hashes lect 4
TRANSCRIPT
V.E.S.I.T_M.C.A Nishi TIku 1
Hashes and Message Digests
Network Security
Lecture 4
V.E.S.I.T_M.C.A Nishi TIku 2
Message Digests A message digest is a non-reversible algorithm which
reduces a message to a fixed-length “summary” The summary has the property that a change to the
original will produce a new summary The probability that the new summary is the same as the
old should be 1/(size of the digest) There are several good (but possibly no perfect)
message digest algorithms MD5 is probably the most common one in use -- 128 bit
digest (has known weaknesses) SHA-1 -- 160 bit digest (current best choice) [Another
product of NIST]
V.E.S.I.T_M.C.A Nishi TIku 3
Hash functions
A hash function is a mathematical function that generally has the following three properties:
1. Condenses arbitrary long inputs into a fixed length output
– You stuff as much data as you want into the function, and it churns out an output (or hash) that is always the same fixed length.
– In general this hash is much smaller than the data that was put into the function.
– Because the hash is a smaller information that represents a larger information, it sometimes referred to as a digest, and the hash function as a message digest function.
V.E.S.I.T_M.C.A Nishi TIku 4
Hash functions2. Is one-way
The hash function should be easy to compute, but given the hash of some data it should be very hard to recover the original data from the hash.
3. It is hard to find two inputs with the same output
It should be hard to find two different inputs (of any length) that when fed into the hash function result in the same hash.
This property is sometimes described as requiring a hash function to be collision free.
Note that it is impossible for a hash function not to have collisions. If arbitrarily large inputs are all being reduced to a fixed length hash then there will be lots of collisions. (For example - it is impossible to give each of 60 million people a different 4 digit PIN.) The point is that these collisions should be hard to find.
V.E.S.I.T_M.C.A Nishi TIku 5
Hashes Hash is also called message digest One-way function: d=h(m) but no h’(d)=m
Cannot find the message given a digest Cannot find m1, m2, where d1=d2
Arbitrary-length message to fixed-length digest Cryptographically safe Randomness Mapping of i/p to o/p should appear to be randomly
chosen Any two o/ps should be totally uncorrelated, even if
most of the i/ps are similar Collision
V.E.S.I.T_M.C.A Nishi TIku 6
An aside on hashing Length of hash <<length of message, & often fixed at 48-
128 /160
Some other names of hashing: finger printing, message
integrity check (MIC), message digest, cryptographic
checksum, manipulation detection code
Hash functions are well-known. So hashing,, is exportable;
often used to communicate programs securely over the
web
MD‹key;data› is a message authentication code (MAC) or
data authentication code (DAC); knowing key
V.E.S.I.T_M.C.A Nishi TIku 7
Hashes How many bits does the o/p of MD fn . have to be in
order to prevent someone from being able to find two messages. with the same MD?
OR How Many Bits for Hash?
If the MD has m bits , then it would take about
mm bits, takes bits, takes 22m/2m/2 to find two with the to find two with the same hashsame hash
64 bits, takes 264 bits, takes 23232 messages to search messages to search
Need at least 128 bitsNeed at least 128 bits
V.E.S.I.T_M.C.A Nishi TIku 8
Good cryptographic hash function h should have the following properties:
h should destroy all homomorphic structures in the underlying public key cryptosystem (be unable to compute hash value of 2 messages combined given their individual hash values)
h should be computed on the entire message h should be a one-way function so that messages are
not disclosed by their signatures it should be computationally infeasible given a
message and its hash value to compute another message with the same hash value
should resist birthday attacks (finding any 2 messages with the same hash value, perhaps by iterating through minor permutations of 2 messages)
V.E.S.I.T_M.C.A Nishi TIku 9
Birthday Problem
Compute probability of different birthdays Random sample of n (i/ps) people (birthdays)
taken from k o/ps (365) days With n i/ps =>n(n-1)/2 pairs of i/ps For each pair there’s a prob. of 1/k of both I/ps
producing the same o/p value=> We’ll need k/2 pairs for the prob. to be 50%( for a matching pair)
V.E.S.I.T_M.C.A Nishi TIku 10
Birthday Problem Let us assume n input and k possible output and an
unpredictable map from input to output. With n inputs there are pairs of inputs. For each pair there is a probability of 1/k of bout input producing the same output value, so you will need about k/2 pairs in order for the probability to be about 50% that you will find a matching pair, i.e. . This implies . there is a good chance of finding a matching pair.
