Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
66 views

Hash Function

The document discusses hash functions and their properties. It begins by defining a hash value as a condensed representation of an arbitrary message of fixed size. It then explains that a hash value acts as a "digital fingerprint" of the original document. The document notes that hashing is a one-way process without decryption, whereas encryption is two-way with encryption and decryption requiring a key.

Uploaded by

Adesh Kumar chaturvedi
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
66 views

Hash Function

The document discusses hash functions and their properties. It begins by defining a hash value as a condensed representation of an arbitrary message of fixed size. It then explains that a hash value acts as a "digital fingerprint" of the original document. The document notes that hashing is a one-way process without decryption, whereas encryption is two-way with encryption and decryption requiring a key.

Uploaded by

Adesh Kumar chaturvedi
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 43

Hash Function

 The hash value represents


concisely the longer message
 may called the message digest

 A message digest is as a
``digital fingerprint'' of the
original document

condenses arbitrary message to fixed size


h = H(M)

1
Hashing V.S. Encryption
Hello, world. k NhbXBsZSBzZW50ZW5jZS
A sample sentence to E B0byBzaG93IEVuY3J5cHR
show encryption. pb24KsZSBzZ

Hello, world. k NhbXBsZSBzZW50ZW5jZS


A sample sentence to D B0byBzaG93IEVuY3J5cHR
show encryption. pb24KsZSBzZ

 Encryption is two way, and requires a key to encrypt/decrypt

This is a clear text that


can easily read 52f21cf7c7034a20
without using the key. 17a21e17e061a863
The sentence is longer
than the text above.

 Hashing is one-way. There is no 'de-hashing’


Motivation for Hash Algorithms
 Intuition
 Limitation on non-cryptographic checksum
 Very possible to construct a message that matches the
checksum
 Goal
 Design a code where the original message can not be inferred
based on its checksum
 such that an accidental or intentional change to the message
will change the hash value
Hash Function Applications
 Used Alone
 Fingerprint -- file integrity verification, public key fingerprint
 Password storage (one-way encryption)

 Combined with encryption functions


 Hash based Message Authentication Code (HMAC)
 protects both a message's integrity and confideltaility
 Digital signature
 Ensuring Non-repudiation
 Encrypt hash with private (signing) key and verify with public
(verification) key
Integrity

 to create a one-way password file


 store hash of password not actual password
 for intrusion detection and virus detection
 keep & check hash of files on system
Password Verification
Store Hashing Password Verification an input password against the stored hash

Iam#4VKU Iam#4VKU
Password
store

h h

661dce0da2bcb2d8 661dce0da2bcb2d8 661dce0da2bcb2d8


2884e0162acf8194 2884e0162acf8194 2884e0162acf8194

Hash Matching
Exactly?
Password
Yes No
store Deny
Grant
Topics
 Overview of Cryptography Hash Function
 Usages
 Properties
 Hashing Function Structure
 Attack on Hash Function
 The Road to new Secure Hash Standard
Hash Function Usages (I)

Message encrypted : Confidentiality and authentication

Message unencrypted: Authentication


Hash Function Usages (II)

Message encrypted : Authentication (no encryption needed!)

Message unencrypted: Authentication, confidentiality


Hash Function Usages (III)

Authentication, digital signature

Authentication, digital signature, confidentiality


Topics
 Overview of Cryptography Hash Function
 Usages
 Properties
 Hashing Function Structure
 Attack on Hash Function
 The Road to new Secure Hash Standard
Hash Function Properties
 Arbitrary-length message to fixed-length digest

 Preimage resistant (One-way property)

 Second preimage resistant (Weak collision resistant)

 Collision resistant (Strong collision resistance)


Properties : Fixed length

Hello, world 661dce0da2bcb2d8


2884e0162acf8194

Fixed length L
This is a clear text that
can easily read without 52f21cf7c7034a20
using the key. The 17a21e17e061a863
sentence is longer than
the text above.

 Arbitrary-length message to fixed-length digest


Preimage resistant
 This measures how difficult to devise a message which hashes to the known
digest
 Roughly speaking, the hash function must be one-way.

Given only a message digest, can’t find any message


(or preimage) that generates that digest.
Second preimage resistant
 This measures how difficult to devise a message which hashes to the
known digest and its message

 Given one message, can’t find another message that has the same message digest. An attack that
finds a second message with the same message digest is a second pre-image attack.
 It would be easy to forge new digital signatures from old signatures if the hash function used
weren’t second preimage resistant
Collision Resistant

 Can’t find any two different messages with the same message digest
 Collision resistance implies second preimage resistance
 Collisions, if we could find them, would give signatories a way to repudiate their signatures
Topics
 Overview of Cryptography Hash Function
 Usages
 Properties
 Hashing Function Structure
 Attack on Hash Function
 The Road to new Secure Hash Standard
Two Group of Compression Functions
 The compression function is made from scratch
 Message Digest

 A symmetric-key block cipher serves as a compression


function
 Whirlpool
Merkle-Damgard Scheme

 Well-known method to build cryptographic hash function


 A message of arbitrary length is broken into blocks
 length depends on the compression function f
 padding the size of the message into a multiple of the block size.
 sequentially process blocks , taking as input the result of the hash so far and the current message block, with the final
fixed length output
Hash Functions Family
 MD (Message Digest)
 Designed by Ron Rivest
 Family: MD2, MD4, MD5
 SHA (Secure Hash Algorithm)
 Designed by NIST
 Family: SHA-0, SHA-1, and SHA-2
 SHA-2: SHA-224, SHA-256, SHA-384, SHA-512
 SHA-3: New standard in competition
 RIPEMD (Race Integrity Primitive Evaluation Message
Digest)
 Developed by Katholieke University Leuven Team
 Family : RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320
MD5, SHA-1, and RIPEMD-160

