Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output."— Presentation transcript:

1 Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output o Are one-way (hard to invert) o Are collision-resistant (difficult to find two values that produce the same output)  Examples: o Message digest functions - protect the integrity of data by creating a fingerprint of a digital document o Message Authentication Codes (MAC) - protect both the integrity and authenticity of data by creating a fingerprint based on both the digital document and a secret key

2 Chapter 4  Hash Functions 2 Checksums vs. Mess. Digests  Checksums: o Used to produce a compact representation of a message o If the message changes the checksum will probably not match o Good: accidental changes to a message can be detected o Bad: easy to purposely alter a message without changing the checksum  Message digests: o Used to produce a compact representation (called the fingerprint or digest) of a message o If the message changes the digest will probably not match o Good: accidental changes to a message can be detected o Good: difficult to alter a message without changing the digest

3 Chapter 4  Hash Functions 3 Hash Functions  Message digest functions are hash functions o A hash function, H(M)=h, takes an arbitrary-length input, M, and produces a fixed-length output, h  Example hash function: o H = sum all the letters of an input word modulo 26 o Input = a word o Output = a number between 0 and 25, inclusive o Example:  H(“Elvis”) = ((‘E’ + ‘L’ + ‘V’ + ‘I’ + ‘S’) mod 26)  H(“Elvis”) = ((5+12+22+9+19) mod 26)  H(“Elvis”) = (67 mod 26)  H(“Elvis”) = 15

4 Chapter 4  Hash Functions 4 Collisions  For the hash function: o H = sum all the letters of an input word modulo 26  There are more inputs (words) than possible outputs (numbers 0-25)  Some different inputs must produce the same output  A collision occurs when two different inputs produce the same output: o The values x and y are not the same, but H(x) and H(y) are the same

5 Chapter 4  Hash Functions 5 Collisions - Example  H(“Jumpsuit”) = 25 o (‘J’ + ‘U’ + ‘M’ + ‘P’ + ‘S’ + ‘U’ + ‘I’ + ‘T’) mod 26 o (10+21+13+16+19+21+9+20) mod 26 o 129 mod 26 o 25  H(“TCB”) = 25 o (‘T’ + ‘C’ + ‘B’) mod 26 o (20+3+2) mod 26 o 25 mod 26 o 25

6 Chapter 4  Hash Functions 6 Collision-Resistant Hash Functions  Hash functions for which it is difficult to find collisions are called collision-resistant  A collision-resistant hash function, H(M)=h: o For any message, M1 o It is difficult to find another message, M2 such that:  M1 and M2 are not the same  H(M1) and H(M2) are the same

7 Chapter 4  Hash Functions 7 One-Way Hash Functions  A function, H(M)=h, is one-way if: o Forward direction: given M it is easy to compute h o Backward direction: given h it is difficult to compute M  A one-way hash function: o Easy to compute the hash for a given message o Hard to determine what message produced a given hash value

8 Chapter 4  Hash Functions 8 Message Digest Functions  Message digest functions are collision- resistant, one-way hash functions: o Given a message it is easy to compute its digest o Hard to find any message that produces a given digest (one-way) o Hard to find any two messages that have the same digest (collision-resistant)

9 Chapter 4  Hash Functions 9 Using Message Digest Functions  Message digest functions can be used to protect data integrity: o A company makes some software available for download over the World Wide Web o Users want to be sure that they receive a copy that has not been tampered with o Solution:  The company creates a message digest for its software  The digest is transmitted (securely) to users  Users compute their own digest for the software they receive  If the digests match the software probably has not been altered

10 Chapter 4  Hash Functions 10 Attacks on Message Digests  Brute-force search for a collision: o Goal:  Find a message that produces a given digest, d o Assume:  The message digest function is “strong”  The message digest function creates n-bit digests o Approach:  Generate random messages and compute digests for them until one is found with digest d  Approximately 2 n random messages must be tried to find one that hashes to d

11 Chapter 4  Hash Functions 11 Attacks on MDs (cont)  Birthday attack (based on the birthday paradox): o Goal:  Find any two messages that produce the same digest o Assume:  The message digest function is “strong”  The message digest function creates n-bit digests o Approach:  Generate random messages and compute digests for them until two are found that produce the same digest  Approximately 2 n/2 random messages must be tried to find one that hashes to d

12 Chapter 4  Hash Functions 12 The Secure Hash Algorithm  The Secure Hash Algorithm: o A Federal Information Processing Standard (FIPS 180-1) adopted by the U.S. government in 1995 o Based on a message digest function called MD4 created by Ron Rivest o Developed by NIST and the NSA o Input: a message of b bits o Output: a 160-bit message digest

13 Chapter 4  Hash Functions 13 SHA - Padding  Input: a message of b bits o Padding makes the message length a multiple of 512 bits o The input is always padded (even if its length is already a multiple of 512)  Padding is accomplished by appending to the input: o A single bit, 1 o Enough additional bits, all 0, to make the final 512-bit block exactly 448 bits long o A 64-bit integer representing the length of the original message in bits

14 Chapter 4  Hash Functions 14 SHA – Padding Example  Consider the following message: o M = 01100010 11001010 1001 (20 bits)  To pad we append: o 1 (1 bit) o 427 0s (427 bits) o 64-bit binary representation of the number 20 (64 bits)  Result: o Pad(M) = 01100010 11001010 10011000 00000000... 00000000 00010100 (512 bits) o 464 0s have been omitted above (denoted by the ellipsis)

