Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Slides:



Advertisements
Similar presentations
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Advertisements

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Cryptographic Hash Functions Rocky K. C. Chang, February
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 4 Asymmetric ciphers.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Chapter 7-1 Signature Schemes.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
8. Data Integrity Techniques
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Bob can sign a message using a digital signature generation algorithm
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
I-4 security.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Cryptography, Authentication and Digital Signatures
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Cryptographic Hash Functions and Protocol Analysis
Lecture 2: Introduction to Cryptography
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.
Chapter 11 Message Authentication and Hash Functions.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
Public-key Cryptography
Cryptography.
ICS 454 Principles of Cryptography
ICS 454 Principles of Cryptography
Presentation transcript:

Session 5 Hash functions and digital signatures

Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44

Contents Digital signatures – Definition – Digital signatures – procedure – Digital signature with RSA – Signing enciphered messages – Signing and hashing 3/44

Hash functions - definition Let k, n be positive integers A function f with n bit output and k bit key is called a hash function if 1. f is a deterministic function 2. f takes 2 inputs, the first is of arbitrary length and the second is of length k 3. f outputs a binary string of length n Formally: 4/44

Hash functions - definition The key k is assumed to be known/fixed, unlike in cipher systems If k is known/fixed, the hash function is unkeyed If k is secret the hash function is keyed k is known/fixed in most of the applications (e.g. digital signature schemes) k is kept secret in Message Authentication Codes (MACs) 5/44

Hash functions – security requirements In order to be useful for cryptographic applications, any hash function must satisfy at least 3 properties (3 “levels of security”) (1) 1.One-wayness (or preimage resistance): a hash function f is one-way if, for a random key k and an n -bit output string w, it is difficult for the attacker presented with k and w to find x such that f k (x )=w. 6/44

Hash functions – security requirements Security requirements (2) 2.Second preimage resistance (or weak collision resistance): a hash function f is second preimage resistant if it is difficult for an attacker presented with a random key k and a random input string x to find y  x such that f k (x )=f k (y ). 7/44

Hash functions – security requirements Security requirements (3): 3.(Strong) collision resistance: a hash function f is collision resistant if it is difficult for an attacker presented with a random key k to find x and y  x such that f k (x )=f k (y ). 8/44

Hash functions – security requirements The collision resistance implies the second preimage resistance. The second preimage resistance and one- wayness are incomparable – The properties do not follow from one another – Still, a hash function that would be one-way but not second preimage resistant would be quite artificial 9/44

Hash functions – security requirements In practice, collision resistance is the strongest security requirement of all the three requirements – the most difficult to satisfy – the easiest to breach Breaking the collision resistance property is the goal of most attacks on hash functions. 10/44

Hash functions – other requirements Certificational weakness – A good hash function should possess avalanche property changing a bit of input would approximately change a half of the output bits – No input bits can be reliably guessed based on the hash function’s local output (local one- wayness) – Failure to satisfy these (and some other) properties is called certificational weakness. 11/44

Hash functions – other requirements It is also required that a hash function is feasible to compute, given x (and k ). This is the reason why some theoretically strong constructions of hash functions are not used extensively in practice. 12/44

Hash functions – other requirements Example: so called algebraic hash functions, based on the same difficult mathematical problems that are used in public key cryptography – Shamir’s function (factoring) – Chaum-vanHeijst-Pfitzmann’s function (discrete log) – Newer designs: VSH (factoring), LASH (lattice), Dakota (modular arithmetic and symmetric ciphers) 13/44

Hash functions - construction The Merkle-Damgård construction – A classical hash function design – Iterates a compression function – A compression function takes a fixed length input outputs a fixed length (shorter) output. 14/44

Hash functions - construction In practice, symmetric cipher systems are used as compression functions (usually block ciphers). Let g =(x,k ) be a block cipher, where x is the plaintext message, and k is the key. The length of the block x is n bits and the length of the key k is m bits, m >n. 15/44

Hash functions - construction The hash function f to be constructed – has the (theoretically) unlimited input length – has the output bit length n The input string to the hash function f is y. 16/44

Hash functions - construction Hash function iterations – Pad y such that the length of the padded input y ’ is the least possible multiple of m. – Let where y i  {0,1} m. – Let f 0 be a fixed initialization vector of length n (in bits). – Then, for i =1,..., r, f i =g (f i -1, ). – Finally, f =f r. 17/44

Hash functions - construction Remark: – The padding algorithm and f 0 depend on the particular hash function. Schematic of the Merkle-Damgård design 18/44

Hash functions - construction Advantages of using block ciphers as compression functions – Efficient, i.e. fast – Usually already implemented Disadvantage – Employing a strong block cipher in hash function design does not guarantee a good hash function. 19/44

Hash functions - construction Examples of Merkle-Damgård designs – The MD (Message Digest) family of hash functions (MD4, MD5), n =128. – The NIST SHA (Secure Hash Algorithm) family of hash functions (SHA-1 (n =160), SHA-2 (i.e. SHA-256, SHA-512)). They all use custom block cipher rounds. 20/44