Probability of no repetition: -p 1 - n(n-1)/2k
2
)1(2
nnCn
22
)1( knn
knknnn )1(2
•Diff. between secret key algo. and a msg. digest algo.• Why are there so many msg . digests
V.E.S.I.T_M.C.A Nishi TIku 11
Security of hash functions
Suppose that we sign the message Keith owes Fred £10 by hashing it using a hash function that has a hash of just 2 bits:
there are only four possible hashes: 00, 01, 10 or 11.
Fred receives this signed message, and being a manipulative type he decides to change the message to Keith owes Fred £100. Of course Fred does not have Keith’s signature key, so he cannot digitally sign this message. But he doesn’t have to – he only has to sign the hash!
What is the probability that:
hash (Keith owes Fred £10 ) = hash (Keith owes Fred £100 )?
V.E.S.I.T_M.C.A Nishi TIku 12
Security of hash functions
Suppose the hash is 10 bits long – in other words about 1000 hashes
1000 requests for £2001000 requests for £2001.1. Pay Fred Piper £200Pay Fred Piper £200 2.2. Pay F. Piper £200Pay F. Piper £200 3.3. Pay F.C. Piper two hundred Pay F.C. Piper two hundred
pounds pounds 4.4. Pay F.C. Piper two hundred Pay F.C. Piper two hundred
pounds onlypounds only 5.5. Pay two hundred pounds to Pay two hundred pounds to
Mr Fred PiperMr Fred Piper 6.6. ……..
1000 request for £80001000 request for £80001.1. Pay Fred Piper £8000Pay Fred Piper £8000 2.2. Pay F. Piper £8000Pay F. Piper £8000 3.3. Pay F.C. Piper eight thousand Pay F.C. Piper eight thousand
pounds pounds 4.4. Pay F.C. Piper eight thousand Pay F.C. Piper eight thousand
pounds onlypounds only 5.5. Pay eight thousand pounds to Mr Pay eight thousand pounds to Mr
Fred PiperFred Piper 6.6. ……..
Since there are only 1000 different possible values of the hash, there is a very good chance that there will be at least one match…
V.E.S.I.T_M.C.A Nishi TIku 13
Using Hash for Authentication
Alice to Bob: challenge rA
Bob to Alice: MD(KAB|rA) Bob to Alice: rB
Alice to Bob: MD(KAB|rB) Only need to compare MD results
V.E.S.I.T_M.C.A Nishi TIku 14
Using Hash to Compute MAC Cannot just compute MD(m) MD(m’)
MAC: MD(KAB|m) Allows concatenation with additional message: MD(KAB|
m|m’) MD through chunk n depends on MD
through chunks n-1 and the data in chunk n Put secret at the end of message:
MD(m| KAB) (collision) Use only ½ the bits of msg. digest as MAC (64) MD( KAB |m | KAB)
HMAC MD(MD(KAB |m )
V.E.S.I.T_M.C.A Nishi TIku 15
Using Hash to Encrypt One-time pad ( similar to o/p feedback mode)
compute bit streams using MD, IV and K b1=MD(KAB|IV), b2=MD(KAB| b1) , … bi= MD(KAB| bi-1)
with message blocks Both the sender and the receiver calculate it in
advance. Or mixing in the plaintext (used for integrity
check) similar to cipher feedback mode (CFB) ( j bits of
encrypt. IV j bits of plain text) b1=MD(KAB|IV), c1= p1 b1
b2=MD(KAB| c1), c2= p2 b2
V.E.S.I.T_M.C.A Nishi TIku 16
Using Secret Key for a Hash
Unix password algorithm: Compute hash of user password, store the hash (not the
password), and compare the hash of user-input password. First 8 characters of password used to form a secret
key. This key is now used with a DES-like algorithm for
encryption Off line guessing ;forgot the password?
