Lect. 16- 17: Hash Functions and MAC. 2 1.Introduction - Hash Function vs. MAC 2.Hash Functions  Security Requirements  Finding collisions – birthday.

Slides:



Advertisements
Similar presentations
Hashes and Message Digests
Advertisements

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures and Hash Functions. Digital Signatures.
Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 19 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Cryptography and Network Security Hash Algorithms.
By: Matthew Ng. SHA stands for Secure Hash Algorithm It is based off the Merkle-Dangard hash function There are 3 versions of it with one coming in 2012.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CS470, A.SelcukHash Functions1 Cryptographic Hash Functions CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
HASH Functions.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Introduction to Information Security Lecture 5: Hash Functions and MAC Prof. Kwangjo Kim.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
1 Hash Functions. 2 A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length
1 Network Security Lecture 5 Hashes and Message Digests Waleed Ejaz
Slide 1 EJ Jung Hash Functions. Integrity checks.
Chapter 4 Message Authentication MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Hash Algorithms see similarities in the evolution of hash functions & block ciphers –increasing power of brute-force attacks –leading to evolution in algorithms.
Cryptographic Hash Functions and Protocol Analysis
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.
Chapter 11 Message Authentication and Hash Functions.
Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
Information Security and Management 11. Cryptographic Hash Functions Chih-Hung Wang Fall
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 13.Message Authentication.
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
CS555Spring 2012/Topic 141 Cryptography CS 555 Topic 14: CBC-MAC & Hash Functions.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
Chapter 12 – Hash Algorithms
Cryptographic Hash Function
ICS 454 Principles of Cryptography
ICS 454 Principles of Cryptography
Presentation transcript:

Lect : Hash Functions and MAC

2 1.Introduction - Hash Function vs. MAC 2.Hash Functions  Security Requirements  Finding collisions – birthday paradox  Dedicated hash functions  SHA-1  Hash functions based on block ciphers Contents

3 1. Hash Functions vs. MAC

4  Hash Function Generate a fixed length “Fingerprint” for an arbitrary length message No Key involved Must be at least One-way to be useful  Applications Keyed hash: MAC/ICV generation Unkeyed hash: digital signature, password file, key stream / pseudo-random number generator  Constructions Iterated hash functions (MD4-family hash functions): MD5, SHA1, SHA2, RMD160, HAS160 Hash functions based on block ciphers: MDC(Manipulation Detection Code) Hash Functions H Message M Message Digest D D = H(M)

5  MAC Generate a fixed length MAC for an arbitrary length message A keyed hash function Message origin authentication Message integrity Entity authentication Transaction authentication  Constructions Keyed hash: HMAC, KMAC Block cipher: CBC-MAC Dedicated MAC: MAA, UMAC Message Authentication Codes (MACs) MAC SEND MAC Shared Secret Key

6 Comparison of Hash Function & MAC Hash function Arbitrary length message Hash fixed length MAC function Arbitrary length message MAC fixed length Secret key  Easy to compute  Compression: arbitrary length input to fixed length output  Unkeyed function vs. Keyed function

7 Symmetric Authentication (MAC) Secret key algorithm K AB Shared Secret key between Alice and Bob Secret key algorithm K AB yes no Message MAC transmit Message MAC Alice Bob Shared Secret key between Alice and Bob

8 Digital Signature Hash function Alice’s Public key yes no Message Signature transmit Message Signature Alice Bob Public key algorithm Alice’s Private key Hash value Hash function Hash value 1 Public key algorithm Hash value 2

9  MAC (Message Authentication Code)  Generated and verified by a secret key algorithm  Message origin authentication & Message integrity  Schemes Keyed hash: HMAC Block cipher: CBC-MAC, XCBC-MAC Dedicated MAC: UMAC  Digital Signature  Generated and verified by a public key algorithm and a hash function  Message origin authentication & Message integrity  Non-repudiation  Schemes Hash + Digital signature algorithm RSA; DSA, KCDSA; ECDSA, EC-KCDSA MAC and Digital Signature

