Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Slides:



Advertisements
Similar presentations
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Chapter 3 Encryption Algorithms & Systems (Part C)
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
SCSC 455 Computer Security
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Lecture 3: Cryptographic Tools
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
PULIC –KEY CRYPTOGRAPHY AND MESSAGE AUTHENTICATION.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
MAC and HASH Functions Unit 5. AUTHENTICATION REQUIREMENTS In the context of communications across a network, the following attacks can be identified:
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.
Chapter 21 Public-Key Cryptography and Message Authentication.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 2 “Cryptographic Tools”.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Cryptographic Hash Functions and Protocol Analysis
Lecture 2: Introduction to Cryptography
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Prepared by Dr. Lamiaa Elshenawy
Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
Information Security and Management 11. Cryptographic Hash Functions Chih-Hung Wang Fall
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
ICS 454 Principles of Cryptography
ICS 454 Principles of Cryptography
Hashing Hash are the auxiliary values that are used in cryptography.
Lecture 4: Hash Functions
Hash Function Requirements
Presentation transcript:

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography

Outline One-way functions Secure Hash function Authentication (example) Digital Signature Standards (DSS)

Definitions One-way function f :A  B Given x  A, it is easy to compute f (x) Given f (x), it is hard to compute x Trapdoor one-way function A one-way function f :A  B with a secret s, such that Given x  A, it is easy to compute f (x) Given f (x), it is hard to compute x Given f (x) and s, it is easy to compute x

Examples One-way function Multipicative group Z p * with generator g f (x) = g x mod p Trapdoor one-way function Multiplicative group Z n * where n = p.q for primes p,q f (x) = x 2 mod n The secret is: (p and q)

Hash Function Definition: one-way hash function h(x) A one-way hash function operates on an input message x of arbitrary length, and outputs a fixed-length hash value h(x). Given x, it is easy to compute h(x) Given h(x), it is infeasible to compute x

Hash Function Properties h can be applied to an input of any size h produces a fixed-length output One-way property: Easy to compute h(x), but infeasible to compute x given h(x) Collision resistance property: Weakly collision-free: Given x, it is infeasible to find y  x, such that h(x) = h(y) Strongly collision-free: It is infeasible to find any pair (x, y) such that y  x and h(x) = h(y)

Secure Hashing Definition: h is cryptographically secure if it is a one-way collision-free hash function. Note: Strong/weak collision resistance depends on the sensitivity of the application Given a message M, h(M) is called the hash value of M, hash code, or the message digest. Examples: SHA, MD4, MD5, Whirlpool

Security of Hash Functions Effort Required for Brute-Force Attack (on average) One way2 n-1 Weak collision resistance2 n-1 Strong collision resistance2 n/2

General Structure of Secure Hashing

Secure Hash Algorithm (SHA) Developed by National Institute of Standards and Technology (NIST) in In 1995, NIST published SHA-1 Based on MD4 Output: 160-bit hash value In 2002, NIST defined 3 versions (SHA-256, SHA-384, SHA-512) with hash value lengths: 256, 384, and 512. In 2005, NIST approved the phase out of SHA-1 and moving to other versions of SHA by 2010.

MD4 MD stands for Message Digest and designed by Ron Rivest Output: 128-bit hash values Design goals (claimed by Rivest) Strongly collision-free (no attack is better than brute- foce) The security is based on no assumption (like hardness of factorization) MD4 was cryptanalyzed shortly after publishing and some parts were successfully attacked.

MD5 MD5 is an improved version of MD4 Output: 128-bit hash values Ron Rivest made several improvements of MD5 over MD4 MD5 was cryptanalyzed but there is no practical impact on the security of the hash function

Whirlpool Based on the use of a block cipher for the compression function (initially DES, later AES) General drawbacks of using block cipher: Block ciphers are invertible  lack of randomness Low performance due to slow block ciphers Weakness due to regularities of block ciphers Hash value length restriction due to block sizes: h  2b Since the adoption of AES, Whirlpool overcomes the above drawbacks.

Whirlpool Advantages of using AES Hash code length is 512 bits (same as SHA) Resistant to usual attacks on block-cipher hashing Good performance and compact implementation on software and hardware

Applications of Secure Hashing Authentication Digital Signature

Example: Authentication Alice logs into a host computer She identifies herself by a username and a password The host computer stores a all username-password in a a database and check for a match. Authentication using secure hash functions Alice sends her password to the host The host hashes the password and compares the hash value to the value it previously stored If Eve steals the hash values, she still cannot log in, since the hash function is one-way and collision-free.

Digital Signature Standard (DSS) Proposed by the National Institute of Standards and Technology (NIST) in 1991 DSS uses a digital signature algorithm (DSA): Designed to provide only the digital signature function Cannot be used for encryption or key exchange Must be a public-key technique (publicly verifiable) Use the SHA for hashing the message Example of digital signature approaches: RSA Approach DSS Approach

Digital Signature Approaches (DSS vs. RSA)

Digital Signature Algorithm (DSA) NIST adopted DSA based on ElGamal digital signature with the following parameters: Prime p of length bits 160-bit prime q such that q | (p – 1) g is of the form g = h (p-1)/q mod p Private key: x, Public key: y = g x mod p The signature (r, s) is computed by: r = (g k mod p) mod q, for random k < q s = (k -1 (SHA(M) + x.r) mod q The length of the signature (r, s) = 2 x 160 bits

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.