Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 4: Hash Functions

Published byStella Sharon Bradford Modified over 4 years ago

Similar presentations

Presentation on theme: "Lecture 4: Hash Functions"— Presentation transcript:

1 Lecture 4: Hash Functions
6/16/2019 Lecture 4: Hash Functions CS 436/636/736 Spring 2013 Nitesh Saxena

2 Course Administration
6/16/2019 Course Administration HW1 being graded Solution was ed Expect HW2 by coming Monday Covers mostly Public Key Cryptography Will be due in days 6/16/2019 Lecture 4: Hash Functions

3 Outline of Today’s lecture
6/16/2019 Outline of Today’s lecture Hash Functions Properties Birthday Paradox Generic Design 6/16/2019 Lecture 4: Hash Functions

4 Cryptographic Hash Functions
6/16/2019 Cryptographic Hash Functions Requirements of cryptographic hash functions: Can be applied to data of any length. Output is fixed length, usually very short Relatively easy to compute h(x), given x Function is deterministic Infeasible to get x, given h(x). One-wayness property Given x, infeasible to find y such that h(x) = h(y). Weak-collision resistance property Infeasible to find any pair x and y (x ≠ y) such that h(x) = h(y). Strong-collision resistance property or just collision resistance 6/16/2019 Lecture 4: Hash Functions

5 Some Applications of Hash Functions
6/16/2019 Some Applications of Hash Functions In general, can be used as a checksum for large amounts of data Password hashing Digital signatures Message authentication codes (will study later) Used also in RSA-OAEP, and many other cryptographic constructions 6/16/2019 Lecture 4: Hash Functions

6 Lecture 4: Hash Functions
6/16/2019 Hash Output Length How long should be the output (n bits) of a cryptographic hash function? To find collision - randomly select messages and check if hash matches any that we know. Throwing k balls in N = 2n bins. How large should k be, before probability of landing two balls in the same becomes greater than ½? Birthday paradox - a collision can be found in roughly sqrt(N) = 2(n/2) trials for an n bit hash In a group of 23 (~ sqrt(365)) people, at least two of them will have the same birthday (with a probability > ½) Hence n should be at least 160 6/16/2019 Lecture 4: Hash Functions

7 Lecture 4: Hash Functions
6/16/2019 Birthday Paradox Probability that hash values of k random messages are distinct is (that is, no collisions) is: 6/16/2019 Lecture 4: Hash Functions

8 Generic Hash Function – Merkle-Damgard Construction
6/16/2019 Generic Hash Function – Merkle-Damgard Construction This design for H() is collision-resistant given that h() is collision resistant Intuitively, this is because there is a avalanche effect – even if the inputs differ in just 1 bit, the outputs will be completely different IV is a known public constant

9 An Illustrative Example from Wikipedia
6/16/2019 An Illustrative Example from Wikipedia 6/16/2019 Lecture 4: Hash Functions

10 Lecture 4: Hash Functions
Practical Examples SHA-1 Output 160 bits B’day attack requires 280 calls Faster attacks 269 calls MD5 Output is 128 bits, so B’day attack requires 264 calls only Faster attacks to find a collision: Better use stronger versions, such as SHA-256 Although, these attacks are still not practical – they only find two random messages that collide 6/16/2019 Lecture 4: Hash Functions

11 Lecture 4: Hash Functions
6/16/2019 Further Reading Stallings Chapter 11 HAC Chapter 9 6/16/2019 Lecture 4: Hash Functions

Download ppt "Lecture 4: Hash Functions"

Similar presentations

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements: 1. Class cancelled tomorrow 2. HW7 due date moved to Thursday. Questions? This week: Birthday attacks, Digital signatures Birthday attacks,

Announcements: 1. Class cancelled tomorrow 2. HW7 due date moved to Thursday. Questions? This week: Birthday attacks, Digital signatures Birthday attacks,
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester 2008-2009 ITGD 2202 University of Palestine.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.

Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.

Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)

1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Similar presentations

Ads by Google