10 2. Hash Functions

11 Hash Functions – Requirements  Definition  Compression: arbitrary length input to fixed length output  Ease of computation  Security Properties  Preimage resistance (One-wayness) :  Given y, it is computationally infeasible to find any input x such that y = h(x)  2nd preimage resistance (Weak collision resistance) :  Given x, it is computationally infeasible to find another input x  x such that h(x) = h(x)  Collision resistance (Strong collision resistance) :  It is computationally infeasible to find any two distinct inputs x and x such that h(x) = h(x)

12 Brute Force Attack on One-Way Hash Functions h mimi h(m i ) Given y, find m such that h(m) = y n bits h(m i ) = y ? for i = 1, 2,... 2 n Arbitrary message m Or m of the same meaning ?

13 Constructing Multiple Versions of the Same Message I state thereby that I borrowed $10,000 from confirm received ten thousand dollars Mr. Kris Gaj on October 15, This money Dr. Krzysztof 15 October amount of money should be returned to Mr. Gaj by November 30, is required to given back Dr. 30 November 11 different positions of similar expressions  2 11 different messages of the same meaning

14 Finding Collision in Collision-Resistant Hash Functions h mimi h(m i ) Find any two distinct messages m, m such that h(m) = h(m). n bits for i = 1, 2,... 2 m h mimi h(m i ) n bits How large m should be to get a match ?

15 Birthday Paradox How many students there must be in a class for there be a greater than 50% chance that 1.One of the students shares the teacher’s birthday ? (complexity breaking one-wayness) 365/2  Any two of the students share the same birthday ? (complexity breaking collision resistance) 1 – 365  364 ...  (365-k+1) / 365 k > 0.5  k  23 In general, the probability of a match being found when k samples are randomly selected between 1 and n equals

16 One Million $ Hardware Brute Force Attack  One-Way Hash Functions (complexity = 2 n ) n = 64 n = 80 n = 128 Year days718 years10 17 years  Collision-Resistant Hash Functions (complexity = 2 n/2 ) n = 128 n = 160 n = 256 Year days718 years10 17 years

17 fff f IV=H 0 H1H1 H2H2 H t-1 HtHt... b b b b n n n n n n Legend:  IV : Initial Value  H i : i-th Chaining variable  M i : i-th input block  f : Compression function  g : Output transformation (optional)  t : Number of input blocks  b : Block size in bits  n : Hash code size in bits g h(m) General Construction of a Secure Hash Function Message m 100…000 length M1M1 M2M2 M3M3 MtMt Padding & length encoding

18 General Construction of a Secure Hash Function f H i-1 HiHi MiMi b n n Entire hash Compression Function (fixed-size hash function) H 0 = IV H i = f (H i-1, M i ) for 1  i  t H(m) = g(H t ) Fact(by Merkle-Damgård) Any collision-resistant compression function f can be extended to a collision-resistant hash function h

19 Typical Hash Padding Message m 100…000 length 64 bit integer (bit-length of message m)  Assume Block size = 512 bits (MD5, SHA1, RMD160, HAS160 …) Last 512-bit block Let r = |m| mod 512 If 512-r > 64 padding = 512-(r+64) bits else padding = 512-r+448 bits (two padding blocks)

20 Classification of Hash Functions Dedicated (Customized) Based on block ciphers Based on Modular Arith. MD2 MD4 MD5 SHA0 SHA1 RIPEMD-128 RIPEMD-160 HAS-160 MDC-1 MDC-2 MDC-4 MASH-1 Broken Reduced round Version broken SHA2 Weakness discovered

21 SHA (Secure Hash Algorithm) (1/2)  SHA was designed by NIST (national institute of standards and technology) & NSA (National Security Agency)  US standard for use with DSA signature scheme  The algorithm is SHA, the standard is SHS  Based on the design of MD4 and MD5 by R. Rivest MIT  SHA-0: FIPS PUB 180, 1993  SHA-1: FIPS Pub 180-1, 1995 bitwise rotation of message schedule of SHA-0 changed widely-used security applications and protocols such as TLS and SSL, PGP, SSH, S/MIME, and IPsec  SHA-2: FIPS Pub 180-2, 2001 SHA-224, SHA-256, SHA-384, and SHA-512 Not so popular as SHA-1 * Federal Information Processing Standard