Salt: 12-bit random number formed by the sys. and
process ID. Salt stored with hashed result.
V.E.S.I.T_M.C.A Nishi TIku 17
MD2
Msg . Digest algo. developed by Ron Rivest Has its roots in its predecessor ( MD ) 128-bit message digest:
Arbitrary number of octets Padding is a multiple of 16 octets(also called as
checksum) Append MD2 checksum (16 octets) to the end
The checksum is almost a MD, but not cryptographically secure by itself.
Process whole message
V.E.S.I.T_M.C.A Nishi TIku 18
MD2 padding
Original msg.Original msg. paddingpadding
Multiple of 16 octetsMultiple of 16 octets
V.E.S.I.T_M.C.A Nishi TIku 19
MD2 Checksum computation A 16-byte checksum of the message is appended to the result of the previous step.This
step uses a 256-byte "random" permutation constructed from the digits of pi. Let S[i] denote the i-th element of this table. The table is given below
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, 19,98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
Do the following: /* Clear checksum. */ For i = 0 to 15 do: Set C[i] to 0. end /* of loop on i */ Set L to 0. /* Process each 16-word block. */ For i = 0 to N/16-1 do /* Checksum block i. */ For j = 0 to 15 do Set c to M[i*16+j]. Set C[j] to S[c xor L]. Set L to
C[j]. end /* of loop on j */ end /* of loop on i */
V.E.S.I.T_M.C.A Nishi TIku 20
MD2 Checksum
MD2 checksum is a 16 octet quantity Checksum calculations processes one octet
at a time, k 16 steps mnk: byte nk of message cn=(mnk cn-1) cn : 0 41, 1 46, …
Substitution on 0-255 (value of the byte) explain diag. 1
V.E.S.I.T_M.C.A Nishi TIku 21
MD2 Final Pass
Msg.+ padding + checksum Operate on 16-octect chunks 48-byte quantity q:
(16 octet current digest+ msg.chunk+digestchunk) 18 passes of processing cn=(cn-1) cn for n = 0, … 47; c-1 = 0 for pass 0; c-1 = (c47
+ pass #) mod 256 After pass 17, use first 16 bytes as new digest
Explain diag2
V.E.S.I.T_M.C.A Nishi TIku 22
MD4
MD4 was designed to be a 32 bit –word – oriented so that it can be computed faster on 32 bit CPUs than an octet oriented scheme as in MD2
Can handle messages with an arbitrary no. of bits ( as against integral no. of octets)
Is computed in a single pass over data ( with more intermediate states)
V.E.S.I.T_M.C.A Nishi TIku 23
MD4
Msg. Padding
original msg. is padded by adding a 1 bit , followed by enough o bits to leave the msg. 64 bits< multiple of 512 bits ( e;g if the original length is 1000 bits +472)
original msg. 1000…000 original length in bits original msg. 1000…000 original length in bits
Multiple of 512 bits
1-512 bits 64 bits
V.E.S.I.T_M.C.A Nishi TIku 24
MD4 Message digest computation msg. Digest is a 128 bit quantity (four– 32 bit
words) msg. is processed in 512 bit ( 16 – 32 bit
word blocks) Compression fn. fn. that takes 512 bits of the msg. and
digests it with the previous 128 bit o/p
V.E.S.I.T_M.C.A Nishi TIku 25
MD4 (overview of MD4, MD5 , SHA-1)
constantconstant Padded msg.Padded msg.
Msg. digestMsg. digest
digestdigest
digestdigest
digestdigest
512 bits512 bits
512 bits512 bits
512 bits512 bits
Diag.3Diag.3..
.. ....
......
