Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptographic hash functions

Published byEileen Horton Modified over 6 years ago

Similar presentations

Presentation on theme: "Cryptographic hash functions"β€” Presentation transcript:

1 Cryptographic hash functions

2 Definition of hash function
𝐻≔ {β„Ž 1 ,…, β„Ž π‘š } β„Ž 𝑖 : 0,1 𝑛 β†’ 0,1 β„“(𝑛) Compression : β„“ 𝑛 <𝑛 𝐺𝑒𝑛 1 𝑠 picks an index between 1 and m.

3 Collision resistance i 𝑖←𝑔𝑒𝑛({ 1} 𝑠 ) π‘₯,π‘₯β€² 𝑀𝑖𝑛𝑠 if β„Ž 𝑖 π‘₯ = β„Ž 𝑖 (π‘₯β€²)

4 Second-collision resistant
𝑖←𝑔𝑒𝑛({ 1} 𝑠 ) π‘₯ ∈ 𝑅 0,1 𝑠 𝑖,π‘₯ π‘₯β€² 𝑀𝑖𝑛𝑠 if β„Ž 𝑖 π‘₯ = β„Ž 𝑖 (π‘₯β€²)

5 Preimage resistance 𝑖←𝑔𝑒𝑛({ 1} 𝑠 ) y ∈ 𝑅 0,1 β„“(𝑠) 𝑖,𝑦 π‘₯ 𝑀𝑖𝑛𝑠 if
β„Ž 𝑖 π‘₯ =𝑦

6 Comparison between different security
𝑖←𝑔𝑒𝑛({ 1} 𝑠 ) 𝑖←𝑔𝑒𝑛({ 1} 𝑠 ) π‘₯ ∈ 𝑅 0,1 𝑠 𝑖←𝑔𝑒𝑛({ 1} 𝑠 ) y ∈ 𝑅 0,1 β„“(𝑠) 𝑖,π‘₯ 𝑖,𝑦 π‘₯,π‘₯β€² π‘₯β€² π‘₯ 𝑀𝑖𝑛𝑠 if β„Ž 𝑖 π‘₯ = β„Ž 𝑖 (π‘₯β€²) 𝑀𝑖𝑛𝑠 if β„Ž 𝑖 π‘₯ = β„Ž 𝑖 (π‘₯β€²) 𝑀𝑖𝑛𝑠 if β„Ž 𝑖 π‘₯ =𝑦 π‘‘π‘Žπ‘Ÿπ‘”π‘’π‘‘βˆ’π‘π‘œπ‘™π‘™π‘–π‘ π‘–π‘œπ‘› π‘Ÿπ‘’π‘ π‘–π‘ π‘‘π‘Žπ‘›π‘π‘’ π‘π‘Ÿπ‘’π‘–π‘šπ‘Žπ‘”π‘’ π‘Ÿπ‘’π‘ π‘–π‘ π‘‘π‘Žπ‘›π‘‘ π‘π‘œπ‘™π‘™π‘–π‘ π‘–π‘œπ‘› π‘Ÿπ‘’π‘ π‘–π‘ π‘‘π‘Žπ‘›π‘‘

7 Birthday attack What is the probability that in a class of 23 people there are at least two people with the same birthday. Answer: more than 50% chance General question: Suppose you sample m values from n values, what is the probability that there exists at least two values that are the same. Answer: if π‘š= 𝑛 then probability is about one-half

8 Proof of the birthday attack
If you store 𝑛 output with a given input the probability that a new input gets sent to a previously visited output is 1/ 𝑛 The probability that 𝑛 elements all get mapped to fresh output is 1βˆ’ 1 𝑛 𝑛 β‰₯1/𝑒

9 Mac using hash functions
π‘š 𝐻 𝑖 π‘šπ‘Žπ‘ π‘˜

10 HMAC Global constants 𝑣 1 , 𝑣 2 Gen Auth(m) 𝑠←𝐺𝑒𝑛 1 𝑠 π‘˜ ∈ 𝑅 0,1 𝑠
𝑠←𝐺𝑒𝑛 1 𝑠 π‘˜ ∈ 𝑅 0,1 𝑠 Auth(m) 𝑀 1 ←(π‘˜βŠ• 𝑣 2 ,π‘š) 𝑀 2 ← 𝐻 𝑠 𝑀 1 𝑀 3 ←(π‘˜βŠ• 𝑣 1 , 𝑀 1 ) 𝑑←𝐻( 𝑀 3 )

11 Random oracle heuristic
Assume that a hash function acts as a random function Allows us to prove security for efficient schemes Unsound but Only for contrived example Never broken for practical schemes

12 Applications of hash functions
Virus fingerprinting Deduplication Password hashing File changes/integrity

13 Virus fingerprinting Hash the virus using the hash function
To lookup a virus, simply look at the output of the function and see if it maps to a known virus False positives imply collision

14 Deduplication Avoid storing the same thing in memory many times
Uses hash function to index values so that we don’t need to copy the same thing many times.

15 File changes / integrity
To keep track of changes, we keep a list of hash for every function The output of the hash function can be much shorter than the size of the files

16 Proper way to hash passwords
NaΓ―ve way to hash passwords β„Žβ†π»(𝑝𝑀𝑑) Same password hashed to same value Correct way to hash a password π‘Ÿ ∈ 𝑅 0,1 𝑛 β„Žβ†π» π‘Ÿ,𝑝𝑀𝑑 (π‘Ÿ,β„Ž)

17 Bad way to hash passwords (xkcd)

18 Hash tree Goal Client has constant overhead
Server holds client’s database π‘₯ 1 ,…, π‘₯ 𝑛 Client requests π‘₯ 𝑖 Server sends π‘₯β€² 𝑖 How can client verify that π‘₯β€² 𝑖 = π‘₯ 𝑖 with only logarithmic overhead

19 Hash tree πΏπ‘’π‘Ž 𝑓 𝑖 = π»π‘Žπ‘ β„Ž(𝐹𝑖𝑙 𝑒 𝑖 ) Non-leaf node
πΏπ‘’π‘Ž 𝑓 𝑖 = π»π‘Žπ‘ β„Ž(𝐹𝑖𝑙 𝑒 𝑖 ) Non-leaf node Hash(Hash(node.left) || Hash(node.right)) Client only need to store the root To prove that a given file is correct, the server only needs to send the client hashes of nodes that follow the path from the given leaf to the root node.

Download ppt "Cryptographic hash functions"

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}* οƒ  {0,1} 160 – Input is called β€œmessage”, output is β€œdigest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}* οƒ  {0,1} 160 – Input is called β€œmessage”, output is β€œdigest”
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Indexing and Hashing (emphasis on B+ trees) By Huy Nguyen Cs157b 0900-1015 TR Lee, Sin-Min.

Indexing and Hashing (emphasis on B+ trees) By Huy Nguyen Cs157b TR Lee, Sin-Min.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.

David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.

Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.

CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
Slide 1 EJ Jung Hash Functions. Integrity checks.

Slide 1 EJ Jung Hash Functions. Integrity checks.
11.1 Copyright Β© The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

11.1 Copyright Β© The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

Similar presentations

Ads by Google