Hash functions - construction The speed of such a design depends on the number of rounds of the block cipher involved. Example – MD4 – 3 rounds – MD5 – 4 rounds – more secure – But MD5 is  30% slower than MD4. 21/44

Hash functions - security Security of the most often used hash functions, MD5 and SHA-1 has been recently compromised – collisions were found. They are now considered insecure. Consequence: the SHA-3 contest, the proposals are due October /44

Hash functions - applications Data integrity protection – Digital signature schemes Authentication – Message authentication codes (MACs) – If MAC uses a hash function it is called HMAC – HMAC standard RFC2104 (Bellare-Canetti- Krawczyk, 1996). 23/44

Digital signatures - definition Digital signature – A number dependent on some secret known only to the signer and on the contents of the signed message – Must be verifiable in case of a signer repudiating a signature a fraudulent claimant 24/44

Digital signatures - definition Applications – Authentication – Data integrity protection and non-repudiation – Certification of public keys in large networks. 25/44

Digital signatures - procedure Basic elements (1) – M – the set of messages that can be signed – S – the set of signatures, e.g. binary strings of fixed length – S A – signing transformation for the entity A S A is kept secret by A Used to create signatures from M 26/44

Digital signatures - procedure Basic elements (2) – V A – verification transformation for the A’s signatures Publicly known Used by other entities to verify signatures created by A 27/44

Digital signatures - procedure Both S A and V A should be feasible to compute It should not be computationally feasible to forge a digital signature y on a message x – Given x, only A (i.e. Alice) should be able to compute the signature y such that V A (x,y )=true. 28/44

Digital signatures - procedure Signing a message x – Alice uses the algorithm S A to compute the signature over the message x – Alice publishes (or sends to some recipient) the message x, together with the signature y =S A (x ) 29/44

Digital signatures - procedure Verifying a signature of a message published/sent by Alice – Upon receiving the pair (x,y ), the verifier uses the algorithm V A (publicly known) to verify the integrity of the received message x – If V A (x,y )=true, the signature is verified. 30/44

Digital signatures - procedure It can be shown that asymmetric ciphers can be used for digital signature purposes To prevent forgery, it should be infeasible for an attacker to retrieve the secret information used for signing – the transformation S A. 31/44

Digital signature with RSA Alice signs the message x by using the deciphering transformation Alice is the only one that can sign, since d A is kept secret. 32/44

Digital signature with RSA Bob verifies the signature y received from Alice by employing encipherment of y using Alice’s public key (e A,n A ), i.e. If c =x, then the signature y is verified. 33/44

Digital signature with RSA - security Suppose Eve wants to sign her own message x ’ with Alice’s signature y (i.e. to forge Alice’s signature). Eve does not know d A, she only knows Alice’s public key (e A,n A ). 34/44

Digital signature with RSA - security Direct verification, if Eve’s signed document (x ’,y ) is to be verified – This will fail, since c ≠x ’. Thus, what Eve needs is another signature, y ’, such that Getting y ’ is a difficult problem. 35/44

Digital signature with RSA - security Another possibility for Eve – she can choose y ’ first and then generate the message y ’ will then be easily verified, i.e. such a forgery is successful. But then the probability that x ’ is meaningful is very small. 36/44

Signing enciphered messages Suppose Alice wants to send a signed enciphered message x to Bob. – Alice computes her signature y =S A (x ) – Then Alice enciphers both x and y by means of Bob’s public key – The ciphertext z is transmitted to Bob. 37/44

Signing enciphered messages Deciphering and verification – Bob deciphers z by means of his private key and thus obtains (x,y ) – Then Bob uses Alice’s public verification function V A to verify the Alice’s signature y. 38/44

Signing and hashing Usually, public key ciphers are used in digital signature schemes If the original message is signed, the signature is at least as long as the message – inefficient 39/44

Signing and hashing Another problem is that of Eve’s ability to generate the signature and then get the corresponding message that may be meaningful, although with small probability. Solution: sign hashed message. 40/44

Signing and hashing The hash function f is made public Starting with a message x, Alice first computes f (x ), which is significantly smaller than x Alice then computes y =S A (f (x )) Alice then sends (x,y ) to Bob. 41/44

Verification process – Bob computes f (x ) – Bob also computes V A (f (x ),y ) – If V A (f (x ),y ) =true, then Alice’s signature is verified. Signing and hashing 42/44

Suppose Eve has (x,y =S A (f (x )) Eve would like to sign her own message x ’ with Alice’s signature (i.e. to forge it) So she needs S A (f (x ’))=S A (f (x )), which means she needs f (x ’)=f (x ). This is difficult if f (x ) is second preimage resistant. Signing and hashing - security 43/44

Moreover, it is highly unlikely that Eve would be able to find two messages, x’ and x ’’ with the same hashes and consequently signatures, if f is collision resistant. So it is difficult for Eve to choose the signature first and then get the corresponding message. Signing and hashing - security 44/44

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.