Topics to Cover

• Applications of Cryptographic
Hash Functions
• Two Simple Hash Functions
• Hash Functions based on CBC
• Secure Hash Algorithm (SHA)
 Cryptographic Hash Functions

• A hash function takes a variable-length data input (M) and produces a fixed-
size output (h).
• A good hash function creates outputs that are evenly spread out and look
random.
• Help ensure data integrity.
• A cryptographic hash function is a special type of hash function used for
security purposes.
• It is computationally infeasible to find an input that produces a specific hash
output (one-way property).
• It is computationally infeasible to find two different inputs that give the same
hash output (collision-free property).
Cryptographic
Hash
Functions
(Contd..)
 APPLICATIONS OF
CRYPTOGRAPHIC HASH
FUNCTIONS
 Message Authentication

• Message authentication ensures that the received message is the same as the
sent message, without any changes, additions, deletions, or replays.
• It often also checks that the sender's identity is valid.
• A hash function can be used to authenticate the message, and the result is
called a message digest.
• The sender creates a hash value based on the message and sends both the
message and the hash value.
• The receiver then calculates the hash value of the message they receive and
compares it with the one sent by the sender.
• If the hash values don't match, the receiver knows that the message has been
altered in some way.
Use of Hash Function for Message Integrity Check
 MITM attack on the Cryptographic Hash
Function

 The hash value must be sent securely to prevent tampering.

 If someone changes the message, they shouldn't be able to also change the hash
value to deceive the receiver.

 Example (Alice sending data with the corresponding Hash to Bob):-

• An attacker Darth intercepts the message, changes the data, and creates a new hash
value.
• Bob receives the altered data with the new hash and doesn't notice the change.

 To stop this attack, Alice’s original hash value must be protected during transmission.
MITM attack on the Cryptographic Hash Function (Contd..)
 A variety of ways to authenticate messages through hash
code

 Ensuring Authentication and Confidentiality through Symmetric Encryption

and Hashing:-
 A variety of ways to authenticate messages through hash
code (Contd..)

 Optimizing Performance with Symmetric Encryption of Hash Codes:-

 A variety of ways to authenticate messages through hash
code (Contd..)

 Message Authentication Using a Shared Secret Value and Hash Function:-

 A variety of ways to authenticate messages through hash
code (Contd..)

 Message Authentication and Confidentiality Using a Shared Secret, Hash

Function, and Encryption:-
 Reasons to provide Hash Code-based Message
Authentication that avoid encryption
 Any technique patented and ‘Message Authentication and Confidentiality
Using a Shared Secret, Hash Function, and Encryption’.

 Reasons:-
• Encryption software is slow, and despite small data sizes per message, a
constant stream of messages can impact system performance.
• Encryption hardware can be expensive, especially when every network node
requires it.
• Encryption hardware works best with large data sizes, as small data blocks
incur more overhead during initialization.
• Encryption algorithms may be patented and using them often requires a
licensing fee.
 Message Authentication (Contd..)

• Message Authentication is often done using a message authentication code

(MAC), which involves a secret key.
• The MAC function combines the secret key and the message data to create a
unique hash value (MAC).
• To verify the message, the MAC function is applied again, and the result is
compared to the original MAC.
• If the message is altered, the attacker can't change the MAC without knowing
the secret key.
• The verifying party knows the sender because only they share the secret key.
 Digital Signatures

• Digital signature is like message authentication and works like a MAC.

• The hash value of the message is encrypted using the user’s private key.

• Anyone who has the user’s public key can check if the message is correct (its
integrity).

• To change the message, an attacker would need to know the user’s private
key.
 Methods of using Hash Code to provide Digital Signature

 Digital Signatures and Authentication through Public-Key Encryption:-

 Methods of using Hash Code to provide Digital Signature
(Contd..)

 Securing Messages with Confidentiality and Digital Signatures Using

Symmetric Encryption:-
 Other Applications

 One-Way Password file

 Intrusion detection and Virus detection

 PRNG

 PRF
TWO SIMPLE HASH FUNCTIONS
Two Simple Hash Functions
 Bitwise XOR of every Block of data

• Ci = bi1⊕ bi2 ⊕ bi3 ⊕…………. ⊕ bim; where Ci is the ith bit of Hash Code, and
th th
bij is the i bit in the j block.
• This method checks data integrity by generating a simple parity bit for each bit
position.
• The probability of an error not affecting the hash is 2 −𝑛, where n is the number
of bits in the hash.
• Less effective for predictable or patterned data.
• For example, in text files, the high-order bit is usually zero, making the hash
-112 -128
function less effective (with an effectiveness of 2 instead of 2 ).
 Enhancing Hash Function Performance with a One-Bit
Circular Shift

 Improve the hash by rotating it after processing each block of data.

 Steps:-
• Start with the hash value set to zero.
• Rotate the current hash value of each block of data left by 1 bit.
• XOR each data block with the hash value.

 This process mixes the data better, removing patterns or regularities

in the input.
 Enhancing Hash Function Performance with a One-Bit
Circular Shift (Contd..)

 This hash process works well for checking data integrity but isn't
strong enough for overall security.

 If the hash is used with a plaintext message:-

• It's easy to create a new message that matches the original hash.
• A message can be changed, and a specific block can be added that
makes the new message match the original hash.
 Two Simple Hash Functions (Contd..)

