Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)"— Presentation transcript:

1 Hash Functions Nathanael Paul Oct. 9, 2002

2 Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x) – easy –H(x) – one way “hard to invert” –H(x) collision free

3 Purposes for hash functions Data Integrity –Ex: Tripwire –Message digest y = h(x). y is called the message digest. 160 bits in size – “birthday attack” Message Source Digital Signatures Message Authentication Codes (MAC)

4 Digital Signatures and Message Authentication Code (MAC) overview Suppose Alice and Bob share a secret key k which determines hash function h k Alice sends (x, y) to Bob where y = h k (x) Bob receives (x,y) and verifies with y = h k (x). If condition holds, neither x nor y was modified in transit.

5 Hash Family (X,Y,K,H) –For each k in K, there exists an h in H, such that h k (x)  y Assume |X| >= |Y| (even better, 2|X| >= |Y|) Unkeyed hash function –|K| = 1 –Ex. SHA-1 (successor of MD4)

6 Conditions of a secure hash function Preimage –Find x such that h(x) = y, given y and the function f(). –one-way Second Preimage –Find x’ != x, such that h(x) = h(x’), given x and the function h(). –weak collision resistance Collision –Find h(x) = h(x’) such that x != x’, given function h() –strong collision resistance

7 Iterated hash function overview compression function –Given input of length m, produce output of length n –inputs to compression function: message block, m i output of previous blocks of text h i = f(m i, h i-1 ) MD-strengthening (Merkle-Damgard) –pre-image contains length of entire message –initialization vector (padding function)

8

9 Modes of operation –ECB, CBC, CFB, OFB –different characteristics: error propagation efficiency increase in data size –NIST document on modes of operation http://csrc.nist.gov/encryption/tkmodes.html –Next slide shows CBC mode of operation...

10

11 Message Authentication Codes Oscar’s (adversary) goal: –produce a pair (x,y) that is valid, but the key k is not known Oscar knows –valid pairs Pairs = {(x 1,y 1 ),(x 2,y 2 ),...,(x q,y q )} forgery –Oscar outputs an (x,y) where x is not in Pairs

12 Review of types of attacks Ciphertext-only –Oscar possesses a string of ciphertext, y Known plaintext –has ciphertext, y, corresponding to a message, x Chosen plaintext –access to encryption. choose x, get y Chosen ciphertext –choose y, get x

13 Ways of creating a MAC Base MAC on block cipher –block cipher already implemented, so part of implementation is done MAC from an unkeyed hash –just add a key to output of unkeyed hash –requires careful analysis Create a customized MAC

14 CBC MAC use block cipher in CBC mode with fixed IV best general attack is birthday attack

15 Nested MACs Nested MAC –composition of 2 keyed hash families G o H = {g o h : g is in G, h is in H} where (g o h) (k,l) (x) = h l (g k (x)) –Secure if the following holds (given unknown key): G is collision-resistant H is secure as a MAC

16 Types of attacks on nested MACs forger for nested MAC forger for the little MAC –attack on component MAC H unknown-key collision attack

17 Attack 1: Forger on nested MAC pair of keys (k,l) are kept secret Oscar: –chooses an x –oracle – “magic box” –given x, oracle computes z = h l (g k (x)) –tries to find (x’, z) where x’ was not any x given to oracle

18 Attack 2: Forger on smaller MAC component of nested MAC (H family) key l is chosen and kept secret (l is in keyspace of H family of hashes) Oscar: –chooses y –given y, oracle computes z = h l (y) –tries to output (y’,z) where y’ was not in one of its previous queries to oracle

19 Attack 3: Collision Finder for a hash family key k in K is kept secret Oscar: –chooses an x –given x, oracle computes g k (x) –tries to find x’ and x’’ where x’ != x’’ and g k (x’) = g k (x’’)

20 HMAC nested MAC algorithm (proposed standard) –based on SHA-1 –uses 512-bit key k –2 512-bit constants, ipad and opad 160-bit MAC –HMAC k (x) = SHA-1((k  opad) || SHA-1((K  ipad) || x)) ipad component resistant against unknown-key collision attack

21 Further Reading Applied Cryptography, Bruce Schneier Cryptography: Theory and Practice, Douglas Stinson Handbook of Applied Cryptography, Alfred Menezes, et. al. –available for download at: –http://www.cacr.math.uwaterloo.ca/hac/

Download ppt "Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)"

Similar presentations

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Cryptographic Hash Functions Rocky K. C. Chang, February 2013 1.

Cryptographic Hash Functions Rocky K. C. Chang, February
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Goal Ensure integrity of messages, even in presence of

Goal Ensure integrity of messages, even in presence of
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part I.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part I.
1 Chapter 4 Cryptographic Hash Functions. 2 Outline 4.1 Hash Functions and Data Integrity 4.2 Security of Hash Functions 4.3 Iterated Hash Functions 4.4.

1 Chapter 4 Cryptographic Hash Functions. 2 Outline 4.1 Hash Functions and Data Integrity 4.2 Security of Hash Functions 4.3 Iterated Hash Functions 4.4.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Similar presentations

Ads by Google