Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography."— Presentation transcript:

1 Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography

2 Outline One-way functions Secure Hash function Authentication (example) Digital Signature Standards (DSS)

3 Definitions One-way function f :A  B Given x  A, it is easy to compute f (x) Given f (x), it is hard to compute x Trapdoor one-way function A one-way function f :A  B with a secret s, such that Given x  A, it is easy to compute f (x) Given f (x), it is hard to compute x Given f (x) and s, it is easy to compute x

4 Examples One-way function Multipicative group Z p * with generator g f (x) = g x mod p Trapdoor one-way function Multiplicative group Z n * where n = p.q for primes p,q f (x) = x 2 mod n The secret is: (p and q)

5 Hash Function Definition: one-way hash function h(x) A one-way hash function operates on an input message x of arbitrary length, and outputs a fixed-length hash value h(x). Given x, it is easy to compute h(x) Given h(x), it is infeasible to compute x

6 Hash Function Properties h can be applied to an input of any size h produces a fixed-length output One-way property: Easy to compute h(x), but infeasible to compute x given h(x) Collision resistance property: Weakly collision-free: Given x, it is infeasible to find y  x, such that h(x) = h(y) Strongly collision-free: It is infeasible to find any pair (x, y) such that y  x and h(x) = h(y)

7 Secure Hashing Definition: h is cryptographically secure if it is a one-way collision-free hash function. Note: Strong/weak collision resistance depends on the sensitivity of the application Given a message M, h(M) is called the hash value of M, hash code, or the message digest. Examples: SHA, MD4, MD5, Whirlpool

8 Security of Hash Functions Effort Required for Brute-Force Attack (on average) One way2 n-1 Weak collision resistance2 n-1 Strong collision resistance2 n/2

9 General Structure of Secure Hashing

10 Secure Hash Algorithm (SHA) Developed by National Institute of Standards and Technology (NIST) in 1993. In 1995, NIST published SHA-1 Based on MD4 Output: 160-bit hash value In 2002, NIST defined 3 versions (SHA-256, SHA-384, SHA-512) with hash value lengths: 256, 384, and 512. In 2005, NIST approved the phase out of SHA-1 and moving to other versions of SHA by 2010.

11 MD4 MD stands for Message Digest and designed by Ron Rivest Output: 128-bit hash values Design goals (claimed by Rivest) Strongly collision-free (no attack is better than brute- foce) The security is based on no assumption (like hardness of factorization) MD4 was cryptanalyzed shortly after publishing and some parts were successfully attacked.

12 MD5 MD5 is an improved version of MD4 Output: 128-bit hash values Ron Rivest made several improvements of MD5 over MD4 MD5 was cryptanalyzed but there is no practical impact on the security of the hash function

13 Whirlpool Based on the use of a block cipher for the compression function (initially DES, later AES) General drawbacks of using block cipher: Block ciphers are invertible  lack of randomness Low performance due to slow block ciphers Weakness due to regularities of block ciphers Hash value length restriction due to block sizes: h  2b Since the adoption of AES, Whirlpool overcomes the above drawbacks.

14 Whirlpool Advantages of using AES Hash code length is 512 bits (same as SHA) Resistant to usual attacks on block-cipher hashing Good performance and compact implementation on software and hardware

15 Applications of Secure Hashing Authentication Digital Signature

16 Example: Authentication Alice logs into a host computer She identifies herself by a username and a password The host computer stores a all username-password in a a database and check for a match. Authentication using secure hash functions Alice sends her password to the host The host hashes the password and compares the hash value to the value it previously stored If Eve steals the hash values, she still cannot log in, since the hash function is one-way and collision-free.

17 Digital Signature Standard (DSS) Proposed by the National Institute of Standards and Technology (NIST) in 1991 DSS uses a digital signature algorithm (DSA): Designed to provide only the digital signature function Cannot be used for encryption or key exchange Must be a public-key technique (publicly verifiable) Use the SHA for hashing the message Example of digital signature approaches: RSA Approach DSS Approach

18 Digital Signature Approaches (DSS vs. RSA)

19 Digital Signature Algorithm (DSA) NIST adopted DSA based on ElGamal digital signature with the following parameters: Prime p of length 512-1024 bits 160-bit prime q such that q | (p – 1) g is of the form g = h (p-1)/q mod p Private key: x, Public key: y = g x mod p The signature (r, s) is computed by: r = (g k mod p) mod q, for random k < q s = (k -1 (SHA(M) + x.r) mod q The length of the signature (r, s) = 2 x 160 bits

Download ppt "Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography."

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
SCSC 455 Computer Security

SCSC 455 Computer Security
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Similar presentations

Ads by Google