V.E.S.I.T_M.C.A Nishi TIku 26
MD4 Each stage starts with 16 word msg. Block (m0 ,m1 ,m2… ,m15)
4 word msg. diget value (d0 , d1 , d2, d3 , d4)
where d 0 is initialized to 67452301 to the base 16
d1 is initialized to efcdab89 to the base 16
d2 is initialized to98badcfe to the base 16
d3 is initialized to 10325476 to the base 16
written in concatenation
Each pass modifies d0 …. d3 using mo………..m15
V.E.S.I.T_M.C.A Nishi TIku 27
MD4
~x is the bitwise complement of the 32 bit quantity x
xy is the bitwise and of the 32 bit quantities x and y
x y is the bitwise or of the 32 bit quantities x and y
xy is the bitwise exclusive or of the 32 bit quantities x and y
x+y is binary sum of the 32 bit quantities x and y ( carry of the higher order bit discarded )
xy is x left rotate y bits
V.E.S.I.T_M.C.A Nishi TIku 28
MD4 msg. digest Pass 1
Selection formula: d(-i) 3= d(-i) 3 +F(d (1-i) 3 , d (2-i) 3 , d (3-i) 3 , +mi)S1(i 3)
d0 = ( do+F(d1,d2,d3) +m0 ) 3 d3 =( d3 +F(do,d1,d2) +m1 ) 7 d2 =( d2+F(d3,d0,d1) +m2 ) 11 d1 =( d1+F(d2,d3,d0) +m3 15 do =( do+F(d1,d2,d3) +m0 3 where
F(x,y,z) is defined as (xy ) (~ xz)
V.E.S.I.T_M.C.A Nishi TIku 29
MD4 msg. digest Pass 2
Majority fn.
G(x,y,z) is defined as (xy ) (xz) ( yz )
For each int.i from 0 thru 15
dd(-i) (-i) 3= 3= dd(-i) (-i) 3 3 +G(d +G(d (1-i) (1-i) 3 , 3 , d d (2-i) (2-i) 3 , 3 , d d (3-i) (3-i) 3 , 3 , +m +m (X(I)) (X(I)) +5a827999 +5a827999 16)16) ))
S S 22 (i (i 3)
V.E.S.I.T_M.C.A Nishi TIku 30
MD4 msg. digest Pass 2
d0 = ( do+G(d1,d2,d3) +m0 +5a827999) 3d3 =( d3 +G(do,d1,d2) +m4+5a827999 16 ) 5
d2 =( d2+G(d3,d0,d1) +m8+ 5a827999 16+ ) 9
d1 =( d1+G(d2,d3,d0) +m12+5a827999 16 ) 13
do =( do+G(d1,d2,d3) +m1 + 5a827999 16 ) 3
V.E.S.I.T_M.C.A Nishi TIku 31
MD4 msg. digest Pass 3
Fn H(x,y,z) is defined as x y z d(-i) 3= d(-i) 3 +G(d (1-i) 3 , d (2-i) 3 , d (3-i) 3 , +m (X(I)) +5a827999 16S 3(i 3)
d0 = ( do+H(d1,d2,d3) +m0 +6ed9eba1 16 ) 3
d3 =( d3 +H(do,d1,d2) +m8+ 6ed9eba1 16 ) 9
d2 =( d2+H(d3,d0,d1) +m4+ 6ed9eba1 16+ ) 11
d1 =( d1+H(d2,d3,d0) +m12+ 6ed9eba1 16 ) 15
do =( do+H(d1,d2,d3) +m2 + 6ed9eba1 16 ) 3
V.E.S.I.T_M.C.A Nishi TIku 32
MD4 Algorithm Description MD4 overview
pad message so its length is 448 mod 512 append a 64-bit message length value to message initialise the 4-word (128-bit) buffer (A,B,C,D) process the message in 16-word (512-bit) chunks,
using 3 rounds of 16 bit operations each on the chunk & buffer
output hash value is the final buffer value some progress at cryptanalysing MD4 has been made,
with a small number of collisions having been found MD5 was designed as a strengthened version, using
four rounds, a little more complex than in MD4. a little progress at cryptanalysing MD5 has been made
with a small number of collisions having been found
V.E.S.I.T_M.C.A Nishi TIku 33
MD5: Message Digest Version 5
Less concerned with speed ,more concerned with security
Like MD4 , MD5 msg. is processed in 512 bit blocks (sixteen 32 bit words)
MD is 128 bit quantity (four 32 bit words) Refer to diag 3 Each stage makes 4 passes over each 16
octet chunk using a different constt for each msg. word on each pass
Ti= int(232 * abs(sin(i))), i ranges between 1 and 64
V.E.S.I.T_M.C.A Nishi TIku 34
MD5: Message Digest Version 5
input Message
Output 128 bits Digest
V.E.S.I.T_M.C.A Nishi TIku 35
MD5 Box
Initial 128-bit vector
512-bit message chunks (16 32 bit words)
128-bit result 4 32 bit words
F: (xy)(~x z)G:(x z) (y ~ z)H:xy zI: y(x ~z)+: binary sumxy: x left rotate y bits
V.E.S.I.T_M.C.A Nishi TIku 36
MD5: Padding
input Message
Output 128 bits Digest
Padding512 bit block
Initial Value
1 2 3 4
Final Output
MD5 Transformation block by block
V.E.S.I.T_M.C.A Nishi TIku 37
Padding Twist
Given original message M, add padding bits such that resulting length is 64 bits less than a multiple of 512 bits.
