hash functions condenses arbitrary message to fixed size h = h(m) usually assume hash function is...
TRANSCRIPT
![Page 1: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/1.jpg)
![Page 2: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/2.jpg)
Hash Functionscondenses arbitrary message to fixed size
h = H(M) usually assume hash function is publichash used to detect changes to messagewant a cryptographic hash function
computationally infeasible to find data mapping to specific hash (one-way property)
computationally infeasible to find two data to same hash (collision-free property)
![Page 3: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/3.jpg)
Cryptographic Hash Function
![Page 4: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/4.jpg)
Hash Functions & Message Authent-ication
![Page 5: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/5.jpg)
Hash Functions & Digital Signatures
![Page 6: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/6.jpg)
Other Hash Function Usesto create a one-way password file
store hash of password not actual passwordfor intrusion detection and virus detection
keep & check hash of files on systempseudorandom function (PRF) or
pseudorandom number generator (PRNG)
![Page 7: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/7.jpg)
Two Simple Insecure Hash Functions
consider two simple insecure hash functionsbit-by-bit exclusive-OR (XOR) of every block
Ci = bi1 xor bi2 xor . . . xor bim a longitudinal redundancy checkreasonably effective as data integrity check
one-bit circular shift on hash valuefor each successive n-bit block
rotate current hash value to left by1bit and XOR blockgood for data integrity but useless for security
![Page 8: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/8.jpg)
Hash Function Requirements
![Page 9: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/9.jpg)
Attacks on Hash Functionshave brute-force attacks and cryptanalysisa preimage or second preimage attack
find y s.t. H(y) equals a given hash value collision resistance
find two messages x & y with same hash so H(x) = H(y)
hence value 2m/2 determines strength of hash code against brute-force attacks128-bits inadequate, 160-bits suspect
![Page 10: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/10.jpg)
Hash Function Cryptanalysiscryptanalytic attacks exploit some property of
alg so faster than exhaustive searchhash functions use iterative structure
process message in blocks (incl length)attacks focus on collisions in function f
![Page 11: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/11.jpg)
Block Ciphers as Hash Functionscan use block ciphers as hash functions
using H0=0 and zero-pad of final block
compute: Hi = EMi [Hi-1]
and use final block as the hash valuesimilar to CBC but without a key
resulting hash is too small (64-bit)both due to direct birthday attackand to “meet-in-the-middle” attack
other variants also susceptible to attack
![Page 12: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/12.jpg)
Secure Hash AlgorithmSHA originally designed by NIST & NSA in 1993was revised in 1995 as SHA-1US standard for use with DSA signature scheme
standard is FIPS 180-1 1995, also Internet RFC3174nb. the algorithm is SHA, the standard is SHS
based on design of MD4 with key differences produces 160-bit hash values recent 2005 results on security of SHA-1 have
raised concerns on its use in future applications
![Page 13: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/13.jpg)
Revised Secure Hash StandardNIST issued revision FIPS 180-2 in 2002adds 3 additional versions of SHA
SHA-256, SHA-384, SHA-512designed for compatibility with increased
security provided by the AES cipherstructure & detail is similar to SHA-1hence analysis should be similarbut security levels are rather higher
![Page 14: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/14.jpg)
SHA Versions
![Page 15: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/15.jpg)
SHA-512 Overview
![Page 16: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/16.jpg)
SHA-512 Compression Functionheart of the algorithmprocessing message in 1024-bit blocksconsists of 80 rounds
updating a 512-bit buffer using a 64-bit value Wt derived from the
current message blockand a round constant based on cube root of
first 80 prime numbers
![Page 17: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/17.jpg)
SHA-512 Round Function
![Page 18: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/18.jpg)
SHA-512 Round Function
![Page 19: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/19.jpg)
SHA-3SHA-1 not yet "broken”
but similar to broken MD5 & SHA-0so considered insecure
SHA-2 (esp. SHA-512) seems secureshares same structure and mathematical
operations as predecessors so have concernNIST announced in 2007 a competition for
the SHA-3 next gen NIST hash functiongoal to have in place by 2012 but not fixed
![Page 20: Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message](https://reader036.vdocuments.net/reader036/viewer/2022081418/56649e4f5503460f94b466e6/html5/thumbnails/20.jpg)
SHA-3 Requirementsreplace SHA-2 with SHA-3 in any use
so use same hash sizespreserve the online nature of SHA-2
so must process small blocks (512 / 1024 bits)evaluation criteria
security close to theoretical max for hash sizescost in time & memory characteristics: such as flexibility & simplicity