15 Chapter 4  Hash Functions 15 SHA – Constant Init.  After padding, constants are initialized to the following hexadecimal values: o Five 32-bit words:  H 0 = 67452301  H 1 = EFCDAB89  H 2 = 98BADCFE  H 3 = 10325476  H 4 = C3D2E1F0 o Eighty 32-bit words:  K 0 – K 19 = 5A827999  K 20 – K 39 = 6ED9EBA1  K 40 – K 59 = 8F1BBCDC  K 60 – K 79 = CA62C1D6

16 Chapter 4  Hash Functions 16 SHA – Step 1  The padded message contains a whole number of 512-bit blocks, denoted B 1, B 2, B 3,..., B n  Each 512-bit block, B i, of the padded message is processed in turn: o B i is divided into 16 32-bit words, W 0, W 1,..., W 15  W 0 is composed of the leftmost 32 bits in B i  W 1 is composed of the second 32 bits in B i …  W 15 is composed of the rightmost 32 bits in B i

17 Chapter 4  Hash Functions 17 SHA – Step 2  W 0, W 1,..., W 15 are used to compute 64 new 32- bit words (W 16, W 17,..., W 79 )  W j (16 < j < 79) is computed by: o XORing words W j-3, W j-8, W j-14, and W j-16 together o Circularly left shifting the result one bit for j = 16 to 79 do W j = Circular_Left_Shift_1(W j-3  W j-8  W j-14  W j-16 ) done

18 Chapter 4  Hash Functions 18 SHA – Step 3  The values of H 0, H 1, H 2, H 3, and H 4 are copied into five words called A, B, C, D, and E: o A = H 0 o B = H 1 o C = H 2 o D = H 3 o E = H 4

19 Chapter 4  Hash Functions 19 SHA – Step 4  Four functions are defined as follows: o For (0 < j < 19):  f j (B,C,D) = (B AND C) OR ((NOT B) AND D) o For (20 < j < 39):  f j (B,C,D) = (B  C  D) o For (40 < j < 59):  f j (B,C,D) = ((B AND C ) OR (B AND D) OR (C AND D)) o For (60 < j < 79):  f j (B,C,D) = (B  C  D)

20 Chapter 4  Hash Functions 20 SHA – Step 4 (cont)  For each of the 80 words, W 0, W 1,..., W 79, a 32- bit word called TEMP is computed  The values of the words A, B, C, D, and E are updated as shown below: for j = 0 to 79 do TEMP = Circular_Left_Shift_5(A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = Circular_Left_Shift_30(B); B = A; A = TEMP done

21 Chapter 4  Hash Functions 21 SHA – Step 5  The values of H 0, H 1, H 2, H 3, and H 4, are updated: o H 0 = H 0 + A o H 1 = H 1 + B o H 2 = H 2 + C o H 3 = H 3 + D o H 4 = H 4 + E

22 Chapter 4  Hash Functions 22 SHA - Overview  Pad the message  Initialize constants  For each 512-bit block (B 1, B 2, B 3,..., B n ): o Divide B i into 16 32-bit words (W 0 – W 15 ) o Compute 64 new 32-bit words (W 16, W 17,..., W 79 ) o Copy H 0 - H 4 into A, B, C, D, and E o For each W j (W 0 – W 79 ) compute TEMP and update A-E o Update H 0 - H 4  The 160-bit message digest is: H 0 H 1 H 2 H 3 H 4

23 Chapter 4  Hash Functions 23 Motivation for Message Authentication Codes  Want to use a message digest function to protect files on our computer from viruses: o Calculate digests for important files and store them in a table o Recompute and check from time to time to verify that the files have not been modified  Good: if a virus modifies a file the change will be detected since the digest of that file will be different  Bad: the virus could just compute new digests for modified files and install them in the table

24 Chapter 4  Hash Functions 24 Message Authentication Codes  A message authentication code (MAC) is a key-dependent message digest function o MAC K (M) = h  The output, h, is a function of both the hash function and a key, K  The MAC can only be created or verified by someone who knows K  Can turn a one-way hash function into a MAC by encrypting the hash value with a symmetric-key cryptosystem

25 Chapter 4  Hash Functions 25 Using MAC  MAC can be used to protect data integrity and authenticity: o Want to use a MAC to protect files on our computer from viruses:  Calculate MAC values for important files and store them in a table  Recompute and check from time to time to verify that the files haven’t been modified o Good: if a virus modifies a file the hash of that file will be different o Good: virus doesn’t know the proper key so it can’t install new MACs in the table to cover its tracks

26 Chapter 4  Hash Functions 26 Implementing a MAC  Can use a block cipher algorithm: o Pad the message (if necessary) so that its length is a multiple of the cipher’s block size o Divide the message into n blocks equal in length to the cipher’s block size:  m 1, m 2,..., m n o Choose a key, k o Encrypt m 1 with k o XOR the result with m 2 o Encrypt the result with k o XOR the result with m 3 …

27 Chapter 4  Hash Functions 27 Implementing a MAC (cont)

28 Chapter 4  Hash Functions 28 Summary  Message digests o Message digest functions are collision-resistant, one-way hash functions  Collision-resistant: hard to find two values that produce the same output  One-way: hard to determine what input produced a given output o Protects the integrity of a digital document  MAC o A message authentication code is a key-dependent message digest function  The output is a function of both the hash function and a secret key  The MAC can only be created or verified by someone who knows the key o Protects the integrity and authenticity of a digital document

Download ppt "Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output."

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
Information Security and Management 11

Information Security and Management 11
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google