Append (original length in bits mod 264), represented in 64 bits to the padded message
Final message is chopped 512 bits a block
V.E.S.I.T_M.C.A Nishi TIku 38
MD5 Process
As many stages as the number of 512-bit blocks in the final padded message
Digest: 4 32-bit words: MD=A|B|C|D Every message block contains 16 32-bit
words: m0|m1|m2…|m15 Digest MD0 initialized to:
A=01234567,B=89abcdef,C=fedcba98, D=76543210
Every stage consists of 4 passes over the message block, each modifying MD
V.E.S.I.T_M.C.A Nishi TIku 39
MD5 msg. digest Pass 1
d0 = ( d1+d0+F(d1,d2,d3) +m0 +T1 ) 7d3 =( d0 + d3+ F(do,d1,d2) +m1 +T2 ) 12d2 =( d3+ d2+ F(d3,d0,d1) +m2 +T3 ) 17d1 =( d2+ d1+ F(d2,d3,d0) +m3 +T14) 22do =( d1+ d0+ F(d1,d2,d3) +m0 +5)1 7
V.E.S.I.T_M.C.A Nishi TIku 40
MD5 msg. digest Pass 2
d0 = d1+ ( do+G(d1,d2,d3) +m1 +T17) 5d3 = d0+ ( d3 +G(do,d1,d2) +m6+T 18 ) 9
d2 = d3+ ( d2+G(d3,d0,d1) +m11+ T19 ) 14
d1 = d2+ ( d1+G(d2,d3,d0) +m10+T 20 ) 20
do = d1+ ( do+G(d1,d2,d3) +m5 + T21 ) 5
V.E.S.I.T_M.C.A Nishi TIku 41
MD5 msg. digest Pass 3
Fn H(x,y,z) is defined as x y z
d0 = d1+( do+H(d1,d2,d3) +m5 +T 33) 4
d3 =d0+( d3 +H(do,d1,d2) +m8+T 34 ) 11
d2 =d3+( d2+H(d3,d0,d1) +m11+ T35+ ) 16
d1 =d2+( d1+H(d2,d3,d0) +m14+ T 36) 23
do =d1+( do+H(d1,d2,d3) +m1 + T37 ) 4
V.E.S.I.T_M.C.A Nishi TIku 42
MD5 msg. digest Pass 4
Fn I(x,y,z) is defined as x (x ~ z)
d0 =d1+ ( do+I (d1,d2,d3) +m0 + T49 ) 6
d3 =d0+( d3 +I(do,d1,d2) +m7+ T 150) 10
d2 =d3+( d2+I(d3,d0,d1) +m14+ T51) 15
d1 =d2+( d1+I(d2,d3,d0) +m15+ T 152) 21
do =d1+( do+I(d1,d2,d3) +m12 + T 53) 6
V.E.S.I.T_M.C.A Nishi TIku 43
MD5 Blocks
MD5
MD5
MD5
MD5
512: B1
512: B2
512: B3
512: B4
Result
V.E.S.I.T_M.C.A Nishi TIku 44
Processing of Block mi - 4 Passes
ABCD=fF(ABCD,mi,T[1..16])
ABCD=fG(ABCD,mi,T[17..32])
ABCD=fH(ABCD,mi,T[33..48])
ABCD=fI(ABCD,mi,T[49..64])
mi
+ + + +
A B C D
MDi
MD i+1
V.E.S.I.T_M.C.A Nishi TIku 45
Process within a round
16 sub blocks16 sub blocksM[0] to M[15[M[0] to M[15[
Other constants tOther constants t64 elements64 elements
One roundOne round
aa bb cc dd
V.E.S.I.T_M.C.A Nishi TIku 46
One MD5 operation
aa
addadd
addadd
addadd
Process PProcess P
addadd
addadd
T[k]T[k]
M[I]M[I]
aa bbcc
dd
aaaa bb cc dd
step1step1step2step2
step3step3
step4step4
step5step5
step6step6
step7step7
V.E.S.I.T_M.C.A Nishi TIku 47
Different Passes...
