Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Case for a Parallelizable Hash Alan Kaminsky and Stanislaw Radziszowski Department of Computer Science B. Thomas Golisano College of Computing and Information.

Published byReynard Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "A Case for a Parallelizable Hash Alan Kaminsky and Stanislaw Radziszowski Department of Computer Science B. Thomas Golisano College of Computing and Information."— Presentation transcript:

1 A Case for a Parallelizable Hash Alan Kaminsky and Stanislaw Radziszowski Department of Computer Science B. Thomas Golisano College of Computing and Information Sciences Rochester Institute of Technology Rochester, NY, USA

2 Page 2 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Agenda ● One-Way Hash Functions ● Use Cases for Hash Functions ● Motivation for Parallelizable Hash Functions ● The PHASH Hash Function Design Concept ● Security of PHASH ● Performance of PHASH ● Conclusion

3 Page 3 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski One-Way Hash Functions ● MD5 ● SHA-1 ● SHA-224, SHA-256, SHA-384, SHA-512 ● SHA-3 — NIST competition underway ● Security properties: ● Preimage resistant — Given H(M), it is hard to find M ● Second preimage resistant — Given M 1, it is hard to find M 2 such that H(M 1 ) = H(M 2 ) ● Collision resistant — It is hard to find M 1 and M 2 such that H(M 1 ) = H(M 2 )

4 Page 4 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski One-Way Hash Functions ● Used for: Integrity

5 Page 5 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski One-Way Hash Functions ● Used for: Authentication, in a message authentication code (MAC)

6 Page 6 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski One-Way Hash Functions ● Used for: Authentication, in a digital signature

7 Page 7 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Use Cases for Hash Functions ● A DRM system hashes a two-hour high resolution movie to detect piracy ● A laboratory hashes a massive protein sequence database and adds a digital signature ● A user hashes the entire file system while backing it up ● Police hash an image of an entire hard disk that was seized for a criminal investigation Hashes of very large inputs ● Packets are hashed on the fly in hardware as they traverse a fiber network Hashes at very high speeds

8 Page 8 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Motivation for Parallelizable Hash Functions ● All present hash functions use the Merkle-Damgård construction ● Must be computed sequentially

9 Page 9 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Motivation for Parallelizable Hash Functions ● A disaster in the making ● Takes too long ● Can’t take advantage of the latest multicore CPUs

10 Page 10 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Motivation for Parallelizable Hash Functions ● Solution: Parallelizable hash function

11 Page 11 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski The PHASH Hash Function Design Concept ● Compression function based on a block cipher ● U = Uncompressed data block ● I = Block number (counter) ● E = Block cipher encryption function ● C(U,I) = Compressed output

12 Page 12 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski The PHASH Hash Function Design Concept ● Examples of block ciphers PHASH can use: Cipher K (bits) B (bits) Rijndael 256 256 W 512 512 M 1024 512 ● Rijndael — 128-bit version standardized as AES ● W — Whirlpool hash function’s block cipher ● M — Maelstrom-0 hash function’s block cipher

13 Page 13 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski The PHASH Hash Function Design Concept ● The PHASH computation: ● Append padding and message length (Merkle-Damgård strengthening) ● Break input into uncompressed blocks ● Compress each block together with its own index ● XOR together every 128 compressed blocks ● Replace input with XORed blocks ● Repeat until only one block remains ● Do one final compression

14 Page 14 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Security of PHASH ● A preimage can be found by inverting the block cipher encryption function — Block ciphers are designed to withstand such attacks ● A preimage can be found with high probability if too many blocks are XORed together (XHASH attack) — Re-encrypting after XORing every 128 blocks foils this attack ● Finding a second preimage or a collision can be done in 2 N operations (N = counter size) — Counter size can be used to tune the security level ● Length extension attack requires inverting the block cipher encryption function — The final output is always the result of an encryption

15 Page 15 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Performance of PHASH ● Three 512-bit hash functions were implemented on a Xilinx Virtex-5 LX330 FPGA: SHA-512 Whirlpool PHASH with the W block cipher and a 128-bit counter ● Sequential performance: Hash FunctionThroughput (Gbps) SHA-5121.8 Whirlpool7.7 PHASH15.1

16 Page 16 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Performance of PHASH ● PHASH parallel performance on the Xilinx Virtex-5 LX330 FPGA: Number of coresThroughput (Gbps)Speedup 115.11.0 228.91.9 455.63.7 8101.06.7 16182.612.1

17 Page 17 A Case for a Parallelizable Hash — Alan Kaminsky and Stanislaw Radziszowski Conclusion ● Parallelizable hash functions are necessary ● Parallelizable hash functions are doable ● SHA-3 should be parallelizable

Download ppt "A Case for a Parallelizable Hash Alan Kaminsky and Stanislaw Radziszowski Department of Computer Science B. Thomas Golisano College of Computing and Information."

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

Similar presentations

Ads by Google