Академический Документы
Профессиональный Документы
Культура Документы
Outline
= ()
Attacks against Hash Function
Two Simple Hash Function
Consider two simple
insecure hash The input is viewed as a
sequence of n-bit blocks
functions that
The input is processed one block
operate using the at a time in an iterative fashion to
following general produce an n-bit hash function
principles:
Perform a one-bit
circular shift on the Has the effect of randomizing
the input more completely and
hash value after overcoming any regularities that
each block is appear in the input
processed
Outline
Requirements
for H(x) is relatively
Collision Cryptographic easy to compute for
It is computationally resistance
infeasible to find any Hash Function any given x, making
(strong Efficiency both software &
pair (x,y) such that H(x)
collision hardware
= H(y)
resistance) implementations
practical
Second
For any given block x, it preimage Preimage For any given hash h, it is
is computationally resistance resistance computationally
infeasible to find y x, (weak (one-way infeasible to find y such
with H(y) = H(x) collision property) that H(y) = h
resistance)
Relationship among Hash Function
Properties
Second Preimage
resistant
Preimage Collision
resistant resistant
Hash Function Resistance Properties
Required for Various Data Integrity
Applications
Second
Preimage Collision
preimage
Resistant resistant
resistant
Hash + Digital Signature Yes Yes Yes*
Intrusion and virus
Yes
detection
Hash + symmetric
encryption
One-way password Yes
Does not
depend on the
specific
algorithm, only
depends on bit
length
Brute-
force
Method is to Attack In the case of a
hash function,
pick values at
attack depends
random and try
only on the bit
each one until a
length of the
collision occurs
hash value
Attacks on Hash Functions
Seek to exploit
An attack based some property of
on weaknesses in the algorithm to
a particular Cryptanalysis perform some
cryptographic attack other than
algorithm an exhaustive
search
For a collision resistant attack, an adversary wishes to find two
messages or data blocks that yield the same hash function
Opponent generates a
Two sets of messages
fraudulent message y
are compared to find a
for which As signature
pair with the same hash
is desired
Outline