Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography & Network Security: 1 IX. Hash Algorithms Look at three important hash functions (MD5, SHA-1, RIPEND-160) then look an Internet- standard.

Published byJason Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptography & Network Security: 1 IX. Hash Algorithms Look at three important hash functions (MD5, SHA-1, RIPEND-160) then look an Internet- standard."— Presentation transcript:

1 Cryptography & Network Security: 1 IX. Hash Algorithms Look at three important hash functions (MD5, SHA-1, RIPEND-160) then look an Internet- standard message authentication code (HMAC)

2 2 Cryptography & Network Security: CONTENTS… 1. MD5 Message Digest Algorithm 2. Secure Hash Algorithm 3. RIPEMD-160 4. HMAC

3 3 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Developed by Ron Rivest at MIT -RFC 1321 MD5 Logic Input: arbitrary length message Processed in 512-bit blocks Output: 128-bit message digest

4 4 Cryptography & Network Security: 1. MD5 Message Digest Algorithm

5 5 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Processing Steps 1. Append padding bits 2. Append length 3. Initialize MD buffer 4. Process message in 512-bit blocks 5. output

6 6 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Append padding bits[1/5] pad message so its length is 448 mod 512 Padding is always added. the number of padding bits is in the range of 1 to 512  ex) 448(message) + 512(padding bit)=960bits 447(message) + 1(padding bit) =448bits 449(message) + 511(padding bit)=960bits Padding consists of a single 1-bit followed by 0-bits

7 7 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Append length[2/5] Append 64 bit length of the original message to the result step 1. If original length is greater than 2 64 only low- order 64 bits of the length are used. The length of expanded message is L*512 bits -> # of block = L, # of word = N = 16*L

8 8 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Initialize MD buffer[3/5] 128-bit buffer, used to hold intermediate and final results of the hash function. 4 32-bit registers (A, B, C, D) IV = {A=67452301,B=EFCDAB89, C=98BADCFE, D=10325476} Stored in little-endian format AB CD = 0123456789ABCDEF FEDCBA9876543210

9 9 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Process message in 512bit blocks[4/5] Module that consists of 4 rounds of processing of 16 steps each 4 rounds have a similar structure, but each uses a different primitive logical function(F,G,H,I) INPUT: 512-bit block Y q, 128-bit CV q 64-element table T[1…64], [Table9.1] OUTPUT: CV q+1 (addition is mod 2 32 )

10 10 Cryptography & Network Security: 1. MD5 Message Digest Algorithm

11 11 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Output[5/5] The output from the Lth stage is the 128-bit message digest. Summary of Logic CV 0 =IV CV q+1 =SUM 32 (CV q,RF I [Y q,RF H [Y q,RF G [Y q,RF F [Y q,CV q ]]]]) MD=CV L

12 12 Cryptography & Network Security: 1. MD5 Message Digest Algorithm MD5 Compression Function Each round consists of a sequence of 16 steps of the form a <- b+((a+g(b,c,d)+X[k]+T[i]<<<s) Roun d Primitive function gg(b,c,d) 1F(b,c,d) (b ∧ c) ∨ (~b ∧ d) 2G(b,c,d) (b ∧ d) ∨ (c ∧ ~d) 3H(b,c,d) bcdbcd 4I(b,c,d) c  (b ∨ ~d)

13 13 Cryptography & Network Security: 1. MD5 Message Digest Algorithm [Figure 9.4] adapted from RFC1321, defines the processing algorithm of step 4. X[0…15] holds the value of the current 512-bit input Within a round, each of the 16 words of X[i] is used once, during one step  2 (i)= (1+5i)mod 16  3 (i)= (5+3i)mod 16  4 (i)= 7imod 16

14 14 Cryptography & Network Security: 1. MD5 Message Digest Algorithm MD4 Precursor to MD5 [RFC1320] Goals  Security, Speed, Simplicity and compactness, Favor little- endian architecture Differences  Uses three rounds of 16 steps each  No additive constant is used in 1 st round  Uses three primitive logical functions  Did not include final addition

15 15 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Strength of MD5 [ominous trend in the attacks on MD5] using differential cryptanalysis it is possible to find 2 messages producing the same digest for a 1-round, not the full 4-round MD5 Pseudocollision, not seem to be any way to extend this approach to a success Collision for the MD5 compression function: works on a single 512-bit block of input, no way has been found to generalize this attack to a full message using the MD5 IV.

