 General Structure of Secure Hashing

10 Secure Hash Algorithm (SHA)
Developed by National Institute of Standards and Technology (NIST) in 1993. In 1995, NIST published SHA-1 Based on MD4 Output: 160-bit hash value In 2002, NIST defined 3 versions (SHA-256, SHA-384, SHA-512) with hash value lengths: 256, 384, and 512. In 2005, NIST approved the phase out of SHA-1 and moving to other versions of SHA by 2010.

11 MD4 MD stands for Message Digest and designed by Ron Rivest
Output: 128-bit hash values Design goals (claimed by Rivest) Strongly collision-free (no attack is better than brute-foce) The security is based on no assumption (like hardness of factorization) MD4 was cryptanalyzed shortly after publishing and some parts were successfully attacked.

12 MD5 MD5 is an improved version of MD4 Output: 128-bit hash values
Ron Rivest made several improvements of MD5 over MD4 MD5 was cryptanalyzed but there is no practical impact on the security of the hash function

13 Whirlpool Based on the use of a block cipher for the compression function (initially DES, later AES) General drawbacks of using block cipher: Block ciphers are invertible lack of randomness Low performance due to slow block ciphers Weakness due to regularities of block ciphers Hash value length restriction due to block sizes: h  2b Since the adoption of AES, Whirlpool overcomes the above drawbacks.

14 Whirlpool Advantages of using AES
Hash code length is 512 bits (same as SHA) Resistant to usual attacks on block-cipher hashing Good performance and compact implementation on software and hardware

15 Applications of Secure Hashing
Authentication Digital Signature

16 Example: Authentication
Alice logs into a host computer She identifies herself by a username and a password The host computer stores a all username-password in a a database and check for a match. Authentication using secure hash functions Alice sends her password to the host The host hashes the password and compares the hash value to the value it previously stored If Eve steals the hash values, she still cannot log in, since the hash function is one-way and collision-free.

17 Digital Signature Standard (DSS)
Proposed by the National Institute of Standards and Technology (NIST) in 1991 DSS uses a digital signature algorithm (DSA): Designed to provide only the digital signature function Cannot be used for encryption or key exchange Must be a public-key technique (publicly verifiable) Use the SHA for hashing the message Example of digital signature approaches: RSA Approach DSS Approach

18 Digital Signature Approaches (DSS vs. RSA)

19 Digital Signature Algorithm (DSA)
NIST adopted DSA based on ElGamal digital signature with the following parameters: Prime p of length bits 160-bit prime q such that q | (p – 1) g is of the form g = h(p-1)/q mod p Private key: x, Public key: y = gx mod p The signature (a, b) is computed by: a = (gr mod p) mod q, for random r < q b = (r-1 (SHA(M) + x.a)) mod q The length of the signature (a, b) = 2 x 160 bits

Download ppt "ICS 454 Principles of Cryptography"

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
PULIC –KEY CRYPTOGRAPHY AND MESSAGE AUTHENTICATION.

PULIC –KEY CRYPTOGRAPHY AND MESSAGE AUTHENTICATION.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.

Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden +46 470 70 86.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

Similar presentations

Ads by Google