Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016

2/13 Contents 13. Hash Functions and Message Authentication Codes 13.1 Hash Functions 13.2 MD5

Hash Functions  A hash is a relatively short record of a message used to ensure you got message correctly  A hash function f(x) sends m+t bit strings to t bit strings and should have three properties  A hash algorithm H(x) is built up from a hash function and sends strings of arbitrary length to t bit strings  A hash algorithm H(x) is said to have the one-way property if given an output y it is difficult to find any input x such that H(x)=y 3/13

Hash Functions  Example  Lets say that the hashes of passwords are stored on a server  When you log in, it computes the hash of your password and compares it with the stored hash  If Eve can solve the one-way problem, she could find your password 4/13

Hash Functions 5/13  A hash algorithm is said to have the weakly collision free property if, given input x, it is difficult to find any x  x such that H(x)=H(x)  It is said to have the strongly collision free property if it is difficult to find any x and x with x  x such that H(x)=H(x)  Lets say that you have a program available for download and you also make its hash available  That way people can download the software, hash it, and confirm that they got the proper software and not something dangerous  It can be shown (under reasonable assumptions) that strongly collision free implies weakly collision free which implies one-way

Hash Functions  To create a hash algorithm from a hash function one normally uses a hash function with two inputs  An m-bit string a  A t-bit string b  So f(a, b) outputs a t-bit string  Lets extend a hash function f to a hash algorithm H  Assume that the M has more than m bits  Break M into m-bit blocks, padding the last block if necessary with 0s  Initially we take b to be a given, known t-bit initialization vector (perhaps all 0s)  If a hash algorithm depends on a secret key, it is called a MAC, which replace the known IV with a secret key 6/13

128 bits Hash Functions (Example)  f is AES, so t=m=128. Break the message into 128 bit blocks  If the message length is not a multiple of 128 bits, add 0s to the end (padding)  The key for the first AES is the IV. The key for the second AES is the output of the first AES and so on  The final output is the hash of the message  This is not a secure hash function but its OK as a MAC 7/13

Hash Functions (Example)  Alice and Bob used public key cryptography to agree on two AES keys, k 1 and k 2  Alice sends Bob (in ECB mode, for simplicity) a message encrypted with AES  She breaks the message into n blocks: PT 1, …, PT n  She encrypts each PT i with AES and using k 1 to get the corresponding ciphertexts CT 1, …, CT n  Then Alice computes the MAC of PT 1, …, PT n using k 2 and sends the (unencrypted) MAC to Bob 8/13

Hash Functions (Example)  Bob receives and decrypts them using k 1  Now Bob has the PT i s. Then Bob MACs those PT i s with k 2 and finds the MAC  Then Bob checks to see if this MAC agrees with the one that Alice sent him  If it does, he can be sure that no one tampered with the CT i s during transmission  This is called message integrity  Without the MAC, Eve could intercept CT 1, …, CT n along the way and tamper with it (though it probably wouldn’t decrypt to something sensible since EVE doesn’t know the key)  If Eve tampers with it, she can’t create a MAC that will agree with hers 9/13

MD5  One of the most popular hash algorithms at the moment is MD5  The hash algorithms SHA1 and SHA2 are also popular and very similar  SHA stands for Secure Hash Algorithm  MD5 is more efficient than the hash algorithm described before using AES  It is based on the following hash function f  The function f takes two inputs : a 128 bit string and a 512 bit strings and its output is a 128 bit strings 10/13

MD5 11/13

MD5 12/13

MD5 13/13