16 16 Cryptography & Network Security: 2. Secure Hash Algorithm Developed by the National Institute of Standards and Technology (NIST) Published as a federal information processing standard in 1993 Revised version was issued as SHA-1 SHA-1 is based on the MD4 algorithm, its design closely models MD4

17 17 Cryptography & Network Security: 2. Secure Hash Algorithm SHA-1 Logic INPUT: a message with a maximum length of less than 2 64 bits Overall processing: shown for MD5 in Figure 9.1, with a block length of 512 bits and a hash length of 160 bits OUTPUT: 160-bit message digest

18 18 Cryptography & Network Security: 2. Secure Hash Algorithm Processing Steps 1. Append padding bits 2. Append length 3. Initialize MD buffer 4. Process message in 512-bit blocks 5. output

19 19 Cryptography & Network Security: 2. Secure Hash Algorithm Append padding bits[1/5] pad message so its length is 448 mod 512 Padding is always added. the number of padding bits is in the range of 1 to 512 Padding consists of a single 1-bit followed by 0-bits

20 20 Cryptography & Network Security: 2. Secure Hash Algorithm Append length[2/5] Append 64bit length of the original message to the result step 1. Treated as an unsigned 64-bit integer Contains the length of the original message

21 21 Cryptography & Network Security: 2. Secure Hash Algorithm Initialize MD buffer[3/5] 160-bit buffer 5 32-bit registers (A, B, C, D, E) IV = {A=67452301,B=EFCDAB89,C=98BADCFE, D=10325476,E=C3D2E1F0} Stored in big-endian format ABCDE = 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0

22 22 Cryptography & Network Security: 2. Secure Hash Algorithm Process Message in 512bit blocks[4/5] Module that consists of 4 rounds of processing of 20 steps each 4 rounds have a similar structure, but each uses a different primitive logical function(f 1,f 2,f 3,f 4 ) INPUT: 512-bit block Y q, 160-bit CV q Each round uses an additive constant K t where 0≤t≤79 (for 80 steps) OUTPUT: CV q+1 (addition is mod 2 32 )

23 23 Cryptography & Network Security: 2. Secure Hash Algorithm Step Numbe r HEX Take Integer Part of: 0≤t≤19 K t =5A8279 99 [ ] 20≤t≤39 K t =6ED9EB A1 [ ] 40≤t≤59 K t =8F1BBC DC [ ] 60≤t≤79 K t =CA62C1 D6 [ ]

24 24 Cryptography & Network Security: 2. Secure Hash Algorithm Output[5/5] The output from the Lth stage is the 160-bit message digest. Summary of Logic CV 0 =IV CV q+1 =SUM 32 (CV q, ABCDE q ) MD=CV L

25 25 Cryptography & Network Security: 2. Secure Hash Algorithm SHA-1 Compression Function Each round is of the form[Figure 9.6] Each primitive function  takes 3 32-bit words as input  Performs a set of bitwise logical operation  Produces a 32-bit word output

26 26 Cryptography & Network Security: 2. Secure Hash Algorithm Step Function NameValue 0≤t≤19 f 1 =f(t,B,C,D) 20≤t≤39 f 2 =f(t,B,C,D) 40≤t≤59 f 3 =f(t,B,C,D) 60≤t≤79 f 4 =f(t,B,C,D)

27 27 Cryptography & Network Security: 2. Secure Hash Algorithm

28 28 Cryptography & Network Security: 2. Secure Hash Algorithm Comparison of SHA-1 and MD5 Security against brute-force attacks  32 bits longer than the MD5  Producing any message having a given message digest is on the order 2 160 for SHA-1  Producing 2 messages having the same message digest is on the order 2 80 for SHA-1  Stronger against brute-force attack

29 29 Cryptography & Network Security: 2. Secure Hash Algorithm Security against cryptanalysis  Less vulnerable against cryptanalytic attacks discovered since MD5’s design Speed  Both algorithms rely heavily on addition modulo 2 32 SHA-1 involves more steps and must process a 160-bit buffer.  SHA-1 should execute more slowly than MD5

30 30 Cryptography & Network Security: 2. Secure Hash Algorithm Simplicity and Compactness  Both are simple to describe and simple to implement  Not require large programs nor substitution tables Little-endian vs Big-endian architecture  There appears to be no advantage to either approach

31 31 Cryptography & Network Security: 3. RIPEMD-160 Developed under the European RACE Integrity Primitives Evaluation project By a group of researchers launching partially successful attacks on MD4 and MD5 Originally a 128-bit RIPEMD

32 32 Cryptography & Network Security: 3. RIPEMD-160 RIPEMD-160 Logic INPUT: a message of arbitrary length Overall processing: shown for MD5 in Figure 9.1, with a block length of 512 bits and a hash length of 160 bits Output: 160-bit message digest

