cryptographic hash functions a - carleton...
TRANSCRIPT
Michael Austin
Review of hash functions
Cryptographic hash functions
Secure Hash Algorithm (SHA)
Message Authentication Codes (MACs)
Hash Function ◦ Input: A variable-length message M (divided into
blocks)
◦ Output: A fixed-length hash value H(M)
◦ Efficiency: H(M) is easy to compute
Uses multiple rounds (one block per round)
Large set of inputs produces even distribution of outputs
One bit change in M leads to different H(M) with high probability
Hash functions necessarily have collisions
A good hash function has a large enough output space and even distribution to minimize collisions
Cryptographic Hash Function ◦ Has all the characteristics of a hash function
◦ Output hash value meets tests for pseudo-randomness
◦ Relies on confusion and diffusion principles to meet even distribution requirement
Optionally, a key is used, such as in a DES-based hash function
Computationally infeasible to find:
◦ A message that maps to a pre-specified hash value
(pre-image resistant or one-way property)
◦ Two blocks that map to the same hash value (2nd pre-image resistant or weak collision resistance)
◦ Two entire messages that map to the same hash value (strong collision resistance)
SHA-512 (A version of SHA-2) Input: Message of size multiple of 1024 Output: Hash value of size 512 bits
Sidenote: NIST will announce the winner of the SHA-3 competition
sometime in 2012
1. Append padding bits to obtain length 896 mod 1024
2. Append 128-bit message length 3. Initialize the 512-bit hash buffer (8 64-bit
registers a, b, c, d, e, f, g, h)
4. Process the message in 1024-bit blocks
SHA-512 (A version of SHA-2) Given a message M,
a=6A09E667F3BCC908
b=BB67AE8584CAA73B
c=3C6EF372FE94F82B
d=A54FF53A5F1D36F1
e=510E527FADE682D1
f=9B05688C2B3E6C1F
g=1F83D9ABFB41BD6B
h=5BE0CD19137E2179
First 64 bits of the fractional parts of the square roots of the first 8 prime numbers
(see next slide)
σ functions consist of bitwise circular rotations and shifts
Kt= First 64 bits of the fractional
parts of the cube roots of the first 80 prime numbers
Ch(e, f, g) = If e then f else g Maj(a, b, c) = True only if majority (2 or 3) arguments are true Σ = summation
A cryptographic checksum used by sender and receiver to authenticate messages
Uses a secret key known only to the sender and receiver
MAC is computed, attached to a message and sent, receiver verifies by computing MAC and comparing to attached MAC
Difference between MACs and cryptographic hash functions
◦ MAC must be resistant to existential forgery under chosen plaintext attacks
Attacker can generate MACs for any chosen message via an oracle possessing the secret key
Must be computationally infeasible for the attacker to find the secret key under these conditions
Difference between MACs and digital signatures
◦ Digital signatures rely on public key cryptography
◦ MACs rely on symmetric key cryptography
◦ Anyone who can verify a MAC can also produce MACs for different messages (shared secret key)
Can use cryptographic hash functions (called HMACs)
Can use block cipher algorithms
Can use universal hashing ◦ Hash value calculated using a randomly-chosen
hashing algorithm from a family of hash algorithms
◦ Lower expected number of collisions
Stallings, William. Cryptography and Network Security: Principles and Practice. 5th ed. Boston: Prentice Hall, 2011. Print.
"Message Authentication Code." Wikipedia. Wikimedia Foundation, 23 Feb. 2012. Web. 25 Feb. 2012.