Information and data security cryptographic hash functions
- 2. 2 Hash functions • A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value. • h = H(M). • the principal object of a hash function is data integrity. • hash used to detect changes to message. • The kind of hash in security applications is referred to as a cryptographic hash function. - computationally infeasible to find data mapping to specific hash (one-way property) - computationally infeasible to find two data to same hash (collision-free property)
- 4. APPLICATIONS OF CRYPTOGRAPHIC HASH FUNCTIONS • Message Authentication. - message authentication code (MAC). • Digital Signatures. • Other application:- - one-way password file. - intrusion detection. - virus detection. - pseudorandom function(PRF). 4
- 5. Message Authentication 5 • Message authentication is a mechanism or service used to verify the integrity of a message. • Message authentication assures that data received are exactly as sent (i.e., contain no modification, insertion, deletion, or replay). • When a hash function is used to provide message authentication, the hash function value is often referred to as a message digest.
- 6. Hash Functions & Message Authentication 6 Authentication+confidentiality Authentication only Authentication only Authentication+confidentiality
- 7. Message Authentication Code (MAC) 7 • Message authentication is achieved using message authentication code(MAC). • also known as a keyed hash function. • MACs are used between two parties that share a secret key to authenticate information exchanged between those parties. • A MAC function takes as input a secret key and a data block and produces a hash value, referred to as the MAC.
- 8. Digital signatures • Another important application, which is similar to the message authentication application. • The operation of the digital signature is similar to that of the MAC. • In the case of the digital signature, the hash value of a message is encrypted with a user's private key. • Anyone who knows the user's public key can verify the integrity of the message that is associated with the digital signature. In this case an attacker who wishes to alter the message would need to know the user's private key. 8
- 9. Hash Functions & Digital Signatures 9 Digital signature+Authentication Digital signature+Authentication+Confidentiality
- 10. 10 • to create a one-way password file – store hash of password not actual password • for intrusion detection and virus detection – keep & check hash of files on system • pseudorandom function (PRF) or pseudorandom number generator (PRNG) Other Hash Function Uses
- 11. 11 Two Simple Hash Functions • consider two simple hash functions • bit-by-bit exclusive-OR (XOR) of every block – Ci = bi1 xor bi2 xor . . . xor bim – a longitudinal redundancy check – reasonably effective as data integrity check • one-bit circular shift on hash value – for each successive n-bit block • rotate current hash value to left by1bit and XOR block – good for data integrity but useless for security
- 13. 13 Hash Function Resistance Properties Required for Various Data Integrity Application
- 14. Attacks on Hash Functions 14 • Have brute-force attacks and cryptanalysis • a preimage or second preimage attack – find y s.t. H(y) equals a given hash value • collision resistance – find two messages x & y with same hash so H(x) = H(y) • hence value 2m/2 determines strength of hash code against brute-force attacks – 128-bits inadequate, 160-bits suspect
- 15. Hash Function Cryptanalysis 15 • cryptanalytic attacks exploit some property of alg so faster than exhaustive search • hash functions use iterative structure – process message in blocks (fixed length) • attacks focus on collisions in function f
- 16. 16 Secure Hash Algorithm (SHA) • SHA originally designed by the National Institute of Standards and Technology (NIST) in 1993. • based on design of MD4 • was revised in 1995 as SHA-1 • produces a hash value of 160 bits. • NIST produced three new versions of SHA, known as SHA-256, SHA-384, and SHA-512, these hash algorithms are known as SHA-2. • These new versions have the same structure and use the same types of arithmetic and logical operations as SHA-1 • hence analysis should be similar but security levels are rather higher
- 17. SHA Versions SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 Message digest size 160 224 256 384 512 Message size < 264 < 264 < 264 < 2128 < 2128 Block size 512 512 512 1024 1024 Word size 32 32 32 64 64 Number of steps 80 64 64 80 80 17
- 19. SHA-5 Logic 19
- 20. 20
- 21. SHA compression function • Step 4/ processing message in 1024-bit blocks • Heart of the algorithm • consists of 80 rounds – updating a 512-bit buffer – using a 64-bit value Wt derived from the current message block – and a round constant based on cube root of first 80 prime numbers 21
- 22. 22
- 23. SHA-512 Processing of a single 1024-Bits Block 23
- 24. 24 Elementary SHA-512 Operation (single round)
- 25. 25 • Let us look in more detail at the logic in each of the 80 steps of the processing of one 512-bit block .Each round is defined by the following set of equations:
- 26. 26
- 27. Creation of 80-word input sequence for SHA-512 processing of single block 27
- 28. 28 It remains to indicate how the 64-bit word values Wt are derived from the 1024-bit message. The first 16 values of Wt are taken directly from the 16 words of the current block. The remaining values are defined as:
- 29. 29 SHA-3 • SHA-1 not yet "broken” – but similar to broken MD5 & SHA-0 – so considered insecure • SHA-2 (esp. SHA-512) seems secure – shares same structure and mathematical operations as predecessors so have concern • NIST announced in 2007 a competition for the SHA-3 next gen NIST hash function
- 30. 30 • replace SHA-2 with SHA-3 in any use – so use same hash sizes • preserve the online nature of SHA-2 – so must process small blocks (512 / 1024 bits) • evaluation criteria – security – cost in time & memory – characteristics: such as flexibility & simplicity The basic requirements of SHA-3
- 31. 31