33 33 Cryptography & Network Security: 3. RIPEMD-160 Processing Steps 1. Append padding bits 2. Append length 3. Initialize MD buffer 4. Process message in 512-bit blocks 5. output

34 34 Cryptography & Network Security: 3. RIPEMD-160 Append padding bits[1/5] pad message so its length is 448 mod 512 Padding is always added. the number of padding bits is in the range of 1 to 512 Padding consists of a single 1-bit followed by 0-bits

35 35 Cryptography & Network Security: 3. RIPEMD-160 Append Length[2/5] Append 64bit length of the original message to the result step 1. Treated as an unsigned 64-bit integer Contains the length of the original message As with MD5, and in contrast to SHA-1, RIPEMD-160 uses a little-endian convention

36 36 Cryptography & Network Security: 3. RIPEMD-160 Initialize MD buffer[3/5] 160-bit buffer 5 32-bit registers (A, B, C, D, E) IV = {A=67452301,B=EFCDAB89,C=98BADCFE, D=10325476,E=C3D2E1F0} Stored in little-endian format

37 37 Cryptography & Network Security: 3. RIPEMD-160 Process message in 512bit blocks[4/5] Module that consists of 10 rounds of processing of 16 steps each 10 rounds are arranged as 2 parallel lines of 5 rounds 4 rounds have a similar structure, but each uses a different primitive logical function(f 1,f 2,f 3,f 4,f 5 ) INPUT: 512-bit block Y q, 160-bit CV q ABCDE(L), A’B’C’D’E’(R) Each round uses an additive 9 constants OUTPUT: CV q+1 (addition is mod 2 32 )

38 38 Cryptography & Network Security: 3. RIPEMD-160 CV q+1 (0)=CV q (1)+C+D’ CV q+1 (1)=CV q (2)+D+E’ CV q+1 (2)=CV q (3)+E+A’ CV q+1 (3)=CV q (4)+A+B’ CV q+1 (4)=CV q (0)+B+C’

39 39 Cryptography & Network Security: 3. RIPEMD-160 Output[5/5] The output from the Lth stage is the 160-bit message digest

40 40 Cryptography & Network Security: 3. RIPEMD-160 Compression Function Each round consists of a sequence of 16 steps [Figure 9.9] The processing algorithm of one round A:=CV q (0);B:=CV q (1);C:=CV q (2);D:=CV q (3);E:= CV q (4) A’:=CV q (0);B’:=CV q (1);C’:=CV q (2);D’:=CV q (3);E’:= CV q (4) for j=0 to 79 do T:=rol s(j) (A+f(j,B,C,D)+X r(j) +K(j))+E; A:=E;E:=D;D:= rol 10 (C);C:=B;B:=T; T:=rol s’(j) (A’+f(79-j,B’,C’,D’)+X r’(j) +K’(j))+E’; A’:=E’;E’:=D’;D’:= rol 10 (C’);C’:=B’;B’:=T’; enddo CV q+1 (0)=CV q (1)+C+D’; CV q+1 (1)=CV q (2)+D+E’; CV q+1 (2)=CV q (3)+E+A’; CV q+1 (3)=CV q (4)+A+B’; CV q+1 (4)=CV q (0)+B+C’;

41 41 Cryptography & Network Security: 3. RIPEMD-160

42 42 Cryptography & Network Security: 3. RIPEMD-160 Step Function NameValue 0≤t≤15 f 1 =f(j,B,C,D) 16≤t≤31 f 2 =f(j,B,C,D) 32≤t≤47 f 3 =f(j,B,C,D) 48≤t≤63 f 4 =f(j,B,C,D) 64≤t≤79 f 5 =f(j,B,C,D) 5 primitive logical functions

43 43 Cryptography & Network Security: 3. RIPEMD-160 The array of 32-bit words X[0..15] holds the value of the current 512-bit input block being processed. Within a round, each of the 16 words of X[i] is used exactly twice during one step on each line  Table 9.5a: the permutation used for each round in each line  Table 9.5b: the circular left shifts used in each round 

44 44 Cryptography & Network Security: 3. RIPEMD-160

45 45 Cryptography & Network Security: 3. RIPEMD-160 Design Decision 2 parallel lines are used to increase the complexity of finding collisions between rounds For simplicity, the 2 lines use essentially the same logic  It will become possible to attack one of the 2 lines and up to 3 rounds of the 2 parallel lines

46 46 Cryptography & Network Security: 3. RIPEMD-160  The combination of the 2 lines will resist attacks because of their differences The additive constants for the 2 lines are different The order of the primitive logical functions is reversed The order of processing of the 32-bit words in the message block is different The step operation is identical to MD5’s  The rotation of C word avoids an MD5 attack that focuses on the most significant bit The permutation has the effect that 2 message words close in one round are relatively far apart in the next

