Scribd
Upload
17 views

[Draft]Hash -V2 Sh3 Not Completed+Application

Uploaded by

mohmmedhhg6d
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views

[Draft]Hash -V2 Sh3 Not Completed+Application

Uploaded by

mohmmedhhg6d
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Hash

Learning Objectives

 Summarize the applications of cryptographic hash functions.


 Explain why a hash function used for message authentication needs to be
secured.
 Understand the differences among preimage resistant, second preimage
resistant, and collision resistant properties.
 Present an overview of the basic structure of cryptographic hash functions.
 Describe how cipher block chaining can be used to construct a hash
function.
 Understand the operation of SHA-512.
Hash

 A hash function H accepts a variable-length block of data M as input and produces a


fixed-size result h = H(M), referred to as a hash value or a hash code.
 Hash Objective: Data Integrity (used to tell whether or not the data has been changed)
 ഥ then with high probability, 𝐻 𝑀 ≠ 𝐻 𝑀
If 𝑀 ≠ 𝑀 ഥ
Simple Insecure Hash Function

 Divide the message/data into M n-bit sequence then xor all bits of a block
to produce a bit in hash
 ℎ𝑖 = 𝑏𝑖,1 ⊕ 𝑏𝑖,2 ⊕ ⋯ ⊕ 𝑏𝑖,𝑀 where 𝐻 𝑀 = [ℎ1 , ℎ2 , … , ℎ𝑛 ]
 Why is it insecure?
 Ordering doesn’t affect the result.
Secure Hash Function Requirements

Requirement Description
Variable input size H can be applied to a block of data of any size.
Fixed output size H produces a fixed-length output.
Efficiency H(x) is relatively easy to compute for any given x,
making both hardware and software
implementations practical.
Preimage resistant (one-way For any given hash value h, it is computationally
property) infeasible to find y such that H(y) = h.
Second preimage resistant For any given block x, it is computationally infeasible
(weak collision resistant) to find y ≠ x with H(y) = H(x).
Collision resistant (strong It is computationally infeasible to find any pair (x, y)
collision resistant) with x ≠ y, such that H(x) = H(y).
Pseudorandomness Output of H meets standard tests for
pseudorandomness.
Hash Requirements Per Application
Brute-Force Attacks

 Suppose that ℎ = 𝐻(𝑥) = 𝑚 (i.e. 𝑚 is the bit length of the hash result ℎ), Then the
level of effort for conducting brute-force attack it depends on the purpose of the
attack
 Preimage attack: 𝟐𝒎
 Pick a value 𝑥 at random and try to find another value 𝑦 such that 𝐻 𝑥 = 𝐻 𝑦
 Collision Resistant Attack: 𝟐𝒎/𝟐
 an adversary wishes to find two messages or data blocks, x and y, that yield the same
hash function
 Birthday paradox: If we choose random variables from a uniform distribution in the range
0 through 𝑁 − 1, then the probability that a repeated element is encountered exceeds
0.5 after 𝑁 choices have been made.
A Letter in 238
Variations
Brute-Force Attack | MD5

 MD5 is a Hash algorithm with 128bit result


 Van Oorschot and Wiener (1994) presented a design for a $10 million
collision search machine for MD5 that could find a collision in 24 days.
 With today’s technology, the time would be much shorter
General Structure of Secure Hash
Code

 Cryptanalysis focus on the internal structure of f


 The attack attempts to find efficient techniques for producing collisions for
a single execution of f.
Secure Hash Algorithm

 SHA originally designed by NIST & NSA in 1993


 was revised in 1995 as SHA-1
 US standard for use with DSA signature scheme
 standard is FIPS 180-1 1995, also Internet RFC3174
 based on design of MD4 with key differences
 produces 160-bit hash values
 In 2002, NIST produced a revised version of the standard, FIPS 180-2, that defined three new versions of
SHA (SHA-256, SHA-384, and SHA-512)
 recent 2005 results on security of SHA-1 have raised concerns on its use in future applications
 As a result to a breakthrough, Microsoft, Google, Apple, and Mozilla have all announced that their
respective browsers have stopped accepting SHA-1 SSL certificates in 2017
Comparison of SHA Parameters
SHA-512 Overview
SHA512 Logic

 Append padding bits. Padding is always added, to make message length


congruent to 𝟖𝟗𝟔 𝒎𝒐𝒅 𝟏𝟎𝟐𝟒, even if the message is already of the desired
length.
 Append length. A block of unsigned 128 bits holding original message
length is appended to the message
 Initialize hash buffer. 8 registers of 64bit size (a, b, c, d, e, f, g, h) holds
intermediate and final results of the hash function
 Process message in 1024-bit (128-byte) blocks.

𝑎 = 6𝐴09𝐸667𝐹3𝐵𝐶𝐶908 𝑒 = 510𝐸527𝐹𝐴𝐷𝐸682𝐷1
𝑏 = 𝐵𝐵67𝐴𝐸8584𝐶𝐴𝐴73𝐵 𝑓 = 9𝐵05688𝐶2𝐵3𝐸6𝐶1𝐹
𝑐 = 3𝐶6𝐸𝐹372𝐹𝐸94𝐹82𝐵 𝑔 = 1𝐹83𝐷9𝐴𝐵𝐹𝐵41𝐵𝐷6𝐵
𝑑 = 𝐴54𝐹𝐹53𝐴5𝐹1𝐷36𝐹1 ℎ = 5𝐵𝐸0𝐶𝐷19137𝐸2179
SHA-512
Constants K
SHA-512 | Single Round Operation

512

𝑇1 = ℎ + 𝐶ℎ(𝑒, 𝑓, 𝑔) + ෍ 𝑒 + 𝑊𝑡 + 𝐾𝑡
1
512

𝑇2 = ෍ 𝑎 + 𝑀𝑎𝑗 𝑎, 𝑏, 𝑐
0
ℎ = 𝑔, 𝑔 = 𝑓, 𝑓 = 𝑒, 𝑒 = 𝑑 + 𝑇1
, 𝑑 = 𝑐, 𝑐 = 𝑏, 𝑏 = 𝑎, 𝑎 = 𝑇1 + 𝑇2
+ = addition modulo 264
SHA-512 | 𝑊𝑡 , 0 ≤ 𝑡 < 80

 𝑊𝑡 = 𝜎1512 𝑊𝑡−2 + 𝑊𝑡−7 + 𝜎0512 𝑊𝑡 − 15 + 𝑊𝑡 − 16 , where:


 𝜎0512 𝑥 = ROTR1 𝑥 ⊕ ROTR8 𝑥 ⊕ SHR7 𝑥
 𝜎1512 𝑥 = ROTR19 𝑥 ⊕ ROTR61 𝑥 ⊕ SHR6 𝑥
 ROTR𝑛 𝑥 and SHR𝑛 𝑥 denotes circular right shift and right shift, respectively, of the 64-bit argument 𝑥 by 𝑛
bits
 𝑡 > 15
SHA-512 | Example

 Suppose you want to hash the message “abc” then the SHA-512 algorithm
prepares the message for processing as follows:

“abc” Padding

61 62 63 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18
Message Length
SHA-3

 SHA-1 is very similar, in structure and in the basic mathematical operations


used, to MD5 and SHA-0
 SHA-2 shares the same structure and mathematical operations as its
predecessors, and this is a cause for concern.
 As a result, NIST decided to begin the process of developing a new hash
standard.
SHA-3 Parameters
SHA-3 | Sponge Structure
F function
Comparison of SHA Parameters
Applications

 Message Authentication Code (MAC)


 Digital Signature
Attack Against Hash Function
Message Authentication | Examples

You might also like