Presentation is loading. Please wait.

Presentation is loading. Please wait.

Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.

Published byMadlyn York Modified over 9 years ago

Similar presentations

Presentation on theme: "Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez."— Presentation transcript:

1 Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez

2 Problem You are designing a banking application that will be accessed by thousands of users. Security of passwords is a key factor.  Protect from people outside and inside the organization How do you store passwords in the database?

3 One Approach Encrypt passwords using a key. When the information is needed, decrypt it using same key! Example (very simple):  Given a character, encrypt it by replacing it with other. What is the idea? CharacterASCII CODEEncrypted A0100000110110010 B0100001010100101 IDEA: “hi” = decrypt(encrypt(“hi”))

4 What is the problem with this approach? If someone accesses this database and knows the key (even people from IT or support), all passwords would be revealed! UserPwd (encrypted using a key) aagui003bbhrt aaoni001jhlkhj

5 A better approach One-way hash functions (The talk is about this) ONE WAY

6 One way function A function y = f(x) is one way if it is easy to compute y from x but “hard” to compute x from y However, nobody has proved that such function exist! A possible definition is:  f(x) can be obtained in polynomial time  f -1 (x) is NP-hard

7 An example of one-way functions Unique factorization Theorem: Every integer has a unique factorization as product of primes. Factoring Given two large prime numbers u, v, consider y = f(u, v) = u * v. It is polynomial time computable. However, given y, can we calculate u and v easily? NO

8 Hash function Map a message of variable length m to a fingerprint of fixed n bits, and m >= n Fundamental properties:  Compression  Easy to compute Can be used to detect changes since a modification (even a bit) would change the hash value.

9 One-way hash functions y = h(x) where  Given x, calculating h(x) is easy  Given y, calculating any x such that y=h(x) is hard, AND  y is fixed length independent of the size of x (a compression function is needed for large inputs) Input Output

10 Two questions Is it easy to come up with new one- way hash functions? What do we need to build such functions?  Easy to compute (in general, it is a public algorithm)  Hard to invert (2 n different output!)  Compression function  Collision resistant

11 Collision Given x 1, x 2, and a hash function h, a collision exists if h(x 1 ) = h(x 2 ) Is this possible?  YES, why?  It is a many-to-one function! The input domain is greater that the output domain. Therefore, good one-way hash functions should be collision resistant! Collision resistant?

12 The Birthday paradox Consider the probability Q 1 (n, d) that no two people out of a group of n will have matching birthdays out of d equally possible birthdays. http://mathworld.wolfram.com/BirthdayProblem.html In general, let Q i (n, d) denote the probability that a birthday is shared by i people out of a group of n people, then the probability that a birthday is shared by k or more people. Probabilty that two do have same birthday

13 …birthday paradox An approximation for the minimum number of people needed to get 50-50 chance that two have a match within k days out of d possible is given by: How many people do we need in this classroom for a 50-50 chance? (Sevast'yanov 1972, Diaconis and Mosteller 1989). What about OWHFs?

14 Birthday attacks for OWHFs Given y = h(x), where y is length-fixed of n bits, 2 n outputs can be obtained. Since x is of variable length, and |x| > |y| in some cases. h(x) is a many-to-one function! How many attempts are necessary so that h(x 1 )=h(x 2 ) (probability of success >= 0.5)?  Use the formula we just explained!  Let d = 2 n, and k = 0

15 To be collision resistant, how big should n be? 64-bits is now regarded as too small, 128-512 proposed Output lengthn(d) 64 bits 128 bits 160 bits

16 General structure of OWHF’s arbitrary length input iterated compression function fixed length output optional transformation output Input Output

17 Details append padding bits append length block  g HiHi H 0 =IV xixi preprocessing HtHt H i-1 original input x formatted input x 1, x 2... x t iterated processing compression function f output h(x)=g(H t )

18 Two known OWHF’s MD5  From Ronald Rivest (the R from RSA) [1992]  Produce a 128-bit hash value  MD5 is widely used, however collisions were detected (Wang, 2004). SHA1  Designed by the National Institute of Standards and Technology (NIST), as an “upgrade” from MD5  Produces 160-bit hash values

19 Going back to our problem Save a pair  Now, if somebody (inside or outside) access passwords table each entry should be attacked individually! An authentication algorithm would look as follows: if MD5(passw_typed) == hash_of_passw CorrectPassword = true else CorrectPassword = false

20 Other uses Digital signatures  Antivirus  Software validation Used to store passwords in some Linux implementations

21 Thank you What #$!@ is he talking about? mmm… Z Z z… Questions?

Download ppt "Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part II.

Similar presentations

Ads by Google