47 47 Cryptography & Network Security: 3. RIPEMD-160 The circular left shifts were chosen based on  The shift range from 5 to 15  Every message word is rotated over different amounts for the 5 rounds  The shifts applied to each word should not have a special pattern  Not too many shift constants should be divisible by 4

48 48 Cryptography & Network Security: 3. RIPEMD-160 Comparison with MD5 and SHA-1

49 49 Cryptography & Network Security: 3. RIPEMD-160 Resistance to brute-force attack  All 3 algorithms are invulnerable to attacks against weak collision resistance  MD5 is highly vulnerable to birthday attack on strong collision resistance  SHA-1 and RIPEMD-160 are safe for the foreseeable future Resistance to cryptanalysis  Designed specifically to resist known cryptanalytic attacks  The use of two lines of processing gives RIPEMD-160 added complexity should make cryptanalysis more difficult than SHA-1

50 50 Cryptography & Network Security: 3. RIPEMD-160 Speed  All 3 algorithms rely on addition modulo 2 32 and simple bitwise logical operations  The added complexity and number of steps of SHA-1 and RIPEMD-160 does lead to slowdown compared to MD5 [Table 9.7] Little-endian vs big-endian architecture  There is no strong advantage to either approach  MD5 and RIPEMD-160 use a little-endian scheme

51 51 Cryptography & Network Security: 3. RIPEMD-160

52 52 Cryptography & Network Security: 4. HMAC there has been increased interest in developing a MAC derived from a cryptographic hash code Motivations generally execute faster in software than symmetric block ciphers Library code is widely available No export restrictions from US or other countries for cryptographic hash code

53 53 Cryptography & Network Security: 4. HMAC Incorporation of a secret key into an existing hash algorithm issued as RFC 2104 chosen as the mandatory-to-implement MAC for IP security used in other Internet protocols, such as SSL

54 54 Cryptography & Network Security: 4. HMAC HMAC Design Objectives [RFC2104] To use available hash functions. To allow for easy replaceability of the embedded hash function To preserve the original performance To use and handle keys in simple way To have a well understood cryptographic analysis of the strength of the authentication mechanism

55 55 Cryptography & Network Security: 4. HMAC HMAC Algorithm 1. Append zeros to the left end of K to create a b-bit string K + 2. XOR K + with ipad to produce the b-bit block S i 3. Append M to S i 4. Apply H to the stream generated in step 3

56 56 Cryptography & Network Security: 4. HMAC 1. XOR K + with opad to produce the b-bit block S o 2. Append the hash result from step 4 to S o 3. Apply H to the stream generated in step 6 and output the result

57 57 Cryptography & Network Security: 4. HMAC Having pseudorandomly generated 2 keys from K XOR with ipad/opad results in flipping one- half of the bits of K -> S i /S o Figure 9.11 show More efficient implementation is possible. 2 quantities are precomputed

58 58 Cryptography & Network Security: 4. HMAC f(cv,block)  The compression function for the hash function  INPUT: chaining variable of n bits, a block of b bits  OUTPUT: chaining variable of n bits  Only needed initially or every time the key changes

59 59 Cryptography & Network Security: 4. HMAC Security of HMAC Depends in some way on the cryptographic strength of the underlying hash function Generally expressed in terms of prob. of successful forgery with a given amount of time and number of message-MAC pairs

60 60 Cryptography & Network Security: 4. HMAC The Probability of successful attack on HMAC  The attacker is able to compute an output of the compression function even with an IV that is random, secret, and unknown to the attacker  The attacker finds collisions in the hash function even when the IV is random and secret

61 61 Cryptography & Network Security: 4. HMAC for a hash code length of 128 bits  2 64 observed blocks (2 73 bits) generated using the same key  On a 1-Gbps link One would need to observe a continuous stream of messages with no change in key for about 250,000 years in order to succeed  If speed is a concern It is fully acceptable to use MD5 rather than SHA-1 or RIPEMD-160 as embedded hash function for HMAC

Download ppt "Cryptography & Network Security: 1 IX. Hash Algorithms Look at three important hash functions (MD5, SHA-1, RIPEND-160) then look an Internet- standard."

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.

Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
SMUCSE 5349/49 Message Authentication MAC and Hash.

SMUCSE 5349/49 Message Authentication MAC and Hash.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Hash and MAC Algorithms

Hash and MAC Algorithms
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
Cryptography and Network Security Chapter 12

Cryptography and Network Security Chapter 12
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)

Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Similar presentations

Ads by Google