21
MD2, MD4 and MD5
 Family of one-way hash functions by Ronald Rivest
 All produces 128 bits hash value
 MD2: 1989
 Optimized for 8 bit computer
 Collision found in 1995
 MD4: 1990
 Full round collision attack found in 1995
 MD5: 1992
 Specified as Internet standard in RFC 1321
 since 1997 it was theoretically not so hard to create a collision
 Practical Collision MD5 has been broken since 2004
 CA attack published in 2007
MD5 Overview
Topics
 Overview of Cryptography Hash Function
 Usages
 Properties
 Hashing Function Structure
 MD5
 SHA
 Attack on Hash Function
 The Road to new Secure Hash Standard
MD5 Overview

2. Append
length
(64bits)

1. Append padding
bits
(to 448 mod 512)

3. Initialize MD buffer (4x32 bits Word)


Word A = 01 23 45 67
Word B = 89 AB CD EF
Word C = FE DC BA 98
Word D = 76 54 32 10
Hash Algorithm Design – MD5

16 steps

X[k] = M [q*16+k] (32 bit)

Constructed from sine function


The ith 32-bit word in matrix T, constructed from the sine function

M [q*16+k] = the kth 32-bit word from the qth 512-bit block of the msg

Single step
Topics
 Overview of Cryptography Hash Function
 Usages
 Properties
 Hashing Function Structure
 MD5
 SHA
 Attack on Hash Function
 The Road to new Secure Hash Standard
Secure Hash Algorithm
 SHA originally designed by NIST & NSA in 1993
 revised in 1995 as SHA-1
 US standard for use with DSA signature scheme
 standard is FIPS 180-1 1995, also Internet RFC3174
 based on design of MD4 with key differences
 produces 160-bit hash values
 recent 2005 results on security of SHA-1 have raised concerns
on its use in future applications
Revised SHA
 NIST issued revision FIPS 180-2 in 2002
 adds 3 additional versions of SHA
 SHA-256, SHA-384, SHA-512
 designed for compatibility with increased security
provided by the AES cipher
 structure & detail is similar to SHA-1
 hence analysis should be similar
 but security levels are rather higher
SHA Versions

Full collision found


Sample Processing

Type bits data processed


MD5 128 469.7 MB/s
SHA-1 160 339.4 MB/s
SHA-512 512 177.7 MB/s

 Mac Intel 2.66 Ghz core i7


 1024 bytes block of data
SHA-512 Overview
Padding and length field in SHA-512

 What is the number of padding bits if the length of the original message
is 2590 bits?
 We can calculate the number of padding bits as follows:

 The padding consists of one 1 followed by 353 0’s.


SHA-512 Round Function
Topics
 Overview of Cryptography Hash Function
 Usages
 Properties
 Hashing Function Structure
 MD5
 SHA
 Attack on Hash Function
 The Road to new Secure Hash Standard
Hash Function Cryptanalysis
 cryptanalytic attacks exploitsome property of algorithm
so faster than exhaustive search
 hash functions use iterative structure
 process message in blocks (incl length)
 attacks focus on collisions in function f
Attacks on Hash Functions
 brute-force attacks and cryptanalysis
 cryptanalytic attacks exploit some property of algorithm so faster than
brute-force
a preimage or second preimage attack
 find y such that H(y)equals a given hash value
 collision resistance
 find two messages x & y with same hash so H(x) = H(y)

"md5
md5 and
and sha1
sha1 are
are both
both clearly
clearly broken
broken (in
(in terms
terms of collision-resistance”
of collision-resistance
Ron
Ron Rivest
Rivest

http://mail.python.org/pipermail/python-dev/2005-December/058850.html
http://mail.python.org/pipermail/python-dev/2005-December/058850.html
Topics
 Overview of Cryptography Hash Function
 Usages
 Properties
 Hashing Function Structure
 MD5
 SHA
 Attack on Hash Function
 The Road to new Secure Hash Standard
The need of new Hash standard
 MD5 should be considered cryptographically broken and
unsuitable for further use, US CERT 2010
 In 2004, a collision for the full SHA-0 algorithm was
announced

 SHA-1 not yet fully “broken”


 but similar to the broken MD5 & SHA-0
 so considered insecure and be fade out
 SHA-2 (esp. SHA-512) seems secure
 shares same structure and mathematical operations as
predecessors so have concern
SHA-3 Requirements
 NIST announced in 2007 a competition for the SHA-3 next
gen hash function
 Replace SHA-2 with SHA-3 in any use
 so use same hash sizes
 preserve the nature of SHA-2
 so must process small blocks (512 / 1024 bits)
 evaluation criteria
 security close to theoretical max for hash sizes
 cost in time & memory
 characteristics: such as flexibility & simplicity
Timeline Competition
 Nov 2007: Announce public competition
 Oct 2008: 64 Entries
 Dec 2008: 51 Entries as 1st Round
 Jul 2009: 14 Entries as 2nd Round
 Dec 2010: 5 Entries as 3rd Round
 Jan 2011: Final packages submission and enter public
comments
 2012: SHA-3 winner announcement (Still in progress)
Summary
 Hash functions are keyless
 Applications for digital signatures and in message authentication codes
 The three security requirements for hash functions are
 one-wayness, second preimage resistance and collision resistance
 MD5 and SHA-0 is insecure
 Serious security weaknesses have been found in SHA-1
 should be phased out
 SHA-2 appears to be secure
 May use SHA-512 and use the first 256 bytes
 The ongoing SHA-3 competition will result in new standardized
hash functions in a next year

You might also like