• The 2 simple hash functions are basic and fast operations used in encryption,
but they're not very strong by modern security standards.
• If only the hash code is encrypted (without the message), it's not secure enough
and might be vulnerable to attacks.
• Encrypting both the message and its hash together using either of the 2 hash
functions might provide some protection, but it's still weak.
• Despite seeming useful, the 2 hash functions are not strong enough for secure
encryption, so stronger methods should be used to protect both the message
and its hash.
 CBC Mode with XOR-Based Block Hashing

 The message ‘M’ is made up of 64-bit blocks (denoted as X 1, X2, X3, ……..,
XN).

 Hash Code (h) = X1 ⊕ X2 ⊕ X3 ⊕ …….. ⊕ XN

 'h' is then added as an extra block at the end of the message, making the total
message length (N+1) blocks.

 The entire message (including the hash code) is encrypted using CBC
operating mode.
 CBC Mode with XOR-Based Block Hashing (Contd..)

 Application of CBC:-
• Encrypted Message:- Y1, Y2, Y3, ……….., YN, YN+1
• X1 = IV ⊕ D(K,Y1)
• Xi = Yi-1 ⊕ D(K, Yi)
• XN+1 = YN⊕ D(K, YN+1)
• XN+1 = [IV ⊕D(K, Y1)] ⊕ [Y1 ⊕D(K, Y2)] ⊕ …… ⊕ [YN-1 ⊕D(K, YN)]

 The hash code remains the same if the ciphertext blocks are permuted, since
XORing the terms is order-independent.
HASH FUNCTIONS BASED ON CBC
 Hash Functions based on CBC

 Proposals exist for hash functions using the CBC technique, but without a secret key.

 One early proposal was by Rabin:

• Message (M):- M1, M2, M3, ………., MN
• A symmetric encryption system like DES is used to compute the hash code G.
• Hi = E(Mi, Hi-1); where H0 is the initial value.
• G = HN

 Rabin method is similar to the CBC technique but does not use a secret key.

 Like any hash code, this method is vulnerable to the birthday attack.

 If the encryption algorithm is DES and only a 64-bit hash code is produced, the system is
 Meet In the Middle (MIM) attack

 A variation of the birthday attack can be used even if the opponent only has
one message and its valid signature.

 The opponent cannot obtain multiple signings.

 The scenario assumes that the opponent intercepts a message with a signature
in the form of an encrypted hash code.

 The unencrypted hash code is ‘m’ bits long.

 Meet In the Middle (MIM) attack (Contd..)

 Steps:-
• Calculate G.
• Construct the desired message (Q1, Q2, Q3, …….., QN-2).
• Hi = E(Qi, Hi-1); where H0 is the initial value., 1 ≤ I ≤ (N-2).
m/2
• Generate 2 random blocks. For each block X, compute E(X, HN-2).
m/2
• Generate additional 2 random blocks. For each block Y, compute D(Y, G).
• According to birthday paradox, there will be a X and Y such that E(X, H N-2) =
D(Y, G).
• Construct the final message (Q1, Q2, Q3, …….., QN-2, X, Y).
• This message will have the same hash code G and can be used with the
intercepted encrypted signature.
 Refinements for CBC-based Hash Functions

 Hi = E(Mi, Hi-1) ⊕Hi-1

 Hi = E(Hi-1, Mi) ⊕ Mi

 Both schemes are vulnerable to various attacks.

 As a result, there has been a shift towards finding alternative hashing methods.
SECURE HASH ALGORITHM (SHA)
 History and Evolution of SHA

• SHA has been the most used hash function in recent years.
• Many other widely used hash functions had serious weaknesses, so SHA
became the main standard by 2005.
• SHA was developed by NIST and published as a standard (FIPS 180) in 1993.
• The original version of SHA, called SHA-0, had weaknesses, so it was
updated to SHA-1 in 1995.
• SHA-1 creates a hash value of 160 bits.
• SHA-2 was introduced in 2002 with three new versions: SHA-256, SHA-384,
and SHA-512 (with hash sizes of 256, 384, and 512 bits).
 History and Evolution of SHA (Contd..)

• These SHA-2 versions are based on the same structure and operations as
SHA-1 but are stronger.
• In 2008, a version called SHA-224 was added to SHA-2.
• In 2015, two more versions, SHA-512/224 and SHA-512/256, were added.
• In 2005, NIST started planning to move from SHA-1 to SHA-2, expecting the
transition to be completed by 2010.
• In 2005, researchers found that finding two messages with the same SHA-1
hash (a collision) could be done with 269 operations, which was much fewer
than expected, speeding up the move to SHA-2.
Comparison of SHA parameters
Message Digest Generation using SHA-512

• ‘+’ stands for

word-by-
word
addition mod
64
2
Processing of a single 1024-bit block in SHA-512
SHA-512 Constants
SHA-512 Round Function
SHA-512 Round Function (Contd..)
 SHA-512 Round Function (Contd..)

• Wt = a 64-bit word derived from the current 1024-bit input block

• Kt = a 64-bit additive constant
64
• + = addition modulo 2

 Observations:-
• 6 out of the 8 output values in the round function are just rearranged (rotated) versions of
the input values.
• Only 2 output values, a and e, are created through substitution (changing the input
values).
• e depends on the variables d, e, f, g, and h, as well as the round word Wt and constant Kt.
• a depends on all the input variables except d, as well as the round word Wt and constant
Kt.
Generation of the 80-Word Input Sequence for SHA-512
Block Processing
Generation of the 80-Word Input Sequence for SHA-512
Block Processing (Contd..)
SHA-512 Logic