Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,"— Presentation transcript:

1 Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions and SHA-1 DTTF/NB479: DszquphsbqizDay 28

2 Hash Functions Goal: to provide a unique “fingerprint” of the message. How? Must demonstrate 3 properties: 1. Fast to compute y from m. 2. One-way: given y = h(m), can’t find any m’ satisfying h(m’) = y easily. 3. Strongly collision-free: Can’t find any m 1 != m 2 such that h(m 1 )=h(m 2 ) easily 4. (Sometimes we can settle for weakly collision-free: given m, can’t find m’ != m with h(m) = h(m’). Message m (long) Message digest, y (Shorter fixed length) Cryptographic hash Function, h Shrinks data, so 2 messages can have the same digest: m 1 != m 2, but H(m 1 ) = h(m 2 )

3 Hash Functions Examples: 1. h(m) = m (mod n) 2. Given large prime p, such that q=(p-1)/2 is also prime, and primitive roots  and  for p: where m = m 0 + m 1 q EHA (next) EHA (next) SHA-1 (tomorrow) SHA-1 (tomorrow) MD4, MD5 (weaker than SHA) MD4, MD5 (weaker than SHA) Lots more out there… Lots more out there… 3 properties: 1. Fast to compute 2. One-way: given y = h(m), can’t find any m’ satisfying h(m’) = y easily. 3. Strongly collision-free: Can’t find m 1 != m 2 such that h(m 1 )=h(m 2 ) For first 2 examples, please check properties 1-3.

4 EHA: Easy Hash Algorithm Break m into n-bit blocks, append zeros to get a multiple of n. There are L of them, where L =|m|/n Fast! But not very secure. Doing a left shift on the rows helps a little: Defineas left- shifting m by y bits Defineas left- shifting m by y bits Then Then =h(m)

5 EHA: Easy Hash Algorithm =h(m) Exercise: 1.Show that the basic (unrotated) version doesn’t satisfy properties 2 and 3. 2.Show that the rotated version doesn’t satisfy properties 2 and 3 either. 3 properties: 1. Fast to compute 2. One-way: given y = h(m), can’t find any m’ satisfying h(m’) = y easily. 3. Strongly collision- free: Can’t find m 1 != m 2 such that h(m 1 )=h(m 2 )

6 SHA-1: Secure Hash Algorithm NSA  NIST “This standard specifies a Secure Hash Algorithm (SHA), which is necessary to ensure the security of the Digital Signature Algorithm (DSA). When a message of any length < 2 64 bits is input, the SHA produces a 160- bit output called a message digest. The message digest is then input to the DSA, which computes the signature for the message. Signing the message digest rather than the message often improves the efficiency of the process., because the message digest is usually much smaller than the message. The same message digest should be obtained by the verifier of the signature when the received version of the message is used as input to SHA. The SHA is called secure because it is designed to be computationally infeasible to recover a message corresponding to the message digest. Any change to the message in transit will, with a very high probability, result in a different message digest, and the signature will fail to verify. The SHA is based on principles similar to those used by Professor Ronald L. Rivest of MIT when designing the MD4 message digest algorithm, and is closely modelled after that algorithm.” (Proposed Federal Information Processing Standard for Secure Hash Standard,” Federal Register, v. 57, n. 177, 11 Sep 1992, p. 41727) …how?

7 SHA-1: Prepare the message 1.Prepare the message. Given m, create 1000…000mmm…mxxxxx….x: 1. Append the length of m (<= 2 64, so can be written in 64 bits) 2. Prepend a 1 and then enough zeros to make the total a multiple of 512 bits 3. Break into L 512-bit chunks. Each will be used to compress into a 160- bit total message digest. Example: Encode m with length 5000 bits. What is L?

8 SHA-1: Notation Bitwise AND Bitwise OR Bitwise XOR Bitwise NOT Left-shift Addition, mod 2 32

9 SHA-1: Iterative compression Idea: iterate over all of the L blocks, outputting a value that is a function of the previous output and the current block: Now, the function h’… m1m1 m2m2 X0X0 X1X1 X2X2 h’ m3m3 X3X3 mLmL XLXL =h(m)

10 SHA-1: Compression function: h’ Input: X 0 (160 bits), m 1 (512 bits): Output: X 1 Expand m 1 from 512  2560 bits. m 1 =(W 1..W 15 ) Initialization 4 rounds of 20 iterations each): Each round uses a different K and different nonlinear mixing function f w 79 …w 16 … w 19 m1m1 w0w0 w1w1 w 15 … K 0..19 =5A827999 Round 1 K 20..39 =6ED9EBA1 K 40..59 =8F1BBCDC K 60..79 =CA62C1D6 Round 2 Round 3 Round 4 … (20 iters)

11 SHA-1: Compression function: h’ Input: X 0 (160 bits), m 1 (512 bits): Output: X 1 Expand m 1 from 512  2560 bits. m 1 =(W 1..W 15 ) Initialization 4 rounds of 20 iterations each): Each round uses a different K and different nonlinear mixing function f w 79 …w 16 … w 19 m1m1 w0w0 w1w1 w 15 … K 0..19 =5A827999 Round 1 K 20..39 =6ED9EBA1 K 40..59 =8F1BBCDC K 60..79 =CA62C1D6 Round 2 Round 3 Round 4 … (20 iters)

12

13 SHA-1: Iterative compression Repeat the algorithm on the previous slide L times until you’ve compressed the whole message into a single 160-bit vector. But each can be easily implemented in hardware. m1m1 m2m2 X0X0 X1X1 X2X2 h’ m3m3 X3X3 mLmL XLXL =h(m)

14 Summary What’s an attack on SHA look like? In other words, how do we find collisions? Stay tuned… Monday we learn what birthdays have to do with collisions How long before SHA will be broken?

Download ppt "Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,"

Similar presentations

Announcements: Choosing presentation dates (at end) Choosing presentation dates (at end)Questions? This week: Hash functions, SHA Hash functions, SHA Birthday.

Announcements: Choosing presentation dates (at end) Choosing presentation dates (at end)Questions? This week: Hash functions, SHA Hash functions, SHA Birthday.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.

MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.
Computer Science 654 Lecture 1 : Hash Functions Professor Wayne Patterson Howard University Spring 2010 (Stamp Chapter 5)

Computer Science 654 Lecture 1 : Hash Functions Professor Wayne Patterson Howard University Spring 2010 (Stamp Chapter 5)
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
Announcements: 1. Class cancelled tomorrow 2. HW7 due date moved to Thursday. Questions? This week: Birthday attacks, Digital signatures Birthday attacks,

Announcements: 1. Class cancelled tomorrow 2. HW7 due date moved to Thursday. Questions? This week: Birthday attacks, Digital signatures Birthday attacks,
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Module 4 Hash Functions Highline Community College Seattle University University of Washington in conjunction with the National Science Foundation.

Module 4 Hash Functions Highline Community College Seattle University University of Washington in conjunction with the National Science Foundation.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google