CS 394B Introduction Marco Canini.

Slides:



Advertisements
Similar presentations
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Advertisements

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Forward-Secure Signatures (basic + generic schemes)
Topic 22: Digital Schemes (2)
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Cryptography Lecture 9 Stefan Dziembowski
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Sequential Aggregate Signatures and Multisignatures Without Random Oracles Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, and Brent Waters.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
Intro to Cryptocurrencies & Review of Relevant Crypto Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward.
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
Conflict Resolution (OT), Crypto, and Untrusted Cloud Services
DTTF/NB479: Dszquphsbqiz Day 26
Information Security message M one-way hash fingerprint f = H(M)
Cryptographic Hash Functions
Cryptographic Hash Function
Basic Network Encryption
Bitcoin and the Blockchain
Digital signatures.
Cryptographic Hash Functions
Topic 14: Random Oracle Model, Hashing Applications
The TESLA Broadcast Authentication Protocol CS 218 Fall 2017
Information Security message M one-way hash fingerprint f = H(M)
CS898AT – Bitcoins and Cryptocurrencies
Cryptographic Hash Functions Part I
Cryptography Lecture 13.
Cryptographic Hash Functions
Security and secure systems
CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini
ICS 454 Principles of Cryptography
Cryptography Lecture 27.
Cryptography Lecture 19.
Digital Signature Schemes and the Random Oracle Model
Message Authentication and Hash Functions
Bitcoin and the Blockchain
Introduction to Symmetric-key and Public-key Cryptography
Blockchains slides have been taken from:
Information Security message M one-way hash fingerprint f = H(M)
ICS 454 Principles of Cryptography
Lecture 4.1: Hash Functions: Introduction
One Time Signature.
Lecture 4.1: Hash Functions, and Message Authentication Codes
Basic Network Encryption
Cryptography Lecture 14.
Hashing Hash are the auxiliary values that are used in cryptography.
Cryptography Lecture 13.
Cryptography Lecture 13.
Security: Integrity, Authentication, Non-repudiation
Lecture 4: Hash Functions
Security and secure systems
CRYPTOGRAPHY & NETWORK SECURITY
Chapter 8 roadmap 8.1 What is network security?
Digital Signature Standard (DSS)
Cryptography Lecture 26.
One-Way Hash Functions
Presentation transcript:

CS 394B Introduction Marco Canini

Cryptography Hash Functions I Take message m of arbitrary length and produces fixed-size (short) number H(m) One-way function Efficient: Easy to compute H(m) Hiding property: Hard to find an m, given H(m) Assumes “m” has sufficient entropy, not just {“heads”, “tails”} Random: Often assumes for output to “look” random Balls and bins analogy:  weak collision is finding a collision on a SPECIFIC bin (the "m"), strong collision is finding a collision on ANY bin.

Cryptography Hash Functions II Collisions exist: | possible inputs | >> | possible outputs | … but hard to find Collision resistance: Strong resistance: Find any m != m’ such that H(m) == H(m’) Weak resistance: Given m, find m’ such that H(m) == H(m’) For 160-bit hash (SHA-1) Finding any collision is birthday paradox: 2^{160/2} = 2^80 Finding specific collision requires 2^160 Balls and bins analogy:  weak collision is finding a collision on a SPECIFIC bin (the "m"), strong collision is finding a collision on ANY bin.

Hash Pointers h = H( ) (data)

Creates a “tamper-evident” log of data Hash chains H( ) prev: H( ) prev: H( ) prev: H( ) data data data Creates a “tamper-evident” log of data

Hash chains H( ) prev: H( ) prev: H( ) prev: H( ) data data data If data changes, all subsequent hash pointers change Otherwise, found a hash collision!

Blockchain: Append-only hash chain prev: H( ) prev: H( ) prev: H( ) txn 5 txn 6 txn 7 Hash chain creates “tamper-evident” log of txns Security based on collision-resistance of hash function Given m and h = hash(m), difficult to find m’ such that h = hash(m’) and m != m’

Binary tree with hash pointers Merkle tree H( ) H( ) (data) Binary tree with hash pointers

proving membership in a Merkle tree H( ) H( ) (data) show O(log n) items

What we want from signatures Only you can sign, but anyone can verify Signature is tied to a particular document can’t be cut-and-pasted to another doc

API for digital signatures (sk, pk) := generateKeys(keysize) sk: secret signing key pk: public verification key sig := sign(sk, message) isValid := verify(pk, message, sig) can be randomized algorithms

Requirements for signatures “valid signatures verify” verify(pk, message, sign(sk, message)) == true “can’t forge signatures” adversary who: knows pk gets to see signatures on messages of his choice can’t produce a verifiable signature on another message

Useful trick: public key == an identity if you see sig such that verify(pk, msg, sig)==true, think of it as pk says, “[msg]”. to “speak for” pk, you must know matching secret key sk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.