[go: up one dir, main page]
Scribd
Upload
303 views25 pages

Cryptographic Hash Functions Guide

Cryptographic hash functions are used to detect changes to messages and require the properties of being one-way and collision-resistant. The Secure Hash Algorithm (SHA) functions were developed as standard hash functions, with SHA-1 being replaced by SHA-2 which includes SHA-256 and SHA-512. NIST is developing the SHA-3 standard to replace SHA-2 due to theoretical attacks on its structure.

Uploaded by

Aisha Saman Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
303 views25 pages

Cryptographic Hash Functions Guide

Cryptographic hash functions are used to detect changes to messages and require the properties of being one-way and collision-resistant. The Secure Hash Algorithm (SHA) functions were developed as standard hash functions, with SHA-1 being replaced by SHA-2 which includes SHA-256 and SHA-512. NIST is developing the SHA-3 standard to replace SHA-2 due to theoretical attacks on its structure.

Uploaded by

Aisha Saman Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 25

Cryptography and

Network Security
Chapter 11
Fifth Edition
by William Stallings
Lecture slides by Lawrie Brown

Chapter 11 Cryptographic
Hash Functions
Each of the messages, like each one he had ever
read of Stern's commands, began with a number
and ended with a number or row of numbers. No
efforts on the part of Mungo or any of his experts
had been able to break Stern's code, nor was
there any clue as to what the preliminary
number and those ultimate numbers signified.
Talking to Strange Men, Ruth Rendell

Message Authentication

message authentication is concerned with:

protecting the integrity of a message


validating identity of originator
non-repudiation of origin (dispute resolution)

will consider the security requirements


then three alternative functions used:

message encryption
message authentication code (MAC)
hash function

Security Requirements
disclosure
traffic

analysis
masquerade
content modification
sequence modification
timing modification
source repudiation
destination repudiation
4

Hash Functions
A

hash function H accepts a variable-length


block of data as input and produces a fixedsize hash value h = H(M)

usually

assume hash function is public


hash used to detect changes to message
want a cryptographic hash function

computationally infeasible to find data mapping


to specific hash (one-way property)
computationally infeasible to find two data to
same hash (collision-free property)

Cryptographic Hash Function

Symmetric encryption used


Provide authentication &
confidentiality

Hash
Functions
& Message
Authentication

Only hash code encrypted


Reduces the processing burden for those applications that do not
require confidentiality.

no encryption for message authentication


Because the secret value itself is not sent, an opponent cannot modify
an intercepted message and cannot generate a false message.

Confidentiality can be added to the approach of (c) by encrypting the


entire message plus the hash cod.

Hash Functions & Digital


Signatures

Other Hash Function Uses


to

create a one-way password file


store hash of password not actual password

for

intrusion detection and virus detection

keep & check hash of files on system

pseudorandom

function (PRF) or
pseudorandom number generator (PRNG)

Two Simple Insecure Hash


Functions
consider

two simple insecure hash functions


bit-by-bit exclusive-OR (XOR) of every block

Ci = bi1 xor bi2 xor . . . xor bim


a longitudinal redundancy check
reasonably effective as data integrity check

one-bit

circular shift on hash value

for each successive n-bit block


rotate current hash value to left by1bit and XOR block

good for data integrity but useless for security

Hash Function Requirements

Attacks on Hash Functions


have

brute-force attacks and cryptanalysis


a preimage or second preimage attack

find y s.t. H(y) equals a given hash value

collision

resistance

find two messages x & y with same hash so


H(x) = H(y)

value 2m/2 determines strength of


hash code against brute-force attacks

hence

128-bits inadequate, 160-bits suspect

Birthday Attacks

might think a 64-bit hash is secure


but by Birthday Paradox is not
birthday attack works thus:

given user prepared to sign a valid message x


m/
opponent generates 2 2 variations x of x, all with
essentially the same meaning, and saves them
m/
opponent generates 2 2 variations y of a desired
fraudulent message y
two sets of messages are compared to find pair with
same hash (probability > 0.5 by birthday paradox)
have user sign the valid message, then substitute the
forgery which will have a valid signature

conclusion is that need to use larger MAC/hash

Hash Function Cryptanalysis


cryptanalytic

attacks exploit some property


of alg so faster than exhaustive search
hash functions use iterative structure

process message in blocks (incl length)

attacks

focus on collisions in function f

Block Ciphers as Hash


Functions
can

use block ciphers as hash functions

using H0=0 and zero-pad of final block


compute: Hi = EMi [Hi-1]
and use final block as the hash value
similar to CBC but without a key

resulting

hash is too small (64-bit)

both due to direct birthday attack


and to meet-in-the-middle attack

other

variants also susceptible to attack

Secure Hash Algorithm

SHA originally designed by NIST & NSA in 1993


was revised in 1995 as SHA-1
US standard for use with DSA signature scheme

standard is FIPS 180-1 1995, also Internet RFC3174


nb. the algorithm is SHA, the standard is SHS

based on design of MD4 with key differences


produces 160-bit hash values
recent 2005 results on security of SHA-1 have
raised concerns on its use in future applications

Revised Secure Hash


Standard
NIST

issued revision FIPS 180-2 in 2002


adds 3 additional versions of SHA

SHA-256, SHA-384, SHA-512

designed

for compatibility with increased


security provided by the AES cipher
structure & detail is similar to SHA-1
hence analysis should be similar
but security levels are rather higher

SHA Versions
SHA-1
Message
digest size

SHA-224 SHA-256 SHA-384 SHA-512

160

224

256

384

512

< 264

< 264

< 264

< 2128

< 2128

Block size

512

512

512

1024

1024

Word size

32

32

32

64

64

Number of
steps

80

64

64

80

80

Message
size

SHA-512 Overview

SHA-512 Compression
Function
heart

of the algorithm
processing message in 1024-bit blocks
consists of 80 rounds

updating a 512-bit buffer


using a 64-bit value Wt derived from the
current message block
and a round constant based on cube root of
first 80 prime numbers

SHA-512 Round Function

SHA-512 Round Function

SHA-3
SHA-1

but similar to broken MD5 & SHA-0


so considered insecure

SHA-2

not yet "broken

(esp. SHA-512) seems secure

shares same structure and mathematical


operations as predecessors so have concern

NIST

announced in 2007 a competition for


the SHA-3 next gen NIST hash function

goal to have in place by 2012 but not fixed

SHA-3 Requirements
replace

SHA-2 with SHA-3 in any use

so use same hash sizes

preserve

the online nature of SHA-2

so must process small blocks (512 / 1024 bits)

evaluation

criteria

security close to theoretical max for hash sizes


cost in time & memory
characteristics: such as flexibility & simplicity

Summary
have

considered:

hash functions
uses, requirements, security

hash functions based on block ciphers


SHA-1, SHA-2, SHA-3

You might also like