Secured Hash Algorithm(SHA) By – Debanjan Sadhya (iwc2011013) Mayank Swarnkar (iwc2011026)
Contents Introduction Definition Properties of SHA SHA Functions SHA Constants Preprocessing in SHA Hashing in SHA Example (SHA-1)
Introduction SHA – Secure Hash Algorithm Used for Authentication(Eg of Maths Problem) Types of SHA- SHA 0 SHA 1 SHA 2 – SHA 256, SHA 384, SHA 512 SHA 3
Secured Hash Function(SHF)
A cryptographic hash function takes an arbitrary block of data and returns a fixed-size bit string. The data to be encoded is often called the "message," and the hash value is sometimes called the message digest or simply digest. Used in digital signatures and message authentication codes.
Properties of SHA It is easy to compute the hash value for any given message It is infeasible to generate a message that has a given hash It is infeasible to modify a message without changing the hash It is infeasible to find two different messages with the same hash
Pre-image resistance Given a hash h it should be difficult to find any message m such that h = hash(m) This concept is related to that of one-way . Functions that lack this property are vulnerable to preimage attacks.
Second pre-image resistance Given an input m1 it should be difficult to find another input m2 where m1 ≠ m2 such that hash(m1) = hash(m2) This property is sometimes referred to as weak collision resistance, and functions that lack this property are vulnerable to second-preimage attacks.
Collision resistance It should be difficult to find two different messages m1 and m2 such that hash(m1) = hash(m2) Such a pair is called a cryptographic hash collision. This property is sometimes referred to as strong collision resistance. It requires a hash value at least twice as long as that required for preimage-resistance, otherwise collisions may be found by a birthday attack.
SHA-1 Function
SHA 256 Function
SHA 384 and SHA 512 Functions
SHA 1 Constants
SHA 256 Constants
SHA 384 and SHA 512 Constants
Steps involved in SHA Preprocessing Hashing
Preprocessing It consists of three steps- Padding Parsing Setting initial hash value
Padding The message, M, shall be padded before hash computation begins. The purpose of this padding is to ensure that the padded message is a multiple of 512 or 1024 bits, depending on the algorithm. SHA-1 and SHA-256 (l + 1 + k = 448mod512 ) SHA-384 and SHA-512 (l + 1 + k ” 896mod1024 )
Parsing the Padded Message After a message has been padded, it must be parsed into Nm-bit blocks before the hash computation can begin. SHA-1 and SHA-256 SHA-384 and SHA-512
Setting the Initial Hash Value (H(0)) SHA-1 For SHA-1, the initial hash value, H(0), shall consist of the following five 32-bit words, in hex: H 0(0) = 67452301 H1(0 ) = efcdab89 H2(0) = 98badcfe H 3(0) = 10325476 H4(0) = c3d2e1f0.
SHA-256 For SHA-256, the initial hash value, H(0), shall consist of the following eight 32-bit words, in hex: H 0(0) = 6a09e667 H1(0) = bb67ae85 H2(0) = 3c6ef372 H 3(0 )= a54ff53a H4(0 )= 510e527f H 5(0) = 9b05688c H 6(0) = 1f83d9ab H 7(0) = 5be0cd19.
SHA-384 For SHA-384, the initial hash value, H(0), shall consist of the following eight 64-bit words, in hex: H 0(0) = cbbb9d5dc1059ed8 H1(0) = 629a292a367cd507 H2(0) = 9159015a3070dd17 H 3(0) = 152fecd8f70e5939 H4(0 ) = 67332667ffc00b31 H 5(0) = 8eb44a8768581511 H 6(0) = db0c2e0d64f98fa7 H 7(0) = 47b5481dbefa4fa4.
SHA-512 For SHA-512, the initial hash value, H(0), shall consist of the following eight 64-bit words, in hex: H 0(0) = 6a09e667f3bcc908 H1(0) = bb67ae8584caa73b H2(0) = 3c6ef372fe94f82b H 3(0 ) = a54ff53a5f1d36f1 H4(0) = 510e527fade682d1 H 5(0) = 9b05688c2b3e6c1f H 6(0 ) = 1f83d9abfb41bd6b H 7(0) = 5be0cd19137e2179.
To Summarize until now… Basics -> Hex Digits(4 bit) and Words(32 and 64 bits) Operations on Words -> SHR, ROTR, ROTL Functions -> ch, parity, maj, Σ0(x), Σ1(x), σ0(x), σ1(x) Constants -> Eighty 32-bit words K0, K1,…, K79 (SHA-1) Sixty-four 32-bit words K0, K1 , …K63 (SHA-256) Eighty 64-bit words K0, K1,…K79 (SHA-384 & SHA-512) Initial Hash Value H(0)
SHA-1 The algorithm uses 1) a message schedule of eighty 32-bit words, 2) five working variables of 32 bits each, and 3) a hash value of five 32-bit words. The final result of SHA-1 is a 160-bit message digest. SHA-1 Preprocessing 1. Pad the message M 2. Parse the padded message into N 512-bit message blocks, M(1), M(2), …, M(N) 3. Set the initial hash value, H(0)
SHA-1 SHA-1 Hash Computation
After repeating steps one through four a total of N times (i. e After repeating steps one through four a total of N times (i.e., after processing M(N)), the resulting 160-bit message digest of the message, M, is
SHA-256 The algorithm uses 1) a message schedule of sixty- four 32-bit words, 2) eight working variables of 32 bits each, and 3) a hash value of eight 32-bit words. The final result of SHA-256 is a 256-bit message digest. SHA-256 Preprocessing 1. Pad the message M 2. Parse the padded message into N 512-bit message blocks, M(1), M(2)…M(N) 3. Set the initial hash value, H(0)
SHA-256 SHA-256 Hash Computation
After repeating steps one through four a total of N times (i. e After repeating steps one through four a total of N times (i.e., after processing M(N)), the resulting 256-bit message digest of the message, M, is
SHA-512 The algorithm uses 1) a message schedule of eighty 64-bit words, 2) eight working variables of 64 bits each, and 3) a hash value of eight 64-bit words. The final result of SHA-512 is a 512-bit message digest. SHA-512 Preprocessing 1. Pad the message, M 2. Parse the padded message into N 1024-bit message blocks, M(1), M(2),…M(N) 3. Set the initial hash value, H(0)
SHA-512 SHA-512 Hash Computation Exceptions from SHA-256(else same as SHA-256)…
After repeating steps one through four a total of N times (i. e After repeating steps one through four a total of N times (i.e., after processing M(N)), the resulting 512-bit message digest of the message, M, is
Example (SHA-1) Let the message, M, be the 24-bit (l = 24) ASCII string "abc ", which is equivalent to the following binary string: 01100001 01100010 01100011 The message is padded by appending a "1" bit, followed by 423 “0" bits, and ending with the hex value 00000000 00000018 (the 2X32-bit word representation of the length, 24). Thus, the final padded message consists of one block (N = 1).
The following schedule shows the hex values for a, b, c, d, and e after pass t of the “for t = 0 to 79” loop
The final hash value, H(1), is calculated to be: The resulting 160-bit message digest is:
Comparison of SHA Family
THANK YOU…