22 Algorithm and variant Output size (bits) Internal state siz e (bits) Block size (bits) Max me- ssage siz e (bits) Word size (bits) RoundsOperation Collisions found SHA − ,and,or, xor,rot Yes SHA − ,and,or, xor,rot Yes (2 52 attack (*) [ [ SHA-2 SHA-25 6/ / − ,and,or, xor,shr,rot None SHA-51 2/ / − ,and,or, xor,shr,rot None SHA (Secure Hash Algorithm) (2/2) * Cameron McDonald, Philip Hawkes and Josef Pieprzyk, SHA-1 collisions now 2^52, Eurocrypt 2009 Rump session, 837a0a8086fa6ca ddfae43d.pdf.

23 SHA-1 Overview round 0 f 1, ABCDE, Y q, K 0, w 0 round 1 f 2, ABCDE, Y q, K 1, w 1 round 79 f 80, ABCDE, Y q, K 79, w 79 ABCDE ABCDE   160 CV q+1 CV q ABCDE 160 YqYq 512

24 SHA-1 round function EDCBA EDCBA Input buffer Output buffer f t CLS 5 CLS 30 WtWt KtKt Constants From message Boolean function Cyclic left shift

25 SHA-1 Initial values A = B = E F C D A B 8 9 C = 9 8 B A D C F E D = E = C 3 D 2 E 1 F 0 Constants K t t = 0 ~ 19K t = 5 A t = 20 ~ 39K t = 6 E D 9 E B A 1 t = 40 ~ 59K t = 8 F 1 B B C D C t = 60 ~ 79K t = C A 6 2 C 1 D 6 Boolean function f t t = 0 ~ 19f t (B, C, D) = B · C + B · D t = 20 ~ 39f t (B, C, D) = B  C  D t = 40 ~ 59f t (B, C, D) = B · C + B · D + C · D t = 60 ~ 79f t (B, C, D) = B  C  D

26 SHA-1 message inputs Y q 512- bit  32 w0w0 w1w1 w 15 w 16 wtwt w 79  CLS 1 w0w0 w 13 w2w2 w 8 CLS 1 w t–16 wt–3wt–3 w t–14 w t–8 CLS 1 w 63 w 76 w 65 w 71 CLS: Cyclic Left Shift

27 Step Operations of MD5 & SHA1 A B CD E A B CD E frfr <<30 << MiMi KrKr D CB A D CB A frfr <<s i + MiMi KrKr Big endian Little endian

28 Step Operations of SHA1 & HAS160 A B CD E A B CD E frfr <<30 << MiMi KrKr A B CD E A B CD E frfr <<s r <<s i MiMi KrKr <<s r...

29 Comparison of Popular Hash Functions Hash Func.MD5 SHA1RMD160HAS160 Digest size(bits) Block size(bits) 512 No of steps 64( 4x16 ) 80( 4x20 )160( 5x2x16 )80( 4x20 ) Boolean func. 4 4(3)5 Constants Endianness Little BigLittle Speed ratio

30 Hash Functions Based on Block Ciphers: MDC1 Matyas-Meyer-Oseas Scheme g: a function mapping an input H i to a key suitable for E, might be the identity function Compression function f E g HiHi MiMi H i-1 block size Provably Secure under an appropriate black- box model But produces too short hash codes for use in most applications

31 Hash Functions Based on Block Ciphers: MDC2 Compression function f MiMi HiHi E g H i-1 A B E g C D A D C B HiHi

Ex. of MD5 Collisions 32 Collision1.bin Collision2.bin Same MD5 Hashed Value !!

Practical Collision Attacks (MD5) Colliding valid X.509 certificates –Lenstra, Wang, Weger, forged X.509 certificates , Same owner with different public keys (2048 bits) –Stevens, Lenstra, Weger, Eurocrypt bit public key (8-block collision) –Stevens etc. Crypto 2009 Pass the browser authentication, different owners, different public keys (See next page.\) 33

X.509v3 Real and Fake Certificates 34

SHA-3 Project 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.