Different functions and constants are used Different set of mi is used Different set of shift amount is used
V.E.S.I.T_M.C.A Nishi TIku 48
MD5( strengths/weaknesses)
Two msgs. that produce same MD for each of the four msg. rounds , but not for all the rounds taken together
Pseudo collision: execution of MD5 on a single 512 bit block produces the same o/p for two diff. values in the chaining var. register abcd
Execution of MD5 on two diff. 512 bit block produces the same 128 bit o/p, but not generalized to the full msg. block
V.E.S.I.T_M.C.A Nishi TIku 49
Hash stuff
Most popular hash today SHA-1 (secure hash algorithm)
Older ones (MD2, MD4, MD5) still around Popular secret-key integrity check: hash
together key and data One popular standard for that : HMAC
V.E.S.I.T_M.C.A Nishi TIku 50
Secure Hash Algorithm
Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993
SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST
Modified version of MD4
V.E.S.I.T_M.C.A Nishi TIku 51
General Logic
Input message must be < 264 bits not really a problem
Message is processed in 512-bit blocks sequentially
Message digest is 160 bits SHA design is similar to MD5, but a lot stronger SHA was designed to be infeasible to : obtain the original msg. given its MD find two msgs. producing the same MD
V.E.S.I.T_M.C.A Nishi TIku 52
Basic Steps
Step1: PaddingStep2: Appending length as 64 bit unsignedStep3 : Divide the I/p into 512 bit blocksStep4: Initialize MD buffer ( chaining vars.) into
5 32-bit wordsA|B|C|D|EA = 67452301B = efcdab89C = 98badcfeD = 10325476E = c3d2e1f0
V.E.S.I.T_M.C.A Nishi TIku 53
Basic Steps...
Step 5: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each.
Each step t (0 <= t <= 79): Input:
Wt – a 32-bit word from the message
Kt – a constant ABCDE: current MD. Output:
ABCDE: new MD.
V.E.S.I.T_M.C.A Nishi TIku 54
Basic Steps...
Only 4 per-round distinctive additive constants ( as against 64 constants in MD5)0 <=t<= 19 Kt = 5A827999
20<=t<=39 Kt = 6ED9EBA1
40<=t<=59 Kt = 8F1BBCDC
60<=t<=79 Kt = CA62C1D6
V.E.S.I.T_M.C.A Nishi TIku 55
Basic Steps - The Heart Of The Matter
AA EEBB CC DD
AA EEBB CC DD
++
++
++
++
fftt
CLS30CLS30
CLS5CLS5WWtt
KKtt
V.E.S.I.T_M.C.A Nishi TIku 56
Basic Logic Functions
Only 3 different functions
Round Function ft(B,C,D)0 <=t<= 19 (BC)(~B D)20<=t<=39 BCD40<=t<=59 (BC)(BD)(CD)60<=t<=79 BCD
V.E.S.I.T_M.C.A Nishi TIku 57
Twist With Wt’s
Additional mixing used with input message 512-bit blockW0|W1|…|W15 = m0|m1|m2…|m15
For 15 < t <80: Wt = s (Wt-16 Wt-14 Wt-8 Wt-3)
XOR is a very efficient operation, but with multilevel shifting, it should produce very extensive and random mixing!
V.E.S.I.T_M.C.A Nishi TIku 58
MAC,HMAC